PCI DSS Requirement 10.6 – Log Data Collection
As you likely know by now, the PCI DSS 3.0 standard went into effect on January 1, 2014. You have until January 1, 2015 to move to the new standard. While many of the changes in the PCI DSS 3.0 requirements are clarifications, there are several new requirements that...
Why is it Challenging to Tune a Web Application Firewall?
While a web application firewall (WAF) does bring some unique challenges, this blog helps you understand the issues and work to overcome them.
Cybersecurity is a Team Effort
The responsibility for cybersecurity is a heavy one. It has to be—a security breach can mean loss of valuable data, covert or overt control of a company’s system, serious financial loss, or even a temporary system shutdown. It makes sense, then, that the responsibility for cybersecurity falls on someone’s shoulders.
Using a Web Application Firewall (WAF) to Mitigate Denial of Service (DoS) Attacks
In simple terms, a denial of service (DoS) attack is an attack intended to make a resource unavailable to users. Historically intended to bring down services, resources and websites (e.g., In its early days, Twitter was a frequent target for DoS attacks), DoS attacks could become an increasingly pervasive part of our lives as our lives become more and more intertwined with technology.
JournalCTL Terminal Escape Injection
SystemD is an init control system being integrated into Linux flavors more and more. This system is made to largely overhaul SysV and upstart into a modern init system.
Shellshock Vulnerability: Impact, Analysis, and Protection
Stephane Chazelas, a security researcher, discovered an interesting bug in the Unix Bash (Bourne Again Shell) shell – known as “Shellshock” or “Bash Bug”.
POODLE – The man-in-the-middle attack on SSLv3
First it was Heartbleed, then Shellshock, now POODLE…while the names are intriguing, the focus of these security vulnerabilities is on how broad the exposure is, what is required to build the right protection, and how long the exposure may have been exploited for.
ISEO and Implications for Proactive Cybersecurity
On Friday at the White House Summit on Cybersecurity and Consumer Protection, President Barack Obama signed an Information Sharing Executive Order to promote cybersecurity information sharing in the private sector.
The History and Evolution of Cybercrime
There are — and always have been — many forms of cybercrime, all of which carry the common thread of commerce. As long as there has been commerce, there has been crime, both in the general sense as well as cybercrime specifically. Think of the highwaymen on the 17th-century roads in England, or the pirates hunting down and capturing Spanish Galleons and their precious cargos of gold.