Receiving a Scam Text… From My Own Phone Number
by Nicholas Foisy on March 30, 2022 at 5:00 PM
Throughout my years working in the IT security and compliance field I have had the opportunity to learn about dozens of different social engineering attack strategies that malicious actors will utilize to achieve their goals. This past weekend, I had the unique opportunity to witness …
It (Should) Be an MFA World, We Are Just Living in It
by Derek Boczenowski on March 24, 2022 at 3:15 PM
Last week I was working in front of my laptop (happily, for any Compass staff reading) when I got an incoming text message. It was from Verizon. They had received my service request and were working on it. It was quickly followed by another text saying I could check the status of my r …
Risk Management – Everyone Needs a Seat at the Table
by Donald Mills on March 17, 2022 at 1:00 PM
In the security world there’s a common saying that compliance isn’t security and security isn’t compliance. I believe what gets missed in this saying is the role proper risk assessments and risk management play in marrying up security and compliance.
Recommendations from CISA's Recent “Shields Up” Warning
by Jesse Roberts on March 10, 2022 at 2:00 PM
On February 26th, 2022, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued immediate Shields Up actions for organizations to take in response to the ongoing conflict with Russia. The basic guidelines are as follows:
Revisiting the Apache Log4j Vulnerability
by Danielle Corsa on March 3, 2022 at 1:00 PM
By now, most are aware of the Apache Log4j vulnerability that was announced in December of 2021. The exposure is widespread in Java applications, and I have been discovering that many companies are affected by it. Remediation is imperative to ensure that attackers do not exploit affec …
Password Complexity – Going Beyond the Minimum Requirements
by Peter Fellini on February 23, 2022 at 1:00 PM
As the frequency and scale of cyberattacks has risen sharply over the past decade, we as end users have been repeatedly asked (and often required) to increase the complexity of our passwords. Back when the internet was in its infancy, the idea of creating a complex and tough-to-guess …