Accessibility Statement Skip Navigation
  • Why PRWeb
  • How It Works
  • Who Uses It
  • Pricing
  • Login
  • GDPR
  • Create a Free Account
Return to PRWeb homepage
  • News
  • Resources
  • Contact
When typing in this field, a list of search results will appear and be automatically updated as you type.

Searching for your content...

No results found. Please change your search terms and try again.
  • News in Focus
      • Browse News Releases

      • All News Releases
      • Multimedia Gallery

      • All Multimedia
      • All Photos
      • All Videos
  • Business & Money
      • Auto & Transportation

      • Aerospace, Defense
      • Air Freight
      • Airlines & Aviation
      • Automotive
      • Maritime & Shipbuilding
      • Railroads and Intermodal Transportation
      • Supply Chain/Logistics
      • Transportation, Trucking & Railroad
      • Travel
      • Trucking and Road Transportation
      • View All Auto & Transportation

      • Business Technology

      • Blockchain
      • Broadcast Tech
      • Computer & Electronics
      • Computer Hardware
      • Computer Software
      • Data Analytics
      • Electronic Commerce
      • Electronic Components
      • Electronic Design Automation
      • Financial Technology
      • High Tech Security
      • Internet Technology
      • Nanotechnology
      • Networks
      • Peripherals
      • Semiconductors
      • View All Business Technology

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Financial Services & Investing

      • Accounting News & Issues
      • Acquisitions, Mergers and Takeovers
      • Banking & Financial Services
      • Bankruptcy
      • Bond & Stock Ratings
      • Conference Call Announcements
      • Contracts
      • Cryptocurrency
      • Dividends
      • Earnings
      • Earnings Forecasts & Projections
      • Financing Agreements
      • Insurance
      • Investments Opinions
      • Joint Ventures
      • Mutual Funds
      • Private Placement
      • Real Estate
      • Restructuring & Recapitalization
      • Sales Reports
      • Shareholder Activism
      • Shareholder Meetings
      • Stock Offering
      • Stock Split
      • Venture Capital
      • View All Financial Services & Investing

      • General Business

      • Awards
      • Commercial Real Estate
      • Corporate Expansion
      • Earnings
      • Environmental, Social and Governance (ESG)
      • Human Resource & Workforce Management
      • Licensing
      • New Products & Services
      • Obituaries
      • Outsourcing Businesses
      • Overseas Real Estate (non-US)
      • Personnel Announcements
      • Real Estate Transactions
      • Residential Real Estate
      • Small Business Services
      • Socially Responsible Investing
      • Surveys, Polls and Research
      • Trade Show News
      • View All General Business

  • Science & Tech
      • Consumer Technology

      • Artificial Intelligence
      • Blockchain
      • Cloud Computing/Internet of Things
      • Computer Electronics
      • Computer Hardware
      • Computer Software
      • Consumer Electronics
      • Cryptocurrency
      • Data Analytics
      • Electronic Commerce
      • Electronic Gaming
      • Financial Technology
      • Mobile Entertainment
      • Multimedia & Internet
      • Peripherals
      • Social Media
      • STEM (Science, Tech, Engineering, Math)
      • Supply Chain/Logistics
      • Wireless Communications
      • View All Consumer Technology

      • Energy & Natural Resources

      • Alternative Energies
      • Chemical
      • Electrical Utilities
      • Gas
      • General Manufacturing
      • Mining
      • Mining & Metals
      • Oil & Energy
      • Oil and Gas Discoveries
      • Utilities
      • Water Utilities
      • View All Energy & Natural Resources

      • Environ­ment

      • Conservation & Recycling
      • Environmental Issues
      • Environmental Policy
      • Environmental Products & Services
      • Green Technology
      • Natural Disasters
      • View All Environ­ment

      • Heavy Industry & Manufacturing

      • Aerospace & Defense
      • Agriculture
      • Chemical
      • Construction & Building
      • General Manufacturing
      • HVAC (Heating, Ventilation and Air-Conditioning)
      • Machinery
      • Machine Tools, Metalworking and Metallurgy
      • Mining
      • Mining & Metals
      • Paper, Forest Products & Containers
      • Precious Metals
      • Textiles
      • Tobacco
      • View All Heavy Industry & Manufacturing

      • Telecomm­unications

      • Carriers and Services
      • Mobile Entertainment
      • Networks
      • Peripherals
      • Telecommunications Equipment
      • Telecommunications Industry
      • VoIP (Voice over Internet Protocol)
      • Wireless Communications
      • View All Telecomm­unications

  • Lifestyle & Health
      • Consumer Products & Retail

      • Animals & Pets
      • Beers, Wines and Spirits
      • Beverages
      • Bridal Services
      • Cannabis
      • Cosmetics and Personal Care
      • Fashion
      • Food & Beverages
      • Furniture and Furnishings
      • Home Improvement
      • Household, Consumer & Cosmetics
      • Household Products
      • Jewelry
      • Non-Alcoholic Beverages
      • Office Products
      • Organic Food
      • Product Recalls
      • Restaurants
      • Retail
      • Supermarkets
      • Toys
      • View All Consumer Products & Retail

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Health

      • Biometrics
      • Biotechnology
      • Clinical Trials & Medical Discoveries
      • Dentistry
      • FDA Approval
      • Fitness/Wellness
      • Health Care & Hospitals
      • Health Insurance
      • Infection Control
      • International Medical Approval
      • Medical Equipment
      • Medical Pharmaceuticals
      • Mental Health
      • Pharmaceuticals
      • Supplementary Medicine
      • View All Health

      • Sports

      • General Sports
      • Outdoors, Camping & Hiking
      • Sporting Events
      • Sports Equipment & Accessories
      • View All Sports

      • Travel

      • Amusement Parks and Tourist Attractions
      • Gambling & Casinos
      • Hotels and Resorts
      • Leisure & Tourism
      • Outdoors, Camping & Hiking
      • Passenger Aviation
      • Travel Industry
      • View All Travel

  • Policy & Public Interest
      • Policy & Public Interest

      • Advocacy Group Opinion
      • Animal Welfare
      • Congressional & Presidential Campaigns
      • Corporate Social Responsibility
      • Domestic Policy
      • Economic News, Trends, Analysis
      • Education
      • Environmental
      • European Government
      • FDA Approval
      • Federal and State Legislation
      • Federal Executive Branch & Agency
      • Foreign Policy & International Affairs
      • Homeland Security
      • Labor & Union
      • Legal Issues
      • Natural Disasters
      • Not For Profit
      • Patent Law
      • Public Safety
      • Trade Policy
      • U.S. State Policy
      • View All Policy & Public Interest

  • People & Culture
      • People & Culture

      • Aboriginal, First Nations & Native American
      • African American
      • Asian American
      • Children
      • Diversity, Equity & Inclusion
      • Hispanic
      • Lesbian, Gay & Bisexual
      • Men's Interest
      • People with Disabilities
      • Religion
      • Senior Citizens
      • Veterans
      • Women
      • View All People & Culture

  • Hamburger menu
  • Cision PRWeb provides efficient communication tools to continuously engage with target audiences across multiple online channels
  • Create a Free Account
    • ALL CONTACT INFO
    • Contact Us


      11AM ET Sunday – 8PM ET Friday

  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • News in Focus
    • Browse All News
    • Multimedia Gallery
  • Business & Money
    • Auto & Transportation
    • Business Technology
    • Entertain­ment & Media
    • Financial Services & Investing
    • General Business
  • Science & Tech
    • Consumer Technology
    • Energy & Natural Resources
    • Environ­ment
    • Heavy Industry & Manufacturing
    • Telecomm­unications
  • Lifestyle & Health
    • Consumer Products & Retail
    • Entertain­ment & Media
    • Health
    • Sports
    • Travel
  • Policy & Public Interest
  • People & Culture
    • People & Culture
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR

PCI-DSS 3.0 Brings New Penetrating Testing Requirements, Explains Rhino Security Labs
  • USA - English


News provided by

Rhino Security Labs

Dec 12, 2013, 16:00 ET

Share this article

Share toX

Share this article

Share toX

Rhino Security Labs
Rhino Security Labs

Seattle, WA (PRWEB) December 12, 2013 -- Rhino Security Labs, a leading authority in penetration testing services, realizes that the rollout of new PCI-DSS 3.0 requirements increases the responsibilities of business owners and management. With PCI standards being implemented to protect consumers, and rightfully so, it often adds to the workload of businesses to maintain compliance. Rhino Security Labs shares the latest vulnerabilities to assess as a result of PCI-DSS 3.0.

This type of attack is very possible, as we've done so multiple times during social engineering engagements.

Post this

The Payment Card Industry Data Security Standard (PCI-DSS) is a proprietary infosec standard for organizations that handle payment card information, including debit, credit, 'e-purse', and POS cards. It was founded by the Payment Card Industry Security Standards Council (PCI-SSC), which consists of the 5 major credit card companies around the world.

As a managed security service provider, Rhino Security Lab's penetration testing services will not just ensure you are PCI compliant, but they will identify and test for practical attacks that are outside PCI’s required scope. Rhino Security Labs does not simply provide "compliance checkbox" assessments. In addition to PCI penetration testing, they offer a range of managed security services for clients which require it.

New PCI-DSS penetration testing requirements and methodology for penetration testing includes the following:

  • Industry-accepted penetration testing approaches (for example, NIST SP800-115)
  • Testing to validate any segmentation and scope-reduction controls
  • Review and consideration of threats and vulnerabilities experienced in the last 12 months
  • Retention of penetration testing results and remediation activities results

These standards will take effect on January 1, 2014, but the PCI-SSC will allow vendors until January 1, 2015 to meet the new requirements.

Rhino Security Labs recognizes the inherent flaw of any standardized security standard is that no two company networks are identical. Automated scanning fails to uncover all security flaws, just as out-of-the-box security solutions often fail to cover all vulnerabilities. While becoming PCI compliant is highly recommended, it should not be the ultimate goal of your security policy.

For instance, PCI standards only apply to the enterprise networks that contain credit card data. Most companies have several segmented networks, separated by firewalls, to keep sensitive data inaccessible to non-authorized employees. However, Rhino Security Labs recommends testing from multiple internal networks to assess the firewall configurations and better protect against cross-network attacks.

Another attack vector PCI fails to cover is related to password reuse. Every security application needs to be configured, and thus requires authentication. While dual-factor authentication is becoming more popular with enterprises, servers and appliances are often overlooked during implementation. More alarmingly, studies suggest that up to 73% of users apply the same passwords to multiple accounts. Through social engineering, trojans, or common malware, a hacker can easily acquire the password of a system administrator, and try the reused password on the cardholder data environment (CDE), which is likely to be the same.

Rhino Security Labs' Principal Consultant, Benjamin Caudill, comments. "This type of attack is very possible, as we've done so multiple times during social engineering engagements." He continues. "After we've compromised an internal server and domain accounts, all we have to do is cross-check the discovered passwords with those in the CDE domain." In closing on this vulnerability, Benjamin adds the following: "Within a few hours, I'm administrating your CDE, and your entire credit card database is just sitting there waiting for me." While network pentesting is in scope for the CDE, there's no PCI requirement that addresses physical vulnerabilities. Social engineering testing and physical penetration testing are assessments that Rhino Security Labs frequently performs for companies. It is relatively straightforward to gain physical access to systems directly, bypassing all digital security measures in place. However, PCI does not require physical security, social engineering, or wireless penetration testing, leaving many vulnerabilities undiscovered.

Rhino Security Labs supports PCI penetration testing and compliance, but does not think security policy ends with compliance. PCI standards do nothing to address the issues mentioned above, nor do they encourage additional testing for overlooked vulnerabilities. Particularly for large organizations with data and reputation to lose, a dedicated, sophisticated attacker could find a compromise worth their time. For those companies, more robust penetration testing should be incorporated into compliance.

Rhino Security Labs offers vulnerability assessments for businesses across the globe. To schedule a consultation visit RhinoSecurityLabs.com or call 1-888-944-8679.

Benjamin Caudill, Rhino Security Labs, http://www.rhinosecuritylabs.com, +1 8889448679, [email protected]

Modal title

Contact PRWeb

  • 11AM ET Sunday – 8PM ET Friday
  • Contact Us

About PRWeb

  • About PRWeb
  • Partners
  • Partnership Programs
  • Editorial Guidelines
  • Resources

Why PRWeb

  • Why PRWeb
  • How It Works
  • Who Uses It
  • Pricing

Accounts

  • Create a Free Account
  • Log in
  • Contact Us

Do not sell or share my personal information:

  • Submit via [email protected] 
  • Call Privacy toll-free: 877-297-8921

Contact Cision

Products

About

My Services
  • All News Releases
  • Online Member Center
  • ProfNet
Cision Distribution Helpline
888-776-0942
  • Legal
  • Site Map
  • RSS
  • Cookie Settings
Copyright © 2025 Cision US Inc.