This blog is intended to help merchants understand the various roles in PCI compliance. Specifically, we are going to look at perhaps the most important role: the role of your acquiring bank. Simply put, your acquiring bank is the judge and jury when it comes to meeting PCI compliance. Let’s discuss. Who is My Acquiring […]
In light of COVID-19 and the toll it is taking on the business community, today we will discuss the types of remote security assessments that can be performed and some alternative tweaks to assessments to ensure your security program is still evaluated and working properly. Unfortunately with all of the chaos, attackers know that they […]
In today’s blog, we’ll be taking a look at Palo Alto Traps, how it compares to traditional signature-based endpoint security, and how Triaxiom fared against it during a recent engagement. Limitations of traditional endpoint security Every piece of malware has what’s known as a ‘digital signature’ (i.e. a digital footprint) and traditional antivirus (AV) products […]
This is officially blog number 300! Just to have some fun and learn a few lessons, let’s look at the movie ‘300’ and see if there are any lessons learned we can apply to information security. While this is more of a fun blog than anything else, there a few nuggets we can take away […]
Today’s security quick tip is brought to you by some API penetration tests I’ve completed over the past few weeks. One of the things I’ve noticed more and more as organizations are developing and implementing APIs as part of their overall application infrastructure is the presence of “greedy” or overly verbose JSON objects in HTTP […]
Back in September, we wrote a blog on the importance of using two separate accounts for administrators, one user-level and one administrative. If you haven’t read it yet, it does a great job of explaining why it is necessary and why it’s a security best practice. The lower-level user account should have limited permission and […]
Today we’re going to put a bow on our series covering different checklists for things you should be thinking about during each of the 5 primary phases of security incident response. We started with the identification phase and how to adequately capture information about a potential security incident to launch an investigation. We then covered […]
Continuing in our key security concept series, this blog will look at the CIA Triad. If you haven’t been following, check out the other blogs in this series on nonrepudiation and dual control. The CIA Triad is one of the most important concepts in information security, as it should drive the actions we take. This […]
Prior to stay at home orders from COVID-19, the 800 million active TikTok users (out of the over 1 billion subscribed users) spent an average of 52 minutes per day on the app. The average user on this social media platform is between the ages of 16-24, and with all these teens stuck at home […]
We are approaching the end of our series of blogs that touch on some important items that your organization should consider for each of the phases of the incident response process, including identification, eradication, and containment. This week we touch on the recovery process following an incident, once everything has been contained and eradicated. This […]
