Category: Security

What’s New in PCI DSS 4.0?

Get Ready for the 2024 PCI Compliance Update The new, stringent, PCI DSS 4.0 will replace PCI DSS version 3.2.1 on March 31, 2024. At that time, you will be required to be compliant with the new specifications. (Do not become confused by the March 31, 2025, date which is when the requirements labeled “best… Read more »

2022 Security Year in Review

What We Can Expect in 2023 Based on the Past Year’s Threat Landscape  As we gear up for the holidays and new year, it is that time of the year again to review this year’s security-related events and examine the themes for future security challenges we can expect in the coming year that may affect… Read more »

The Emotional Toll of Incident Response Events

Navigating the 5 Stages of Grief Following an Incident Response Event Are you a victim of a data breach and are you feeling signs of grief? You’re not alone. As an incident response professional, I have met many different types of corporate staff, from the IT staff to the C-suite. Unfortunately, it was probably on… Read more »

birds-eye view of a hacker on a laptop in the dark

Assessing Microsoft’s Social Engineering Attack

Breaking Down Microsoft’s Response to the Lapsus$ Gang’s Social Engineering Compromise Microsoft has done an excellent job in explaining the social engineering breach that originated against them from the Lapsus$ group. In their recent blog post, they detail the Lapsus$ attack and how access was obtained, as well as provide some decent recommendations to enhance… Read more »

PolicyKit Vulnerability Exposed After 12 Years: Why You Need to Patch Your Linux Today

Security company Qualys has uncovered a truly dangerous memory corruption vulnerability in polkit’s pkexec, CVE-2021-4034, dubbed “PwnKit”. Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It’s installed by default in every major Linux distribution, which means that tens of millions of devices are vulnerable to this easily-exploitable bug. What makes this flaw even… Read more »

A Look Ahead at the Security Threats Looming in 2022

What to Know, How to Prepare, and How We Got Here When 2021 began, everything from the pandemic to the economy felt uncertain. Security threats increased both as a result of those uncertainties and the ever-growing sophistication of the threat landscape.  In this post, we’ll review the events that created security threats in 2021 and… Read more »

The Colonial Pipeline Shutdown Demonstrates How Precarious Our Critical Infrastructure Security Really Is

Greater Security Must be Applied to all Operational Technology Systems The Colonial Pipeline shutdown, caused by a ransomware attack, highlights the precarious position of many critical infrastructures.  The effects of the pipeline cyber incident are widespread, as 45% of the U.S. East Coast relies on it for gasoline, diesel fuel and jet fuel. Several southern… Read more »