SecurityMetrics Blog

What is Formjacking?

What is formjacking? Formjacking is a type of cyber attack where hackers inject malicious JavaScript code into a webpage form–most often a...
View Post

Jen Stone: Principal Security Analyst

Jen Stone is a Principal Security Analyst for SecurityMetrics. In her 4 years at SecurityMetrics, she has completed over 80 security assessments...

What is Vulnerability Scanning?

What is Vulnerability Scanning? Vulnerability scanners are technically computer programs that search systems for weaknesses. Hackers can take...

What is Network Security?

Network security consists of the policies, procedures, programs, hardware, software, and people you use to protect your corporate network. Network...

What is a Managed Firewall and Do You Need One?

Qualified managed security service providers (MSSPs) typically provide a managed firewall service as a solution for firewall operation,...

Zyxel Devices Vulnerable to Cross-Site Scripting on Login page

A reflected Cross Scripting vulnerability, CVE-2019-9955, was identified on several Zyxel devices, specifically on pages that use the mp_idx...

5 Tips to Implement Security Awareness at Your Company

Whether you’re a CIO, the head of IT, or in a non-security-related position, if your data security practices are unclear, your company is at a...

How Much does GDPR Compliance Cost?

How much does GDPR compliance cost? The answer is more complicated than a basic dollar amount. There are many factors that will scale the cost of...

PCI Assessment FAQs

What is a PCI DSS Assessment? How do I get ready for a PCI Audit? We answer these questions and more about your PCI DSS Audit. After nearly two...

WiKID 2FA Enterprise Server Cross-Site Scripting

A stored and reflected cross-site scripting vulnerability, CVE-2019-17114, was identified on WiKID Systems 2FA Enterprise Server version...

WiKID Systems 2FA Enterprise Server CSRF

Multiple Cross-Site Request Forgery issues, CVE-2019-17118, were identified on WiKID Systems 2FA Enterprise Server through version 4.2.0-b2053....

Something from nothing; a Pentest story

While performing an external network layer penetration test I encountered a host that presented a single page that was essentially blank: <meta...

WiKID Systems 2FA Enterprise Server SQL injection

A SQL Injection vulnerability, CVE-2019-16917, was identified on WiKID Systems 2FA Enterprise Server through version 4.2.0-b2047. The uid and...

New (And Old) Apache Struts Flaw: CVE-2016-1000031

Apache Struts developers released another security announcement on November 5, 2018 -- two and a half months after their last big security...

HIPAA Compliance: Storage in the Cloud

HIPAA Compliance in “the cloud” Cloud data storage is a common and convenient option for healthcare organizations. According to Acumen Research...

Need help securing your business?

Request a quote!

We are excited to work with you.

*Required

Thank you!

Your request has been submitted.