22 min read
Installer Misconfigurations and Weak Folder Permissions: A Sage 300 Case Study
In modern cyberattacks, threat actors will often begin their attacks against enterprises by obtaining low-privileged access to a single system in the...
3 min read
Control Gap Vulnerability Roundup: July 1st to 8th
This week saw the publication of 330 new CVE IDs. Of those, 296 have not yet been assigned official CVSS scores, however, of the ones that were,...
15 min read
This Week's [in]Security - Issue 275
Welcome to This Week’s [in]Security. PCI and payments: Payments: Liability shift. New in breaches: China 1B PII, Airports, Marriott, 2022 so far. New...
4 min read
How to protect against username enumeration on log in, registration, and password reset forms
Username enumeration (sometimes called account enumeration) is when it is possible for a hacker to confirm whether a given username is valid for a...
19 min read
This Week's [in]Security - Issue 274
Welcome to This Week’s [in]Security. PCI updates: website, ASV, HSM, Card Production. Skimmers. New breaches: ethical hacker gone bad, AMD, guns, not...
18 min read
This Week's [in]Security - Issue 273
Welcome to This Week’s [in]Security. PCI and payments: HSM FAQs. DSSv4 DESV, Payment pages. Skimmers. New breaches: City of PII, Flagstar,...
17 min read
This Week's [in]Security - Issue 272
Welcome to This Week’s [in]Security. PCI and payments: PCI updates: MPoC RFC. Payments: chargebacks and friendly fraud. New breaches: credentials,...
15 min read
This Week's [in]Security - Issue 271
Welcome to This Week’s [in]Security. Non-Compliance Lesson, DSSv4 related, Skimmers, Other Payments. New breaches: 7 breachers per capita, Shields &...
2 min read
Non-Compliance Lesson No. 4: Keep your head in the cloud when adopting new technologies
PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.