I’ve always had a great love of all things wireless/RF for as long as I can remember. The ability to send frames/packets of data out into the world (the airwaves!) for anyone with the right equipment and looking at the right frequency to pluck them out and reconstruct them - amazing! I am still the proud owner of both ORiNOCO Gold and Silver PCMCIA cards, these two bad boys defined wireless hacking back in the early 2000’s.
This is the second article in our Application Security 101 mini-series. Read our first blog on how to configure HTTP response headers with security best practices. This time we’re going to discuss another misconfiguration that we often find during website penetration testing. This is not necessarily a ‘vulnerability’, however information disclosure via HTTP response headers can provide exact version information of the web server or web technologies in use on the underlying host.
The Gramm-Leach Bliley Act (GLBA or GLB Act), or financial modernization act, is a bi-partisan federal regulation passed in 1999 to modernize the financial industry. It repealed vast swathes of the Glass-Steagall Act of 1933 and the Bank Holding Act of 1956, allowing commercial banks to offer financial services such as investments or insurance. It also controls how financial institutions deal with their customer's private information.
It’s no secret that the U.S. power grid is one of the main foundations of the nation’s economy, infrastructure, and daily way of life. Now that almost everything is digitized, it is hinging on it even more. We wouldn’t be able to use even most vending machines (not to mention cell towers or the internet) without a working electrical supply, and the importance of keeping it safe cannot be understated. Thankfully, a lot of positive changes have already been made.
It’s a typical Monday morning. You’ve just brewed a comforting cup of tea and are about to dive into the weekend sales reports for your online store. As usual, business seems to be booming until a glaring anomaly catches your eye – an alarmingly high number of transaction reversals over the weekend. A sense of unease creeps in as you probe deeper, only to uncover a chilling truth. Your business has become the latest prey to an insidious form of fraud, chargeback fraud.
Picture a quaint, small town enveloped in the tranquility of a peaceful night. The only signs of life are flickering street lamps and the glow from the neighborhood automated teller machine (ATM). You spot someone approach the ATM, withdraw cash and walk away. It all looks so normal. What you don’t realize is that you have just witnessed a fraud attack, specifically, transaction reversal fraud (TRF).
In March 2022, the U.S. Securities and Exchange Commission (SEC) issued a proposed rule, the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, that, if adopted, would require companies to disclose their cybersecurity governance capabilities and the role of the board concerning oversight of cyber risk.
