Pentesting every 3 months for entities with more than 20k transactions annually for less than 20k transactions. Why do you need to pentest? Because things…
We are explaining a little more about pentesting and the service that we have (Sigma Scan) in tip of day. In News of day we…
“Do the right thing” = Philotimo PCI compliance best practices(from page 13 PCI DSS 3.0 doc): Monitoring of security controls—such as firewalls, intrusion-detection systems/intrusion-prevention systems…
http://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/ CNN story of 4.5 mil records of Community Health Systems – why would hackers want these records? Because the records have ss#, names and…
Here is one of the latest on http://fortune.com/2014/12/20/sony-pictures-entertainment-essay/ the Nork story. My Fixvirus Dec23 show video: Some of posts I discussed on the show: http://oversitesentry.com/cyberattack-lessons/ Here…
Is risk management philosophy as we know it good enough? What do we know in the current risk management philosophy? Categorize all systems and set…
Today’s show discusses News of day in the Threatpost blog about Coolreaper: A backdoor is when software runs a piece of code that you are not aware…
Threatpost blog post: http://threatpost.com/microsoft-recalls-patch-tuesday-exchange-update/109844 about the exchange server patch rollback (uninstall). The TipofDay is about PCI compliance – security policy must be created. some parts…
hacker process explained: Don’t get SVAPEC’d Criminal Hackers use this method: Scan-> Vulnerability Assessment –> Penetrate and Exploit –> Control = SVAPE&C You should do the SVA…
2nd show Fixvirus Security Show NewsofDay: POODLE(Padding Oracle On Downgraded Legacy) resurfaces – i.e. Not just the original issue https://www.openssl.org/~bodo/ssl-poodle.pdf – But the new one: https://www.imperialviolet.org/2014/12/08/poodleagain.html F5 has issued…