Dodge Data Breaches with Real-Time PCI Compliance
Aaron Reynolds, VP, Cyber Assurance – Payments, Coalfire
It’s been five years since the PCI Council released the first “Best Practices for Maintaining PCI DSS Compliance” guidance document in August 2014. Since then, many prominent payment data breaches have occurred, with the finger often pointing to lapses in the affected organization’s compliance program for the PCI DSS.
When Checking the Box Results in Two Zero Days and Root (CVE-2019-14257 and CVE-2019-14258)
Jakob Nelson, Associate, Coalfire Labs
Finding new bugs and exploiting them can be exciting and fun for a penetration tester. I was ecstatic to find my first two zero-days, and I used them to break a system from no access to root. This was a good day for me – but the story behind the story provides some real lessons enterprises can apply to their security programs.