15 min read
This Week's [in]Security - Issue 275
Welcome to This Week’s [in]Security. PCI and payments: Payments: Liability shift. New in breaches: China 1B PII, Airports, Marriott, 2022 so far. New...
4 min read
How to protect against username enumeration on log in, registration, and password reset forms
Username enumeration (sometimes called account enumeration) is when it is possible for a hacker to confirm whether a given username is valid for a...
19 min read
This Week's [in]Security - Issue 274
Welcome to This Week’s [in]Security. PCI updates: website, ASV, HSM, Card Production. Skimmers. New breaches: ethical hacker gone bad, AMD, guns, not...
18 min read
This Week's [in]Security - Issue 273
Welcome to This Week’s [in]Security. PCI and payments: HSM FAQs. DSSv4 DESV, Payment pages. Skimmers. New breaches: City of PII, Flagstar,...
17 min read
This Week's [in]Security - Issue 272
Welcome to This Week’s [in]Security. PCI and payments: PCI updates: MPoC RFC. Payments: chargebacks and friendly fraud. New breaches: credentials,...
15 min read
This Week's [in]Security - Issue 271
Welcome to This Week’s [in]Security. Non-Compliance Lesson, DSSv4 related, Skimmers, Other Payments. New breaches: 7 breachers per capita, Shields &...
2 min read
Non-Compliance Lesson No. 4: Keep your head in the cloud when adopting new technologies
PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.
14 min read
This Week's [in]Security - Issue 270
Welcome to This Week’s [in]Security. PCI and payments: Payments: New breaches: Pegasus Airlines, ACY Securities, Elasticsearch Buckets. New...
3 min read
“Follina” – Critical Zero-Day Exploit for Microsoft Products
Background Over the past holiday weekend, a tweet from Tokyo-based security researcher “nao_sec” first identified an interesting upload to antivirus...