FEATURED BLOG
Securing the Supply Chain
Integrate security into every phase of the supply chain and software development to protect against evolving cyber threats in an increasingly connected world.
COVID-19 Vaccine and Research Scams
As we get closer to a vaccine, research participant scams are on the rise. Chief Strategist Matt Barnett spoke to NBC10 Responds about the tactics these fraudsters are using to solicit "research study candidates" and how to avoid becoming a victim.
Multifactor Authentication and You
Matt Barnett and Founder and CEO of Cyberblack, Brett Hodges, analyze the Colonial Pipeline attack in the weeks since the massive shutdown caused fuel prices to surge and incited panic buying across the country. This episode of the 7X Files digs into what we can learn from this attack and what can you do to ensure your organization isn’t the next victim.
So, You're Curious About ISO27001
Many organizations find themselves in a position where customers are asking for an independent certification of their organization’s controls. Sometimes they are given choices – SOC 2, HITRUST, or ISO27001. While you’ll hear these terms thrown around quite a bit, many US companies have much to learn about ISO27001.
Losing Sleep Over CMMC? Read This.
CMMC is causing quite a buzz and looks to be the information security industry's next ‘big thing’. Luckily, most of what is outlined in the CMMC are things most organizations should be doing already.
Source Code for Windows XP, 2003, and More Leaked
For almost 20 years, you thought it was a well-guarded secret... until now. 43GB of source code for many end-of-life Microsoft Operating Systems—including Windows and MS-DOS—have allegedly been made public through a compilation of torrent files. In this post, we'll look at the impact this may have on the current state of Window's security, what you need to know, how you may be affected, and what you can do about it.
Building Breach Resiliency Through Collaboration
Breach resiliency is centered around building processes to aggregate and action information quickly based on what systems, technologies, etc. you have in your environment. To be effectively resilient to a breach, you must collaboratively build a thorough understanding of your environment, your workflows, your processes, and, last but certainly not least, your specific threats.
![Back to [Virtual] School](https://images.squarespace-cdn.com/content/v1/63d816c703a5c515ce6d4cbb/1677530484106-MDJ1TYARHW0ZJ4OMVAXE/bts.jpeg)
Back to [Virtual] School
As students head back to school, the classroom looks quite a bit different. We spoke with Philadelphia's NBC Channel 10 News to provide virtual safety tips for students and parents. Have any specific security concerns? Parents can contact us via email at back2school@sevn-x.com at no cost.
Text Message Scams
Scammers are using text messages to increase the success of their campaigns in a tactic referred to as 'SMiShing' (phishing by SMS). Matt Barnett spoke with Harry Hairston at NBC10 Responds about the dangers of SMiShing and what to look out for.
PCI DSS - What it is and what it isn't
PCI is not easy. PCI is not a guarantee that you won’t be breached. And lastly, PCI is not optional if you store, process, or transmit payment card data.
Stay Steps Ahead With Assumed Breach Testing
The word 'assume' tends to have a bad reputation. After all, we’re taught from a young age what happens when you 'assume'; however, when it comes to security testing, the ‘Assumed Breach’ approach can be a great way to help your organization gain insight that further improves your defenses.
To SAST, or to DAST, That is the Question
New vulnerabilities are discovered, exploited, and then featured in the news on a daily-basis. Now, more than ever, securing our web applications, and the ways we develop them, is paramount.
Deconstructing The Pen Test
Penetration tests are an invaluable tool for organizations. However, they’re often confused, misused, and mean different things to different people.
Massive Account Takeover @Twitter
Twitter was compromised by malicious actors using advanced social engineering techniques to gain control over of some of the world's influential accounts. SEVN-X talks with NBC10 about the damage and what users should do to protect themselves.
Does Your Office Miss You?
Who's watching your office while everyone is working from home?
The Great Security Race
When it comes time to present assessment results, I’m often asked to benchmark the company being assessed against similar organizations. As someone who has built a career around assessing information security programs, I always find myself asking the same question: what’s the purpose of such a request?