Skip to the main content.
Contact
Contact

Blog

Be in touch with our latest news

3 min read

Control Gap Vulnerability Roundup: July 16th to 22nd

This week saw the publication of 579 new CVE IDs. Of those, 356 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 6% were of critical severity, 37% were high, 52% were medium, and 5% were low. Listed below are...

Read More >

14 min read

This Week's [in]Security - Issue 277

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: Compensating Controls vs Customized Approach. Skimmers, Scammers & Magecart. Payments: Cash. New breaches: Entrust, Twitter users, Okta, Alibaba. New Ransomware, Major outages: Rogers...

Read More >

4 min read

Control Gap Vulnerability Roundup: July 8th to 15th

This week saw the publication of 561 new CVE IDs. Of those, 441 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 26% were of critical severity, 34% were high, 40% were medium, and 0% were low. Listed below...

Read More >

16 min read

This Week's [in]Security - Issue 276

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: PAN Truncation, PIN Key Blocks. Skimmers: Hilton Garden. Payments: $20T. New breaches: Experian? New Ransomware: trends, decryptor. Major outages: Twitter, NJ Internet, Rogers (cont)...

Read More >

22 min read

Installer Misconfigurations and Weak Folder Permissions: A Sage 300 Case Study

In modern cyberattacks, threat actors will often begin their attacks against enterprises by obtaining low-privileged access to a single system in the internal IT environment through phishing, VPN access, or successful exploits against perimeter systems....

Read More >

3 min read

Control Gap Vulnerability Roundup: July 1st to 8th

This week saw the publication of 330 new CVE IDs. Of those, 296 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 21% were of critical severity, 48% were high, 31% were medium, and 0% were low. Listed below...

Read More >

15 min read

This Week's [in]Security - Issue 275

Welcome to This Week’s [in]Security. PCI and payments: Payments: Liability shift. New in breaches: China 1B PII, Airports, Marriott, 2022 so far. New in Ransomware: AstraLocker, Hive, Hospitals, Major outages: Canada Rogers Internet & phones. Follow-ups...

Read More >

4 min read

How to protect against username enumeration on log in, registration, and password reset forms

Username enumeration (sometimes called account enumeration) is when it is possible for a hacker to confirm whether a given username is valid for a system. If a malicious actor can gather valid usernames on a platform, they can then use brute force...

Read More >

19 min read

This Week's [in]Security - Issue 274

Welcome to This Week’s [in]Security. PCI updates: website, ASV, HSM, Card Production. Skimmers. New breaches: ethical hacker gone bad, AMD, guns, not me. New Ransomware: Unemployment, Kubernetes, Norway, Steel. Follow-ups. Privacy: SuperCookies, Google....

Read More >