Not the patches you’re looking for

If a vulnerability scan identifies that a system is missing medium-risk vendor-supplied security patches, these patches must still be applied in order to be compliant with PCI DSS requirement 6.2, as described above. The fact that a vulnerability scan identified the issue and reported it as only a medium risk has no bearing as to […]

It’s still borked?

Neiman Marcus breach. Again. A long time ago*…… Waaay back, in 2013, high-end retailer Neiman Marcus was breached, resulting in a loss of data related to about 370,000 customers.  Well needless to say, those 370,000-ish customers weren’t happy and they launched a class action claiming that Neiman Marcus was accountable for the breach which resulted […]

What? It’s borked?

When on earth did that happen? Can you imagine that a reputable organisation would deploy a business-critical security service without first designing and testing it, and then reviewing it to ensure that it operated as expected?  Or, would you expect an organisation to allow a security service that was not well-designed, tested and regularly reviewed […]