SecurityMetrics Blog

The 2021 Guide to PCI DSS Compliance Has Launched

The PCI Guide includes interactive and printable IT checklists for every requirement, stories and tips from our security analysts (QSAs), forensic...
View Post

SecurityMetrics' 2020 Guide to HIPAA Compliance Has Launched

2020 SecurityMetrics HIPAA Guide We create and publish our HIPAA Guide each year: to give healthcare IT and HIPAA leaders an up-to-date resource...

2021 Data Breach Forensic Predictions and What Happened...

The year 2020 was surprising in many ways and the digital forensics industry offered some surprises as well as some more predictable outcomes....

2020 Data Breach Predictions and What We Learned from...

2019 Data Breach Predictions and Findings Prediction: Large-scale social media attacks leading to massive personal data losses. Findings: We saw a...

Garmin Ransomware Attack: SOC Threat Analysis and 10...

The global pandemic has created more opportunities for ransomware threat actors to create mayhem and chaos across the threat landscape. If threat...

Top Cybersecurity Conferences 2020

Whether you’re a small business owner or the CISO at a large enterprise, finding good cybersecurity conferences is a necessary task to continue...

Where Did that Request Come From? CVE-2020-11682 (CSRF)

What is CSRF? Cross site request forgery, commonly referred to as CSRF (pronounced sea-surf), is an attack in which a user who is authenticated to...

Update: COVID-19 Cybersecurity and Threats

As plans to reopen economies move forward around the world, the entire cybersecurity industry–including the SecurityMetrics Security Operations...

Authorization Bypass: A Cautionary Tale CVE (2020-11679,...

Attackers: Known or Unknown? That is the question. Far too often I come across applications where developers have made every attempt to secure...

BlogEngine.NET Directory Traversal + Remote Code execution

A remote code execution (RCE) vulnerability, CVE-2019-10719, was discovered in BlogEngine 3.3.7 and earlier. Leveraging a path traversal in...

Something from Nothing; a Pentest Story

While performing an external network layer penetration test I encountered a host that presented a single page that was essentially blank...

CVE-2020-5497 - MITREid Connect Cross-site Scripting

MITREid Connect Cross-site Scripting Vulnerability: CVE-2020-5497 Here's the situation: I was performing a penetration test that integrated with...

What is Formjacking?

What is formjacking? Formjacking is a type of cyber attack where hackers inject malicious JavaScript code into a webpage form–most often a...

WiKID 2FA Enterprise Server Cross-Site Scripting

A stored and reflected cross-site scripting vulnerability, CVE-2019-17114, was identified on WiKID Systems 2FA Enterprise Server version...

WiKID Systems 2FA Enterprise Server CSRF

Multiple Cross-Site Request Forgery issues, CVE-2019-17118, were identified on WiKID Systems 2FA Enterprise Server through version 4.2.0-b2053....

Never have a false sense of security.

Talk to a specialist