Collaborate Disseminate
There are differences between Internal Security Assessors and Qualified Security Assessors (QSA), as well as the assessments they’re able to validate. With these assessments, there are also particular levels of providers and merchants that require diff… Continue reading Can a PCI Internal Security Assessor validate level 1 merchants?
The vulnerability in Samba — as well as WannaCry ransomware — shows that every organization needs to apply appropriate patches and enforce configuration management in its systems to defend itself against security risks.These Linux and Windows systems… Continue reading How is the Samba vulnerability different from EternalBlue?
The WannaCry ransomware caused a panic in the security industry, and researchers Benjamin Deply, Adrien Guinet and Matt Suiche created a decryptor that might be able to retrieve encrypted files being held ransom by WannaCry.The WannaCry decryptor tools… Continue reading Could the WannaCry decryptor work on other ransomware strains?
Trust is a necessity in cybersecurity, and it’s one of the main reasons attackers continually try to exploit this emotion when assaulting networks.We put a lot of time and defensive effort into verifying that a particular party on the internet is who t… Continue reading How are hackers using Unicode domains for spoofing attacks?
With any DDoS attack, the best way to investigate it is to review the logs. Due to the sensitivity of the information submitted to the Federal Communications Commission (FCC) net neutrality site, and the ability for IP addresses to potentially increase… Continue reading Did DDoS attacks cause the FCC net neutrality site to go down?
In December 2016, Google released its project, dubbed OSS-Fuzz, as an open source tool to fuzz applications for security and stability concerns. The tool doesn’t scan every piece of open source software; in order to be accepted by OSS-Fuzz, an open sou… Continue reading How can OSS-Fuzz and other vulnerability scanners help developers?
Protecting passwords has always been a thorn in the side of security practitioners looking to secure their organizations. The call to kill passwords has been out there for years and, recently, Microsoft took a stab at it by limiting password use with n… Continue reading How does the Microsoft Authenticator application affect password use?
The United States Patent and Trademark Office (USPTO) recently had an issue switching from HTTP to HTTPS on its website, and had to temporarily revert back to HTTP during the process.In June of 2015, the U.S. government mandated that all publicly acces… Continue reading What are the challenges of migrating to HTTPS from HTTP?
Webroot Inc.’s issue happened on Apr. 24 between 1800 and 2100 Coordinated Universal Time, and it tagged particular Windows OS system files as part of the W32.Trojan.Gen. Once these files were tagged as malicious, they went into quarantine, and the sys… Continue reading How did Webroot’s antivirus signature update create false positives?