14 min read
This Week's [in]Security - Issue 277
Welcome to This Week’s [in]Security. PCI and payments: PCI updates: Compensating Controls vs Customized Approach. Skimmers, Scammers & Magecart....
4 min read
Control Gap Vulnerability Roundup: July 8th to 15th
This week saw the publication of 561 new CVE IDs. Of those, 441 have not yet been assigned official CVSS scores, however, of the ones that were,...
16 min read
This Week's [in]Security - Issue 276
Welcome to This Week’s [in]Security. PCI and payments: PCI updates: PAN Truncation, PIN Key Blocks. Skimmers: Hilton Garden. Payments: $20T. New...
22 min read
Installer Misconfigurations and Weak Folder Permissions: A Sage 300 Case Study
In modern cyberattacks, threat actors will often begin their attacks against enterprises by obtaining low-privileged access to a single system in the...
3 min read
Control Gap Vulnerability Roundup: July 1st to 8th
This week saw the publication of 330 new CVE IDs. Of those, 296 have not yet been assigned official CVSS scores, however, of the ones that were,...
15 min read
This Week's [in]Security - Issue 275
Welcome to This Week’s [in]Security. PCI and payments: Payments: Liability shift. New in breaches: China 1B PII, Airports, Marriott, 2022 so far. New...
4 min read
How to protect against username enumeration on log in, registration, and password reset forms
Username enumeration (sometimes called account enumeration) is when it is possible for a hacker to confirm whether a given username is valid for a...
19 min read
This Week's [in]Security - Issue 274
Welcome to This Week’s [in]Security. PCI updates: website, ASV, HSM, Card Production. Skimmers. New breaches: ethical hacker gone bad, AMD, guns, not...
18 min read
This Week's [in]Security - Issue 273
Welcome to This Week’s [in]Security. PCI and payments: HSM FAQs. DSSv4 DESV, Payment pages. Skimmers. New breaches: City of PII, Flagstar,...