Contextual Security Solutions Blog

INFORMATION EVOLVES

SECURITY & COMPLIANCE BLOG

Breach-Parse Basics

by Terence Martin | May 16, 2023 | Compliance, cybersecurity, penetration testing

Open source intelligence gathering, or OSINT, can be a threat to organizations because it can be used to gather information about their employees, assets, and vulnerabilities. This information can then be used to launch targeted scanning against discovered...

PCI DSS 3.2.1 to 4.0 Control Changes – Requirement 3

by Joshua Jones | Apr 18, 2023 | Compliance, cybersecurity, PCI DSS 4.0

Today, let’s look at some changes made to Requirement 3 for PCI DSS 4.0. I am also adding “Why does this matter?” sections at the end of each control change to hopefully shed light on why it's important. Requirement 3 Changes In Requirement 3, we will find an...

Responder – The Tool That Won’t Die

by Andrew Nash | Apr 4, 2023 | Compliance, cybersecurity, penetration testing

Overview One of the most common findings we make at Contextual Security Solutions during internal penetration tests is the presence of vulnerable network protocols, like Link-local Multicast Name Resolution (LLMNR), Web Proxy Auto-Discovery (WPAD)...

PCI DSS 3.2.1 to 4.0 Control Changes – Requirement 2

by Joshua Jones | Feb 16, 2023 | Compliance, cybersecurity, PCI DSS 4.0

Today, let’s look at changes made to Requirement 2 for PCI DSS 4.0. Requirement 2 Changes In Requirement 2, we will find our first PCI DSS new control for 4.0: In 3.2.1, roles were not necessary to be defined in 2.x controls. While role definition...

PCI DSS 3.2.1 to 4.0 Control Changes

by Joshua Jones | Oct 25, 2022 | Compliance, cybersecurity, PCI DSS 4.0

Now that you are looking at your timeline, you may be wondering how you can get from where you are now, a sage of PCI DSS 3.2.1, to where you will need to be by 2024. The PCI DSS 4.0 Summary of Changes Using the PCI DSS Summary of Changes document, you can...

Don’t Deploy Vulnerabilities

by Slade Griffin | Sep 6, 2022 | cybersecurity, penetration testing, Uncategorized

We are constantly updating and evolving our deliverables in an effort to provide more context around our security services. With that in mind we have been tracking some metrics since 2020 that allow us to see why organizations remain vulnerable to compromise. One of...

BloodHound Basics

by Andrew Nash | Aug 3, 2022 | cybersecurity, penetration testing, Uncategorized

“Hacking” isn't magic, but sometimes it is presented that way. Much of penetration testing and “hacking” is learning the tools of the trade and how they work "under the hood." In this series we hope to provide a high-level overview of common offensive tools, how they...

Exploiting the JMX Console (A slightly different path to compromise)

by Terence Martin | Jul 19, 2022 | cybersecurity, penetration testing

On a recent engagement, the client I was assessing had a relatively strong security posture. None of the old standby attacks were working. The client had disabled LLMNR and WPAD based on a previous security assessment, and all the client’s Windows machines were...

PCI DSS 4.0 Timeline

by Joshua Jones | Jul 8, 2022 | Compliance, PCI DSS 4.0

March 2022 forever changed the compliance landscape for all time. PCI DSS 4.0 was launched, the world was ushered into an era of bliss. Ok, seriously, bliss and compliance frameworks are, for most, not even in the same solar system. But, PCI DSS 4.0 is here and, for...

Intro to PCI DSS 4.0

by Brandon Polk | Jun 30, 2022 | Uncategorized

Does your organization do anything with credit cards? Chances are you must be Payment Card Industry (PCI) compliant in some form or fashion. PCI compliance touches financial institutions, merchants, hardware and software vendors, managed support vendors, and a variety...

« Older Entries