SecurityMetrics Blog

SecurityMetrics' 2020 Guide to HIPAA Compliance Has Launched

2020 SecurityMetrics HIPAA Guide We create and publish our HIPAA Guide each year: to give healthcare IT and HIPAA leaders an up-to-date resource...
View Post

Something from Nothing; a Pentest Story

While performing an external network layer penetration test I encountered a host that presented a single page that was essentially blank...

The 2021 Guide to PCI DSS Compliance Has Launched

The PCI Guide includes interactive and printable IT checklists for every requirement, stories and tips from our security analysts (QSAs), forensic...

Top Cybersecurity Conferences 2020

Whether you’re a small business owner or the CISO at a large enterprise, finding good cybersecurity conferences is a necessary task to continue...

Update: COVID-19 Cybersecurity and Threats

As plans to reopen economies move forward around the world, the entire cybersecurity industry–including the SecurityMetrics Security Operations...

What is Formjacking?

What is formjacking? Formjacking is a type of cyber attack where hackers inject malicious JavaScript code into a webpage form–most often a...

Where Did that Request Come From? CVE-2020-11682 (CSRF)

What is CSRF? Cross site request forgery, commonly referred to as CSRF (pronounced sea-surf), is an attack in which a user who is authenticated to...

WiKID 2FA Enterprise Server Cross-Site Scripting

A stored and reflected cross-site scripting vulnerability, CVE-2019-17114, was identified on WiKID Systems 2FA Enterprise Server version...

WiKID Systems 2FA Enterprise Server CSRF

Multiple Cross-Site Request Forgery issues, CVE-2019-17118, were identified on WiKID Systems 2FA Enterprise Server through version 4.2.0-b2053....

WiKID Systems 2FA Enterprise Server SQL injection

A SQL Injection vulnerability, CVE-2019-16917, was identified on WiKID Systems 2FA Enterprise Server through version 4.2.0-b2047. The uid and...

New (And Old) Apache Struts Flaw: CVE-2016-1000031

Apache Struts developers released another security announcement on November 5, 2018 -- two and a half months after their last big security...

Garmin Ransomware Attack: SOC Threat Analysis and 10...

The global pandemic has created more opportunities for ransomware threat actors to create mayhem and chaos across the threat landscape. If threat...

Ecommerce Security Trends from 2021

The results from Shopping Cart Inspect have been insightful into the current and future attack methods in ecommerce. Here are our Ecommerce...

2020 Data Breach Predictions and What We Learned from...

2019 Data Breach Predictions and Findings Prediction: Large-scale social media attacks leading to massive personal data losses. Findings: We saw a...

2021 Data Breach Forensic Predictions and What Happened...

The year 2020 was surprising in many ways and the digital forensics industry offered some surprises as well as some more predictable outcomes....

Never have a false sense of security.

Talk to a specialist