If your business accepts credit cards, you’ve probably heard the term PCI or PCI DSS and whoever does the credit card processing for you (your merchant provider) probably has you fill out a form regularly to verify your compliance with PCI DSS. So, what is PCI DSS Compliance? What is the SAQ (Self Assessment Questionnaire) […]
Almost 20 million records exposed in breach affecting Quest and LabCorp
Executive Summary Financial, healthcare and other personal / private information is a treasure trove for criminals and the proliferation of online records (payment, healthcare, etc.) and data sharing between entities (e.g., web portals for accessing healthcare records, payment portals for both B2B and B2C payment processing, etc.) gives these criminals countless opportunities to find data […]
Is your organization meeting the PCI DSS v3.2 requirements for quarterly and annual testing?
What is PCI DSS? PCI DSS is the Payment Card Industry Data Security Standard. It is used to establish a security baseline for merchants who process, store or transmit payment card data. If you accept credit cards, PCI DSS applies to you. Are there consequences for failing to maintain PCI Compliance? The short answer is […]
How attackers are using Shodan.io and Hydra to spread ransomware for fun and profit
Ransomware is essentially malware that encrypts data and holds the key for ransom. Organizations that find themselves victims of ransomware are required to either pay the ransom (typically several thousands of dollars in the form of cryptocurrency, which can present it’s own challenges) lose their data or restore from backup (if they have one). For […]
The rise of personalized scams further underscores the importance of security awareness training
Does it seem like you’re receiving more really targeted scam telephone calls and emails lately? If so, it’s not your imagination and you’re not alone. As we lead more and more connected lives, posting more and more data to social media sites, organizations that we do business with and having our information traded by and […]
Security researcher finds millions of bank loan documents exposed on unprotected server
According to a TechCrunch article, an independent security researcher found a database exposed to the Internet with no password protection containing millions of banking and financial documents including mortgage and tax documents. The article does an excellent job of detailing the findings and the sources but there are a few important things that we can […]
Beware of redundant, state based “cyber crime” legislation
In Georgia, State Bill 315 was introduced in 2018 to criminalize unauthorized computer access. In addition to the two page bill being overly vague and open to interpretation, unauthorized access was already criminalized by the Computer Fraud and Abuse Act (CFAA), a federal law. The bill was quickly passed by the House and Senate and, […]
Your data is already stolen, now what?
I read an interesting article from Bruce Schnier today that was basically a commentary on an equally interesting article from Brian Krebs about the recently disclosed Marriott breach. I’ve linked both articles below but wanted to highlight a couple of key points. Accept that you are vulnerable (your data has been, and will continue to […]
Data protection for humans. What are the basics (and how can you protect your data with stuff you already have)?
I recently had a conversation about data protection, specifically protecting the confidentiality and integrity of sensitive data. Over the course of that conversation, realized that there is a LOT of confusion on the topic. How do we protect data? When does the data have to be protected? What constitutes protected? Ultimately, we discovered that the […]
The best place to get started on the red team?
The blue team.
The blue team.
One question that I get a lot, whether it’s from students, current or hopeful IT folks or just curious folks who wonder how one gets into this line of work, is “How do / can I get started hacking?” or “How do / can I get started on the red team?”. I’ve heard tons of […]