A single VPN vulnerability exposed data across more than seventy financial institutions using Marquis Softwareβs infrastructure, showing how a one-time annual test can miss fast-changing real-world risk. The article argues that continuous testing is needed to catch issues like a third-party mortgage portal flaw that allowed cross-tenant data exposure and potential submission forgery before attackers exploit them. #MarquisSoftware #Mandiant #CrowdStrike #PCI_DSS #FFIEC #NYDFS #SprocketSecurity
Keypoints
- A VPN flaw in Marquis Softwareβs infrastructure led to breaches at more than seventy financial institutions.
- Annual penetration tests leave about 345 days of unvalidated operational change.
- Mandiant and CrowdStrike report longer dwell times and heavy targeting of financial services.
- PCI DSS, FFIEC, and NYDFS expect testing to respond to infrastructure changes, not just yearly cycles.
- Continuous external testing can uncover cross-tenant exposure and forgery risks that scanners may miss.