PCI DSS assessments, also called PCI audits, may seem daunting for you and your business. But, we’ve broken down the process into 5 steps to help you understand what the process will be like and how you can better optimize your time.
Did you know that protected Health Information (PHI) is extremely valuable to hackers, even more so than credit card data?
Learn how PCI compliance in the cloud affects your organization. "The cloud" brings up an idea of something mysterious and far away, but in reality, “the cloud” is a third-party-managed physical server.
Here are 5 Blogs to Help You Survive PCI DSS and Prevent Security Breaches This Year. We cover formjacking, penetration tests, PCI DSS checklists, PCI DSS audits, as well as preparing for incident response.
We create and publish our HIPAA Guide each year: to give healthcare IT and HIPAA leaders an up-to-date resource to direct and focus their HIPAA compliance efforts to the areas that are quick and impactful.
Like other privacy laws, CCPA includes some basic tenets of data protection as well as provisions to notify data subjects about the uses of their data, like who is going to see their data and when.
To address some of the most common questions we receive about PCI assessments, we sat down with Lee Pierce, a PCI assessment expert with over 15 years in the industry.
A stored and reflected cross-site scripting vulnerability, CVE-2019-17114, was identified on WiKID Systems 2FA Enterprise Server version 4.2.0-b2047 and earlier.
A SQL Injection vulnerability, CVE-2019-16917, was identified on WiKID Systems 2FA Enterprise Server through version 4.2.0-b2047.
Multiple Cross-Site Request Forgery issues, CVE-2019-17118, were identified on WiKID Systems 2FA Enterprise Server through version 4.2.0-b2053.
While performing an external network layer penetration test I encountered a host that presented a single page that was essentially blank...
HIPAA Compliance in “the cloud” Cloud data storage is a common and convenient option for healthcare organizations.
Jen Stone is a Principal Security Analyst for SecurityMetrics. In her 4 years at SecurityMetrics, she has completed over 100 security assessments that include PCI, HIPAA, CIC CSC (SANS Top 20) and 23 NYCRR 500.
Matt Halbleib holds QSA (Qualified Security Assessor), PA-QSA (Payment Application Qualified Security Assessor), and CISSP (Certified Information Systems Security Professional) security certifications and as a qualified assessor for the Payment Card Industry, has completed over 100 PCI DSS, PA-DSS and P2PE security assessments.
The difference: HITRUST vs. HIPAA HITRUST is a compliance framework created by a private alliance of security industry experts and includes many aspects of HIPAA Security and Privacy Rules.
Formjacking is a type of cyber attack where hackers inject malicious JavaScript code into a webpage form–most often a payment page form.
A directory traversal, CVE-2019-10717, was identified on BlogEngine.NET applications versions 3.3.7 and earlier through the /api/filemanager endpoint.
Card data discovery tools help businesses find unencrypted card data and other sensitive information on systems and devices.
An Out-of-band XML External Entity attack, CVE-2019-10718, exists on BlogEngine.NET versions 3.3.7 and earlier through the /pingback.axd endpoint.
A remote code execution (RCE) vulnerability, CVE-2019-10719, was discovered in BlogEngine 3.3.7 and earlier.
What is HITRUST? HITRUST stands for the Health Information Trust Alliance. It was founded in 2007 and uses the “HITRUST approach” to help organizations from all sectors–but especially healthcare–effectively manage data, information risk, and compliance.
A reflected Cross Scripting vulnerability, CVE-2019-9955, was identified on several Zyxel devices, specifically on pages that use the mp_idx parameter.
Compliance with any mandate takes time and planning. But, thousands of customers and readers use PCI Compliance Guide to make the PCI compliance process faster and simpler, as well as better maintain compliance.
What is Vulnerability Scanning? Vulnerability scanners are computer programs that search systems for weaknesses.
.svg)
