In the world of vulnerabilities, we have seen a few interesting ones released in the last couple of weeks since our last Farsight risk-based vulnerability management blog in June, including some recently discovered by Palo Alto affecting D-Link Routers. Read on for more information on how to prioritize these vulnerabilities for patching to mitigate risk.

How would you compare the Windows and macOS operating systems? In what ways are they similar? Why do they each take different approaches to solving the same problem? For the last 19 years I've developed security software for Windows. Recently, I’ve started implementing similar features on macOS. Since then, people have asked me questions like this. The more experience I gained on these two operating systems, the more I realized they’re very different.

The sharp increase in online shopping since the start of the COVID-19 outbreak has led to a significant rise in cyber-attacks on ecommerce websites and apps, making it imperative for retailers to stay alert to the latest risks.

Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks. Here’s our July 2020 roundup of compliance news from around the United States, and around the world.

A number of domain “forgeries” or tricky, translated look-alikes have been observed recently. These attack campaigns cleverly abuse International Domain Names (IDN) which, once translated into ASCII in a standard browser, result in the appearance of a corporate or organization name that allows the targeting of such organization’s domains for impersonation or hijacking. This attack has been researched and defined in past campaigns as an IDN homograph attack.

Cybersecurity is important because cybersecurity risk is increasing. Driven by global connectivity and usage of cloud services, like Amazon Web Services, to store sensitive data and personal information. Widespread poor configuration of cloud services paired with increasingly sophisticated cyber criminals means the risk that your organization suffers from a successful cyber attack or data breach is on the rise.

What are the brakes on a car designed to do? I have asked this question many times when speaking to customers or organizations who were dipping their toes into the audit space. Invariably, their answer was, “To stop the car.” At this point, I would then ask, “Then how do you get where you want to go?”

Organizations cannot afford to neglect their PCI compliance obligations. According to its website, PCI could punish offending organizations with a monetary penalty ranging in value from $5,000 to $100,000 per month. These fines could spell the end for a small business. Acknowledging those consequences, organizations need to make sure they’re PCI compliant. More than that, they must ensure they’re prepared for when auditors come knocking on their door.

Credential stuffing is one of the most common forms of online crime, it is the act of testing stolen passwords and usernames against website login forms, to validate the credentials for malicious reuse. Once a match is found, the attacker can easily commit various types of fraud. When credentials are stolen through a database breach, malware, or other means, they are kept for use in future attacks against many different targets.

ISO 27001 enables organizations of any size to manage the security of assets such as employee information, financial information, intellectual property, employee details, and third-party information. ISO 27001 is primarily known for providing requirements for an information security management system (ISMS) and is part of a much larger set of information security standards. An ISMS is a standards-based approach to managing sensitive information to make sure it stays secure.