Dangers of XSS Attacks at Healthcare Organizations

by Sarah Harvey / June 14, 2023

In October 2019, Citizen Times reported that Mission Health, North Carolina’s sixth-largest health system and HCA Healthcare’s North Carolina Division, had disclosed a data breach caused by a cross-site scripting (XSS) attack. Cross-site scripting (XSS) vulnerabilities rank among OWASP’s top 10 web application security risks. XXS occurs when a web application doesn’t properly sanitize user input and their input (such as malicious code) is either reflected or stored on the…

HITRUST Update: HITRUST CSF® v9.3 Release

by Sarah Harvey / December 15, 2022

HITRUST®, a the leader in information security and privacy risk management and compliance programs, has announced a much-anticipated update to the HITRUST CSF in an effort to remain one of the leading data protection standards. HITRUST CSF v9.3 adds new privacy and security standards and updates six others existing within the certifiable framework. These changes were made in response to the ever-shifting information security landscape that is consistently updated with…

Best Practices for Privilege Management in AWS

by Sarah Harvey / December 15, 2022

Could what happened at Capital One happen at your organization? That depends on your commitment to cloud security. This breach could happen to any organization that’s not educated on AWS vulnerabilities and best practices. We’ve talked about how security misconfigurations played a role in Capital One’s breach, but now let’s discuss how privilege management contributed to this successful hack. What Happened at Capital One with IAM Misconfigurations? According to Verizon’s…

Stages of Penetration Testing According to PTES

by Sarah Harvey / November 3, 2023

What is the Penetration Testing Execution Standard (PTES)? The Penetration Testing Execution Standard, or PTES, is a standard that was developed and continues to be enhanced by a group of information security experts from various industries. PTES provides a minimum baseline for what is required of a penetration test, expanding from initial communication between client and tester to what a report includes. The goal of PTES is to provide quality…

Think Like a Hacker: Common Vulnerabilities Found in Networks

by Sarah Harvey / February 20, 2023

What’s the Difference Between Internal and External Networks? Let’s face it: anything connected to the Internet is at risk of being compromised, which means that organizations like yours must understand the types of vulnerabilities in your internal and external networks that could be exploited by a malicious hacker. If you’re interested in learning about common ways your networks may be compromised by a malicious hacker, remediation tactics for mitigating threats…