NIST Cybersecurity Framework: A Quick Guide for SaaS Security Compliance

When I want to know the most recently published best practices in cyber security, I visit The National Institute of Standards and Technology NIST. From the latest password requirements NIST 800-63 to IoT security for manufacturers NISTIR 8259, NIST is always the starting point. NIST plays a key...

ISACA Moscow Vulnerability Management Meetup 2017

Last Thursday, I attended a very interesting event entirely dedicated to Vulnerability Management - open ISACA Moscow meetup. Me and my former colleague from Mail.Ru Group Dmitry Chernobaj presented there our joint report "Enterprise Vulnerability Management: fancy marketing brochures and the...

[SecureCheq v1.0] The Security Configuration Management made easy!

SecureCheq is a fast, simple utility for Windows servers and desktops that answers these questions while it tests for common configuration risks. This free utility: Tests for a subset of typical and often dangerous Windows configuration errors Provides detailed remediation and repair advice Tests...

SAS70 Needs to Die

By Andrew Storms Let’s be clear, SAS70 should be sentenced to a quick and painful death in the bottom of a giant pit protected by 20-foot thick concrete walls where it should be buried forever, along-side other IT criminals such as Windows ME and IE6. While SAS70 has its place in financial...

Palo Alto Network Vulnerability - Cross-Site Scripting

Palo Alto Network Vulnerability - Cross-Site Scripting Palo Alto Network Vulnerability - Cross-Site Scripting XSS ------------------------------ Class: Cross-Site Scripting XSS Vulnerability CVE: CVE-2010-0475 Remote: Yes Local: Yes Published: May 11, 2010 08:30AM Timeline:Submission to MITRE:...