REST APIs have allowed us to create modern web and mobile applications; By using the power of an API, we can open up the world of services – pulling in data and sharing information and oiling the wheels of the internet.But building an API-enabled service also means that you potentially open up your web or mobile application to cybercriminals.In the first nine months of 2019, 7.9 billion data...

Accepting credit card payments is an everyday task all small business owners and merchants must perform when conducting transactions. However, if you handle consumers’ credit card information, there are inherent data security risks to manage and mitigate.Security holes in your payment processing system can result in stolen client information or identity theft, and you’ll have to pay your bank a...

It seems many cybercriminals have begun to set their sights on Managed Service Providers (MSPs). In fact, 80% of MSPs say their organization has been targeted by ransomware.Not unlike the rest of us, cyber attackers want to work smarter, not harder. If they are able to successfully infiltrate one MSP’s network, they can potentially gain access to all of their clients’ systems as well. The more...

On one level, cybersecurity is all about electronics – securing machines, networks and so forth. But, even the most technologically advanced cyber attacks are driven by human motivation.Humans motivate cyberattacks, and humans also, often unknowingly, facilitate cyberattacks. People are essential to mounting a defence as well – as much as automated tools are a powerful barrier.It’s no surprise,...

As of January 14, 2020, Microsoft will discontinue Windows 7 support as planned for the operating systems’ End of Life (EOL). To some organizations, this operating system (OS) might seem like a distant memory. However, nearly 30% of the world’s computers – or more than 400 million - still run Windows 7 and are only now contemplating migration to Windows 10. Millions of users will be depending on...

Testing for behavior vs versionThe primary requirement for a Vulnerability Assessment solution is accurate testing. Ease of use and clear reports are important, but if accuracy isn’t there then little else matters. Poor accuracy in Vulnerability Assessment produces two kinds of testing error. Overlooking a vulnerability (a false negative) leaves a security flaw you don’t know about. Reporting a...

Why Vulnerability Management got a bad rapThe number of servers, desktops, laptops, phones and personal devices accessing network data is constantly growing. The number of applications in use grows nearly exponentially. And as known vulnerabilities grew in number, IT managers found that traditional vulnerability management tools could easily find more problems than could be fixed with their...

Vulnerability management (VM) can seem unmanageable at times. But the key to successful VM is working smarter rather than harder. If you approach VM intelligently and prioritize appropriately, you can keep the number of resulting tasks from spiraling out of control.As with any on-going security practice, there are countless ways you can botch VM. Often the devil is in the details as well as the...

What is Cyber Hygiene? Cyber Hygiene. While the term might evoke thoughts of disinfecting your computer keyboard, that’s not quite what it means. Cyber hygiene is generally defined as the steps that computer/device users take to maintain system health and data security. These steps involve widely accepted cyber security recommendations and risk mitigation measures that are modern, but not...

Vendor Credibility is KeyTrusted vendors can be invaluable business partners. However, vendor vetting and due diligence are crucial components to establishing partner credibility. Opening your network to an unscreened, unrestricted third party is the equivalent of unlocking the castle gates during a siege. Therefore, your organization must have a thorough vendor vetting process to ensure you are...

What Is CVSS?The common vulnerability scoring system (CVSS) is open and free to industry for evaluating the seriousness of the software security vulnerabilities and is used in vulnerability management software. CVSS gives scores to vulnerabilities per the seriousness of the threat. Scores are computed considering several metrics. Scores are given between 0-10, with most severe score being 10.First...

About CVE (Common Vulnerability Exposures/Enumeration)Common vulnerabilities and exposure gives common names to openly known security issues or vulnerabilities. The objective of CVE is to make it simpler to impart information over different databases and make available a common platform to evaluate security tools.What is a CVE scan?CVE depends on freely accessible data. For the duration of the...

Certified Information Systems Auditor (CISA)A CISA, or Certified Information Systems Auditor is someone that is certified to audit information systems (computers and networks) and the internal controls that a company has put around them to protect them from attack and subsequent compromise.What is a CISA Designation?The CISA designation is assigned to those individuals that have passed a rigorous...

Frequently Asked QuestionsWhat is SQL injection?What is SQL?How common are SQL injections?Am I at Risk for an SQL Injection Attack?What is SQL Injection?SQL injection is currently the most common form of website attack in that web forms are very common, often they are not coded properly and the hacking tools used to find weaknesses and take advantage of them are commonly available online. This...

What are Cyber Threats?A cyber threat is basically any type of threat that is computer related in nature. To be clear, a computer could be a desktop computer, a laptop, a tablet or even a smartphone. All of these devices have particular types of threats that they can be exposed to that users need to be aware of to ensure that they can protect themselves and their confidential information.Types...

What is IPSEC?In the world of VPNs, there are typically two types that an organization can choose from, IPSEC or OpenSSL. While many people have migrated to OpenSSL mode because of its new relative ease of deployment, there are still companies that deploy IPSEC-based VPNs because of the additional layers of security they provide that are not available in OpenSSL-based VPNs.Why Choose an IPSEC VPN...

Anti Malware – A New Type of ProtectionIn today’s world, everyone has heard of antivirus software. This is the same software that has been around for a decade or more that protects computers from infection from viruses and other types of malicious software.However, over the last few years the threat landscape has evolved to the point where having anti-virus software on your computer is not enough....

With the May 2019 Patch Tuesday release from Microsoft, it was revealed a number of older Microsoft operating systems are vulnerable to a condition known as BlueKeep (CVE-2019-0708). BlueKeep is a Remote Code Execution (RCE) flaw in Remote Desktop Services (RDS)/Remote Desktop Protocol (RDP) allowing code to run with system level access and is potentially “wormable” making it possible for an...

According to the Verizon Data Breach Investigations Report, published in November 2018, the #1 cause of a breach continues to be vulnerable systems left exposed and unpatched. Preventing the exploitation of vulnerabilities when using an effective solution is one of the few countermeasures that can pro-actively protect your infrastructure before an attack has even started as opposed to relying on...

What is Zeus Trojan?Today, there are more people online than ever before, with almost 300 million browsing the Internet in the United States alone.And while that offers numerous advantages, there are also risks – hackers and cybercriminals are always looking for ways to access people’s personal information and steal their money using malware and trojans.One of the most malicious and dangerous...