As I discussed in the first blog in this series, the purpose of this series is to guide you on your journey up the Vulnerability Management Mountain (VMM). Like climbing a mountain, there is a lot of planning and work required, but when you get to the top, the view is amazing and well worth the journey. For the first phase, let’s start by planning the trip up Vulnerability Mountain. When you get ready to climb a mountain, you need gear, and you need to know what to ask for at the store.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. And Magecart is back…. In a big way too. Need to watch out even if you don’t have Magento as their new approach could just leave the dodgy JS all over the place.

We have written about Content Security Policy (CSP) on Detectify Labs before. But maybe you’re wondering why should you have it on your site to begin with? This article will explain why having one can prevent header exploits with attributes and common bypasses. CSP is a response header that instructs the web browser from what sources it is allowed to include and execute resources from.

Apple has chosen to temporarily disable a key feature of the Apple Watch after a critical vulnerability was discovered that could allow someone to eavesdrop on another person without their knowledge. The Apple Watch feature at the heart of the problem is Apple’s Walkie-Talkie app which allows users to “push to talk” with other Apple Watch owners via a real-time voice message, rather than having to make a call or laboriously type a text message.

Workplace productivity is directly related to company profitability. Employers are seeking more and more ways to cut waste – including wasteful activities that eat into productivity. Many companies would immediately agree that playing video games, spending excessive time on social media and streaming videos are blatant violations of workplace acceptable use policies.

A PCI audit examines the security of your organization’s credit-card processing system from beginning to end. During this process, a Qualified Security Assessor (QSA) or your own Internal Security Assessor will determine the effectiveness of your organization’s information security controls.

Being proactive is the key to staying safe online, especially for businesses and organizations that operate websites and mobile applications. If you wait for threats to appear, then in most cases it is too late to defend against them. Many data breaches come about this way, with hackers uncovering security gaps that had gone previously undetected. The average web developer wants to assume that their code and projects will always function in the intended manner.

Identity verification is the first and significant part of any business transaction. Traditionally, businesses have been relying on tacit agreements and physical copies of Government approved identity documents for stakeholder identification and verification. As the world gets smaller, thanks to digitisation and technological advancements, businesses are presented with a wonderful opportunity of interacting and transacting with individuals in any corner of the world.

When you are thinking about a very special holiday gift for your kid, one of the first things that spring to mind is a smartphone, tablet or laptop. It’s common knowledge that these devices aren’t very useful unless connected to the Internet. But how do you make sure your children are on the safe side when they go online? According to studies, kids spend more than nine hours a day surfing the web. That’s a lot of time, isn’t it?

In regard to rising trends and forms of attacks, a growing number of organizations opt for SIEM solutions so that they can provide a proactive measure for threat management and also acquire a detailed and centralized view of the overall security measures of their organization. Since SIEM is the foundation of a security infrastructure, there are large varieties of SIEM use cases.