Compass IT Compliance Blog

Karakurt Data Extortion Group – A New Approach to Ransomware

Karakurt Data Extortion Group – A New Approach to Ransomware

You may be growing tired of hearing the word “ransomware” by now, but this critical threat is unfortunately only continuing to grow at an exponential speed. The Verizon Business 2022 Data Breach Investigations Report (2022 DBIR) notes that ransomware breaches increased by thirteen per …

Read Story

Ignorance Is Not Bliss When It Comes to Security Assessments

Ignorance Is Not Bliss When It Comes to Security Assessments

It is no surprise that bad actors constantly seek to take advantage of current events and changing circumstances to exploit vulnerabilities and gaps in the security of organizations across a myriad of industry verticals and sizes.

Read Story

Bypassing Multi-Factor Authentication via Prompt Bombing

A woman logs into Facebook on her phone

It is the middle of the night, and you have finally fallen asleep, only to be awakened by the constant beeping of your phone. Bleary-eyed, you look at your phone to see it is prompting you to agree to log in on one of your accounts. You half wonder if you are dreaming and may instinct …

Read Story

A True Story and Yet Another Cyberattack Victim

A man types in his pin at an ATM

Cybercriminals can act alone, but increasingly we are witnessing cyber gangs (who operate like a small business and are also often referred to as ransomware gangs), with leaders, developers, system administrators, intrusion experts, data exfiltration experts, and monetary experts work …

Read Story

Weighing Your Multi-Factor Authentication Options

An old metal and wood scale

At this point most of us have heard that securing our accounts with only passwords, no matter how complex, is not enough. Do not get me wrong, requiring strong passwords (14 or more characters, composed of uppercase and lowercase letters, and including symbols and numbers) is essentia …

Read Story

PCI DSS v4.0 Released – What Changes Were Made?

A man holds a credit card while working on a laptop

On January 1st, 2019, the Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 came into effect replacing v3.2 which had been in place since October 31st, 2016. Many changes have occurred since January of 2019, one of which being the worldwide shut down in the first half of 2 …

Read Story

Subscribe by email