3 min read
This week saw the publication of 579 new CVE IDs. Of those, 356 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 6% were of critical severity, 37% were high, 52% were medium, and 5% were low. Listed below are...
14 min read
Welcome to This Week’s [in]Security. PCI and payments: PCI updates: Compensating Controls vs Customized Approach. Skimmers, Scammers & Magecart. Payments: Cash. New breaches: Entrust, Twitter users, Okta, Alibaba. New Ransomware, Major outages: Rogers...
4 min read
This week saw the publication of 561 new CVE IDs. Of those, 441 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 26% were of critical severity, 34% were high, 40% were medium, and 0% were low. Listed below...
16 min read
Welcome to This Week’s [in]Security. PCI and payments: PCI updates: PAN Truncation, PIN Key Blocks. Skimmers: Hilton Garden. Payments: $20T. New breaches: Experian? New Ransomware: trends, decryptor. Major outages: Twitter, NJ Internet, Rogers (cont)...
22 min read
In modern cyberattacks, threat actors will often begin their attacks against enterprises by obtaining low-privileged access to a single system in the internal IT environment through phishing, VPN access, or successful exploits against perimeter systems....
3 min read
This week saw the publication of 330 new CVE IDs. Of those, 296 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 21% were of critical severity, 48% were high, 31% were medium, and 0% were low. Listed below...
15 min read
Welcome to This Week’s [in]Security. PCI and payments: Payments: Liability shift. New in breaches: China 1B PII, Airports, Marriott, 2022 so far. New in Ransomware: AstraLocker, Hive, Hospitals, Major outages: Canada Rogers Internet & phones. Follow-ups...
4 min read
Username enumeration (sometimes called account enumeration) is when it is possible for a hacker to confirm whether a given username is valid for a system. If a malicious actor can gather valid usernames on a platform, they can then use brute force...
19 min read
Welcome to This Week’s [in]Security. PCI updates: website, ASV, HSM, Card Production. Skimmers. New breaches: ethical hacker gone bad, AMD, guns, not me. New Ransomware: Unemployment, Kubernetes, Norway, Steel. Follow-ups. Privacy: SuperCookies, Google....
