If you watched Zuck testify in Congress in early April 2018, you could feel the nation’s mindset around security and data privacy shifting in a positive direction. The people not in the security community learned that even when they think they’re protecting their data, they’re not. They might be asking themselves, what can I do to protect my data online? Delete my Facebook? Throw my cell phone into the abyss? Close my bank account? Then, you realize, we’d be lost without these life lines.
In this blog post, we will cover the vulnerability scan requirements for Payment Card Industry Data Security Standard (PCI DSS). The adoption of these requirements helps ensure that your environment is not only compliant with PCI regulations, but also meets best security practices. This vulnerability data can also help provide a deeper understanding of your environment and where time and attention needs to be spent.
One of the best ways to reduce risk quickly is to identify and remediate vulnerabilities across your network devices. And a vulnerability scanner can be a terrific way to seek out vulnerabilities lurking in your infrastructure. But how do you create a plan to scan your network devices regularly as new vulnerabilities continue to emerge, and what do you do with the scan results? A vulnerability scanner can be a great tool when you take the time to use it to its fullest. But all too often this type of software goes unused or underused because time isn’t easy to come by in most security organizations.
If you’ve been paying attention to cybersecurity, it’s very likely you’ve seen news regarding Github’s survival of the largest DDOS attack recorded in history. Clocking in at 1.3 TBPS (terabytes per second) it’s impressive that their network didn’t tank. This is in part due to the services of Akamai who was able to successfully proxy and scrub the network traffic.
This week, Cygilant announced its latest service available via the SOCVue Security Operations and Analytics Platform – Unified Vulnerability and Patch Management. Why is this unique and why is it important?
It’s been a busy week for information security in the retail and hospitality sector. Earlier last week, InterContinental Hotels Group (IHG) acknowledged a credit card data breach that impacted more than a dozen properties across their hotel brands spanning the United States and the Caribbean. Similarly, fast food chain Arby’s disclosed on Friday that it had recently remediated a breach of data on up to 1,000 of their corporate-owned locations.
Businesses must take IT security seriously because their financial future depends on it. IT security is a broad topic that covers a range of different fields.
Here we'll discuss common vulnerabilities and why companies must ensure their operational systems are well-protected from cybercriminals.
"Interjection vulnerabilities are one of the most common and oldest web application vulnerabilities."
1. Injection vulnerabilities
Interjection vulnerabilities, such as cross-site scripting and CRLF injection, are one of the most common and oldest web application vulnerabilities because it's easy for cybercriminals to access and affect (or infect) them.
When it comes to cybersecurity, companies today typically have three options:
- Do nothing or the bare minimum, and hope that cyber attackers don’t find you.
- Keep your current cybersecurity posture as is, without consistent updating or monitoring (and hope cyber attackers don’t find you!).
- Consider EiQ’s hybrid security as a service to identify threats and vulnerabilities, mitigate risk, and achieve compliance.
Let’s look at each of these options.
Last week, it was reported by SiliconBeat that NASA’s CIO, Renee Wynn, had allowed an Authority to Operate (ATO) for a key network to expire because the network in question had over 15,000 critical vulnerabilities that had not been properly patched. The move was apparently intended to hold the contractor in charge of maintenance of the devices accountable for their contractual obligations by bringing visibility to the situation.