On a roll over here! Check out this blog post Matthew Hier and I wrote as we discovered some vulnerabilities within XMPie, A Xerox Company software during an External Penetration Test. https://lnkd.in/ejAiDnmm
Matthew Schmidt’s Post
See other posts by Matthew
-
-
Report this postReport
Report
This is the perfect gift for that CISO in your life that hasn't yet read Frank Riccardi, JD, CHC 's book, "Mobilizing the C-Suite: Waging War Against Cyberattacks". https://lnkd.in/gwhU4ndw
Blindfolds For Your Legal Team | CISOtopia
cisotopia.com
To view or add a comment, sign in
-
-
Matthew Schmidt reposted this
-
Report this postReport
Report
Should companies eliminate routine password resets? Should special characters be dropped as a component of strong passwords? The password is 62 years old and going strong, yet these venerable password management policies are coming under fire. Cybersecurity researchers say forcing employees to reset their passwords every few months makes it more likely employees will merely tweak one character so the password is accepted by the system—instead of creating an entirely new password. Researchers also believe mandating special characters to create a strong password results in employees creating shorter passwords that are more easily guessable by cybercriminals. The sound of heads exploding means CISOs need a paradigm reset, as forcing employees to change their passwords and mandating special characters could yield a surprising and unintended outcome—weak, easily guessable passwords! Is this true, and if so, what do we do about it? Let’s take a deep breath. Obviously, companies must continue requiring strong passwords—but maybe implement long passphrases without special characters—and perhaps invest in a reputable password manager (that’s not LastPass). I’m not sure I’d give up on password resets just yet, but maybe factor in the potential for reset fatigue when setting the intervals? Crucially, companies should enable multifactor authentication (MFA) for their employees and customers—and MFA should be mandatory, not optional. Not enabling MFA for employees and customers is like tying one hand behind their back and hurling them into an MMA match with heavyweight champion Jon Jones. When companies render MFA optional, the cybercriminals win, and that’s a low blow. Of course, there is one alternative to these countermeasures—scribble down your passwords in a padlocked diary, secure it in a vault (a real one, not the LastPass kind), and pray. Please check out my article “Password Insecurity: Special Characters and Password Resets Are So Last Year” for additional insights. #informationsecurity #cybersecurity #hacking #privacy
Password Insecurity: Special Characters and Password Resets Are So Last Year
Frank Riccardi, JD, CHC on LinkedIn
To view or add a comment, sign in
-
-
-
Report this postReport
Report
Not only was it really cool being able to get a sneak preview of Frank Riccardi, JD, CHC 's new book, it is super cool having a mention in the acknowledgements. This was a fun opportunity and the book had many eye opening sections that even I couldn't believe sometimes!
To view or add a comment, sign in
-
-
-
Report this postReport
Report
Congratulations Frank Riccardi, JD, CHC on the release of your book! I had the honor of having a sneak peek and it was fantastic and insightful. I definitely recommend folks pick it up.
I quit my Chief Compliance & Privacy Officer job at the end of 2021 and took a therapeutic breather from my career after 25 years in healthcare compliance. Healthcare compliance is not only high-octane; it can be brutal—coding and billing screw-ups, anti-kickback misadventures, and quality of care debacles come out of left field to blindside worn-out, overextended compliance professionals. Not only does bad news come in threes, they usually drop in your lap at 4:59 pm on the day before a holiday—not fun! These incendiary compliance-bombs, though still treacherous, are no longer kings of the fraud and abuse jungle. They’ve been usurped by ransomware and data breaches—the new apex predators. That’s why I’m back on a new journey with a new mission: to empower people and companies with the cyber-savvy needed to repel cyberattacks. To defeat cybercriminals, companies must focus on the low-hanging fruits of cybersecurity. It’s all about the basics. Companies laid low by ransomware failed to practice good cyber hygiene by recklessly allowing weak or reused passwords, not turning on multifactor authentication, or neglecting to install patches to known software vulnerabilities. Adding insult to grievous injury, many companies failed to mitigate cyber doom by not encrypting their devices, not implementing a data backup plan, or the mother of all blunders, not training their workforce on basic cyber hygiene. Worse still, hidden risks abound for the unwary. A devastating cyberattack is just moments away when C-suite leaders close their eyes to the hazards of shadow IT, data offshoring, mobile devices, and social media. My book, “Mobilizing the C-suite: Waging War Against Cyberattacks,” was written to galvanize C-suite leaders into deploying the basic cybersecurity controls vital to defeating cyberattacks, and to support frontline cybersecurity professionals with companywide cyber hygiene training. Most importantly, the book was written to introduce real-world cybersecurity principles to college students—if our future generation of company leaders enter the C-suite with cyber-savvy, then destructive cyberattacks are not a foregone conclusion. Get the book at: https://lnkd.in/gQHkRMds #informationsecurity #cybersecurity #hacking
To view or add a comment, sign in
-
-
-
Report this postReport
Report
Noncompetes are a laughable tactic for weak companies to try and suppress the success of their employees while simulatenously damaging their reputation as a fair company for employees. Looking forward to seeing them become illegal. https://lnkd.in/gDpg39gY
FTC Proposes Rule to Ban Noncompete Clauses, Which Hurt Workers and Harm Competition
ftc.gov
To view or add a comment, sign in
-
-
-
Report this postReport
Report
Triaxiom Security is hiring! Come work with myself and some really smart folks and join our team :) https://lnkd.in/gJxS46hf
Penetration Tester - Charlotte, NC 28273 - Indeed.com
indeed.com
To view or add a comment, sign in
-
-
-
Report this postReport
Report
Very cool. Matthew Hier and I have our CVE's officially published and one of them got a 7.5/10! https://lnkd.in/exWS_8zE https://lnkd.in/e3Acax9K Triaxiom Security
You are viewing this page in an unauthorized frame window.
nvd.nist.gov
To view or add a comment, sign in
-
Report
Report
As our customers already appreciate, we are continually investing in the security of our platform. Most recently, uStore Version 14.1 included our latest security updates. Further details can be found here: https://bit.ly/uStoreNew