π Major vulnerability found in Android ES File Explorer app π
π Read
via "Security on TechRepublic".
Popular application ES File Explorer for Android has a significant vulnerability, putting your data at risk. Learn what's involved and how to remediate the threat.π Read
via "Security on TechRepublic".
TechRepublic
Major vulnerability found in Android ES File Explorer app | TechRepublic
Popular application ES File Explorer for Android has a significant vulnerability, putting your data at risk. Learn what's involved and how to remediate the threat.
β Threatpost News Wrap Podcast For Jan. 25 β
π Read
via "Threatpost | The first stop for security news".
From a massive GDPR fine on a big tech company, to an emergency government security alert, here are the top security stories of the week.π Read
via "Threatpost | The first stop for security news".
Threat Post
Threatpost News Wrap Podcast For Jan. 25
From a massive GDPR fine on a big tech company, to an emergency government security alert, here are the top security stories of the week.
π 5 ways to enforce company security π
π Read
via "Security on TechRepublic".
There are several actions companies can take to improve overall employee awareness about security. View the top five below.π Read
via "Security on TechRepublic".
TechRepublic
5 ways to enforce company security
There are several actions companies can take to improve overall employee awareness about security. View the top five below.
β LabKey Vulnerabilities Threaten Medical Research Data β
π Read
via "Threatpost | The first stop for security news".
LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible.π Read
via "Threatpost | The first stop for security news".
Threat Post
LabKey Vulnerabilities Threaten Medical Research Data
LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible.
π΄ Internet Society to Issue Privacy Code of Conduct π΄
π Read
via "Dark Reading: ".
Security pros know all too well that following basic privacy guidelines can cut down on human errors that can lead to serious security breaches.π Read
via "Dark Reading: ".
Darkreading
Internet Society to Issue Privacy Code of Conduct
Security pros know all too well that following basic privacy guidelines can cut down on human errors that can lead to serious security breaches.
β Monday review β the hot 24 stories of the week β
π Read
via "Naked Security".
From the US gov's emergency directive to the 10 Year Challenge, and everything in between. It's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 24 stories of the week
From the US govβs emergency directive to the 10 Year Challenge, and everything in between. Itβs weekly roundup time.
β YouTube subscribers getting spammed by celebrity imposters β
π Read
via "Naked Security".
YouTube personality Philip DeFranco warned that the messages pretending to be from him and other top influencers are scams.π Read
via "Naked Security".
Naked Security
YouTube subscribers getting spammed by celebrity imposters
YouTube personality Philip DeFranco warned that the messages pretending to be from him and other top influencers are scams.
β Even Microsoft canβt escape βreply allβ email storms β
π Read
via "Naked Security".
Of all the calamities that befall email users, few are more dreaded than the βreply allβ storm.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Twitter scammers jump in on real-time complaints to companies β
π Read
via "Naked Security".
βHi there,β said the polite (and fake) help desk, leading to a back-and-forth between a lying scammer and a lying security analyst.π Read
via "Naked Security".
Naked Security
Twitter scammers jump in on real-time complaints to companies
βHi there,β said the polite (and fake) help desk, leading to a back-and-forth between a lying scammer and a lying security analyst.
β BGP secure routing experiment ends in online row β
π Read
via "Naked Security".
An experiment to make the internet safer ended up breaking parts of it last week.π Read
via "Naked Security".
Naked Security
BGP secure routing experiment ends in online row
An experiment to make the internet safer ended up breaking parts of it last week.
β How to protect yourself this Data Privacy Day β
π Read
via "Naked Security".
Today is Data Privacy Day. We asked around at Sophos for some tips from people that live security day in and day out.π Read
via "Naked Security".
Naked Security
How to protect yourself this Data Privacy Day
Today is Data Privacy Day. We asked around at Sophos for some tips from people that live security day in and day out.
β How my Instagram account got hacked β
π Read
via "Naked Security".
After years of embarrassment, I'm finally ready to admit how and why my Instagram account got hacked.π Read
via "Naked Security".
Naked Security
How my Instagram account got hacked
After years of embarrassment, Iβm finally ready to admit how and why my Instagram account got hacked.
β WordPress Users Urged to Delete Zero-Day-Ridden Plugin β
π Read
via "Threatpost | The first stop for security news".
The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.π Read
via "Threatpost | The first stop for security news".
Threat Post
WordPress Users Urged to Delete Zero-Day-Ridden Plugin
The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.
π΄ 3 Ways Companies Mess Up GDPR Compliance the Most π΄
π Read
via "Dark Reading: ".
The best way to conform to the EU's new privacy regulation is to assume that you don't need to hold on to personal data, versus the opposite.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution β
π Read
via "Threatpost | The first stop for security news".
Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution.π Read
via "Threatpost | The first stop for security news".
Threat Post
Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution
Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution.
π How to use SSH through a Linux Jump Host π
π Read
via "Security on TechRepublic".
Jack Wallen shows you how you can use SSH to proxy through a jump host from one machine to another.π Read
via "Security on TechRepublic".
β Dailymotion Fights Ongoing Credential-Stuffing Attack β
π Read
via "Threatpost | The first stop for security news".
The YouTube competitor said that it was hopeful that it's containing the damage.π Read
via "Threatpost | The first stop for security news".
Threat Post
Dailymotion Fights Ongoing Credential-Stuffing Attack
The YouTube competitor said that it was hopeful that it's containing the damage.
π The Japanese government plans to hack into unsecured IoT devices. Will it work? π
π Read
via "Security on TechRepublic".
Ahead of the 2020 Tokyo Olympic Games, the Japanese government is planning to access unsecured Internet of Things devices to identify users and request they change their passwords.π Read
via "Security on TechRepublic".
TechRepublic
The Japanese government plans to hack into unsecured IoT devices. Will it work?
Ahead of the 2020 Tokyo Olympic Games, the Japanese government is planning to access unsecured Internet of Things devices to identify users and request they change their passwords.
β 2019 and Beyond: The (Expanded) RSAC Advisory Board Weighs in on Whatβs Next β
π Read
via "Threatpost | The first stop for security news".
Forward-thinking predictions for the year ahead from some of the cybersecurity industryβs wisest minds.π Read
via "Threatpost | The first stop for security news".
Threat Post
2019 and Beyond: The (Expanded) RSAC Advisory Board Weighs in on Whatβs Next
Forward-thinking predictions for the year ahead from some of the cybersecurity industryβs wisest minds.
🕳 HIPAA Compliance β Privacy Challenges and Solutions 🕳
<code>Media</code><code>For those of you who are not familiar with the Health Insurance Portability and Accountability Act (HIPAA), it was passed in 1996 and has become the foundational data protection standard in the U.S. for the healthcare industry. If you are deciding if HIPAA applies to you, you might consider that while HIPAA does not apply to all healthcare entities, it does apply to:</code><code>Covered entities β Health plans, health care clearinghouses (i.e., billing services) and any health care providers that engage in electronic payment for healthcare</code><code>Business associates β Vendors to covered entities that have access to protected health information β PHI (i.e., law firms, software providers, etc.) </code><code>Additionally, fines for violating HIPAA are severe β from $100 to $50,000 per violation with a maximum penalty of $1.5 million per year for each violation.</code><code> </code><code>Challenges to Complying with HIPAA</code><code>Some of the challenges clients we work with face in complying with HIPAA include:</code><code>Fitting new Technology into Older Laws. HIPAA was adopted in 1996, over 20 years ago, before there were even smartphones! Companies trying to build technology to older standards often face challenges in identifying how to address PHI and what safeguards are needed (i.e., where and when to encrypt). </code><code>Risk Assessments. Companies must consider both regular risk assessments as required by HIPAA and risk assessments related to new or changing processes/projects.</code><code>Vendor Oversight. As a covered entity, a company needs to do proper due diligence over the life of the relationship with a vendor. The right agreements must also be in place to ensure that critical elements of HIPAA are addressed by the vendor (i.e., security obligations, breach notifications).</code><code>Integration with Other Laws. Other privacy laws or requirements address one or more of the same provisions as HIPAA. Companies with activities that fall under another jurisdiction need to examine where the laws intersect and where they provide provisions that oppose each other. Examples include the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).</code><code>Recommendations for HIPAA Compliance</code><code>Achieving, maintaining and demonstrating compliance with HIPAA means companies must implement HIPAAβs administrative, physical and technical safeguards, exercise heightened diligence over vendors where they share PHI and meet the HIPAA breach notification requirements. As you you consider the steps you will take to comply with HIPAA, TrustArc suggests the following:</code><code>Assess you business β Determine if HIPAA applies to your business; conduct a gap analysis against HIPAA requirements; determine cross-compliance overlap; and map processes to determine the scope and reach of HIPAA to business activities, data, systems/applications and vendors.</code><code>Implement HIPAA compliance β Develop or enhance policies to comply with HIPAA; build a successful vendor management program; implement individual rights mechanisms; and develop a privacy impact assessment.</code><code>Maintain compliance β Perform a thorough annual risk assessment and maintain ongoing compliance activities (i.e., policy updates, employee training, vendor assessments, etc.).</code><code>TrustArc can help with all these key areas of HIPAA compliance. TrustArc has extensive experience working with companies in the healthcare field including both covered entities and business associates. We assist companies throughout the lifecycle of HIPAA compliance from immediate needs such as determining if HIPAA applies to a business, initial risk assessments and employee training, to long-term needs such as vendor management, data inventory and PIAs. We can also partner with companies on corrective action plans under regulatoryβ¦
<code>Media</code><code>For those of you who are not familiar with the Health Insurance Portability and Accountability Act (HIPAA), it was passed in 1996 and has become the foundational data protection standard in the U.S. for the healthcare industry. If you are deciding if HIPAA applies to you, you might consider that while HIPAA does not apply to all healthcare entities, it does apply to:</code><code>Covered entities β Health plans, health care clearinghouses (i.e., billing services) and any health care providers that engage in electronic payment for healthcare</code><code>Business associates β Vendors to covered entities that have access to protected health information β PHI (i.e., law firms, software providers, etc.) </code><code>Additionally, fines for violating HIPAA are severe β from $100 to $50,000 per violation with a maximum penalty of $1.5 million per year for each violation.</code><code> </code><code>Challenges to Complying with HIPAA</code><code>Some of the challenges clients we work with face in complying with HIPAA include:</code><code>Fitting new Technology into Older Laws. HIPAA was adopted in 1996, over 20 years ago, before there were even smartphones! Companies trying to build technology to older standards often face challenges in identifying how to address PHI and what safeguards are needed (i.e., where and when to encrypt). </code><code>Risk Assessments. Companies must consider both regular risk assessments as required by HIPAA and risk assessments related to new or changing processes/projects.</code><code>Vendor Oversight. As a covered entity, a company needs to do proper due diligence over the life of the relationship with a vendor. The right agreements must also be in place to ensure that critical elements of HIPAA are addressed by the vendor (i.e., security obligations, breach notifications).</code><code>Integration with Other Laws. Other privacy laws or requirements address one or more of the same provisions as HIPAA. Companies with activities that fall under another jurisdiction need to examine where the laws intersect and where they provide provisions that oppose each other. Examples include the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).</code><code>Recommendations for HIPAA Compliance</code><code>Achieving, maintaining and demonstrating compliance with HIPAA means companies must implement HIPAAβs administrative, physical and technical safeguards, exercise heightened diligence over vendors where they share PHI and meet the HIPAA breach notification requirements. As you you consider the steps you will take to comply with HIPAA, TrustArc suggests the following:</code><code>Assess you business β Determine if HIPAA applies to your business; conduct a gap analysis against HIPAA requirements; determine cross-compliance overlap; and map processes to determine the scope and reach of HIPAA to business activities, data, systems/applications and vendors.</code><code>Implement HIPAA compliance β Develop or enhance policies to comply with HIPAA; build a successful vendor management program; implement individual rights mechanisms; and develop a privacy impact assessment.</code><code>Maintain compliance β Perform a thorough annual risk assessment and maintain ongoing compliance activities (i.e., policy updates, employee training, vendor assessments, etc.).</code><code>TrustArc can help with all these key areas of HIPAA compliance. TrustArc has extensive experience working with companies in the healthcare field including both covered entities and business associates. We assist companies throughout the lifecycle of HIPAA compliance from immediate needs such as determining if HIPAA applies to a business, initial risk assessments and employee training, to long-term needs such as vendor management, data inventory and PIAs. We can also partner with companies on corrective action plans under regulatoryβ¦