β BGP secure routing experiment ends in online row β
π Read
via "Naked Security".
An experiment to make the internet safer ended up breaking parts of it last week.π Read
via "Naked Security".
Naked Security
BGP secure routing experiment ends in online row
An experiment to make the internet safer ended up breaking parts of it last week.
β How to protect yourself this Data Privacy Day β
π Read
via "Naked Security".
Today is Data Privacy Day. We asked around at Sophos for some tips from people that live security day in and day out.π Read
via "Naked Security".
Naked Security
How to protect yourself this Data Privacy Day
Today is Data Privacy Day. We asked around at Sophos for some tips from people that live security day in and day out.
β How my Instagram account got hacked β
π Read
via "Naked Security".
After years of embarrassment, I'm finally ready to admit how and why my Instagram account got hacked.π Read
via "Naked Security".
Naked Security
How my Instagram account got hacked
After years of embarrassment, Iβm finally ready to admit how and why my Instagram account got hacked.
β WordPress Users Urged to Delete Zero-Day-Ridden Plugin β
π Read
via "Threatpost | The first stop for security news".
The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.π Read
via "Threatpost | The first stop for security news".
Threat Post
WordPress Users Urged to Delete Zero-Day-Ridden Plugin
The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.
π΄ 3 Ways Companies Mess Up GDPR Compliance the Most π΄
π Read
via "Dark Reading: ".
The best way to conform to the EU's new privacy regulation is to assume that you don't need to hold on to personal data, versus the opposite.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution β
π Read
via "Threatpost | The first stop for security news".
Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution.π Read
via "Threatpost | The first stop for security news".
Threat Post
Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution
Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution.
π How to use SSH through a Linux Jump Host π
π Read
via "Security on TechRepublic".
Jack Wallen shows you how you can use SSH to proxy through a jump host from one machine to another.π Read
via "Security on TechRepublic".
β Dailymotion Fights Ongoing Credential-Stuffing Attack β
π Read
via "Threatpost | The first stop for security news".
The YouTube competitor said that it was hopeful that it's containing the damage.π Read
via "Threatpost | The first stop for security news".
Threat Post
Dailymotion Fights Ongoing Credential-Stuffing Attack
The YouTube competitor said that it was hopeful that it's containing the damage.
π The Japanese government plans to hack into unsecured IoT devices. Will it work? π
π Read
via "Security on TechRepublic".
Ahead of the 2020 Tokyo Olympic Games, the Japanese government is planning to access unsecured Internet of Things devices to identify users and request they change their passwords.π Read
via "Security on TechRepublic".
TechRepublic
The Japanese government plans to hack into unsecured IoT devices. Will it work?
Ahead of the 2020 Tokyo Olympic Games, the Japanese government is planning to access unsecured Internet of Things devices to identify users and request they change their passwords.
β 2019 and Beyond: The (Expanded) RSAC Advisory Board Weighs in on Whatβs Next β
π Read
via "Threatpost | The first stop for security news".
Forward-thinking predictions for the year ahead from some of the cybersecurity industryβs wisest minds.π Read
via "Threatpost | The first stop for security news".
Threat Post
2019 and Beyond: The (Expanded) RSAC Advisory Board Weighs in on Whatβs Next
Forward-thinking predictions for the year ahead from some of the cybersecurity industryβs wisest minds.
🕳 HIPAA Compliance β Privacy Challenges and Solutions 🕳
<code>Media</code><code>For those of you who are not familiar with the Health Insurance Portability and Accountability Act (HIPAA), it was passed in 1996 and has become the foundational data protection standard in the U.S. for the healthcare industry. If you are deciding if HIPAA applies to you, you might consider that while HIPAA does not apply to all healthcare entities, it does apply to:</code><code>Covered entities β Health plans, health care clearinghouses (i.e., billing services) and any health care providers that engage in electronic payment for healthcare</code><code>Business associates β Vendors to covered entities that have access to protected health information β PHI (i.e., law firms, software providers, etc.) </code><code>Additionally, fines for violating HIPAA are severe β from $100 to $50,000 per violation with a maximum penalty of $1.5 million per year for each violation.</code><code> </code><code>Challenges to Complying with HIPAA</code><code>Some of the challenges clients we work with face in complying with HIPAA include:</code><code>Fitting new Technology into Older Laws. HIPAA was adopted in 1996, over 20 years ago, before there were even smartphones! Companies trying to build technology to older standards often face challenges in identifying how to address PHI and what safeguards are needed (i.e., where and when to encrypt). </code><code>Risk Assessments. Companies must consider both regular risk assessments as required by HIPAA and risk assessments related to new or changing processes/projects.</code><code>Vendor Oversight. As a covered entity, a company needs to do proper due diligence over the life of the relationship with a vendor. The right agreements must also be in place to ensure that critical elements of HIPAA are addressed by the vendor (i.e., security obligations, breach notifications).</code><code>Integration with Other Laws. Other privacy laws or requirements address one or more of the same provisions as HIPAA. Companies with activities that fall under another jurisdiction need to examine where the laws intersect and where they provide provisions that oppose each other. Examples include the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).</code><code>Recommendations for HIPAA Compliance</code><code>Achieving, maintaining and demonstrating compliance with HIPAA means companies must implement HIPAAβs administrative, physical and technical safeguards, exercise heightened diligence over vendors where they share PHI and meet the HIPAA breach notification requirements. As you you consider the steps you will take to comply with HIPAA, TrustArc suggests the following:</code><code>Assess you business β Determine if HIPAA applies to your business; conduct a gap analysis against HIPAA requirements; determine cross-compliance overlap; and map processes to determine the scope and reach of HIPAA to business activities, data, systems/applications and vendors.</code><code>Implement HIPAA compliance β Develop or enhance policies to comply with HIPAA; build a successful vendor management program; implement individual rights mechanisms; and develop a privacy impact assessment.</code><code>Maintain compliance β Perform a thorough annual risk assessment and maintain ongoing compliance activities (i.e., policy updates, employee training, vendor assessments, etc.).</code><code>TrustArc can help with all these key areas of HIPAA compliance. TrustArc has extensive experience working with companies in the healthcare field including both covered entities and business associates. We assist companies throughout the lifecycle of HIPAA compliance from immediate needs such as determining if HIPAA applies to a business, initial risk assessments and employee training, to long-term needs such as vendor management, data inventory and PIAs. We can also partner with companies on corrective action plans under regulatoryβ¦
<code>Media</code><code>For those of you who are not familiar with the Health Insurance Portability and Accountability Act (HIPAA), it was passed in 1996 and has become the foundational data protection standard in the U.S. for the healthcare industry. If you are deciding if HIPAA applies to you, you might consider that while HIPAA does not apply to all healthcare entities, it does apply to:</code><code>Covered entities β Health plans, health care clearinghouses (i.e., billing services) and any health care providers that engage in electronic payment for healthcare</code><code>Business associates β Vendors to covered entities that have access to protected health information β PHI (i.e., law firms, software providers, etc.) </code><code>Additionally, fines for violating HIPAA are severe β from $100 to $50,000 per violation with a maximum penalty of $1.5 million per year for each violation.</code><code> </code><code>Challenges to Complying with HIPAA</code><code>Some of the challenges clients we work with face in complying with HIPAA include:</code><code>Fitting new Technology into Older Laws. HIPAA was adopted in 1996, over 20 years ago, before there were even smartphones! Companies trying to build technology to older standards often face challenges in identifying how to address PHI and what safeguards are needed (i.e., where and when to encrypt). </code><code>Risk Assessments. Companies must consider both regular risk assessments as required by HIPAA and risk assessments related to new or changing processes/projects.</code><code>Vendor Oversight. As a covered entity, a company needs to do proper due diligence over the life of the relationship with a vendor. The right agreements must also be in place to ensure that critical elements of HIPAA are addressed by the vendor (i.e., security obligations, breach notifications).</code><code>Integration with Other Laws. Other privacy laws or requirements address one or more of the same provisions as HIPAA. Companies with activities that fall under another jurisdiction need to examine where the laws intersect and where they provide provisions that oppose each other. Examples include the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).</code><code>Recommendations for HIPAA Compliance</code><code>Achieving, maintaining and demonstrating compliance with HIPAA means companies must implement HIPAAβs administrative, physical and technical safeguards, exercise heightened diligence over vendors where they share PHI and meet the HIPAA breach notification requirements. As you you consider the steps you will take to comply with HIPAA, TrustArc suggests the following:</code><code>Assess you business β Determine if HIPAA applies to your business; conduct a gap analysis against HIPAA requirements; determine cross-compliance overlap; and map processes to determine the scope and reach of HIPAA to business activities, data, systems/applications and vendors.</code><code>Implement HIPAA compliance β Develop or enhance policies to comply with HIPAA; build a successful vendor management program; implement individual rights mechanisms; and develop a privacy impact assessment.</code><code>Maintain compliance β Perform a thorough annual risk assessment and maintain ongoing compliance activities (i.e., policy updates, employee training, vendor assessments, etc.).</code><code>TrustArc can help with all these key areas of HIPAA compliance. TrustArc has extensive experience working with companies in the healthcare field including both covered entities and business associates. We assist companies throughout the lifecycle of HIPAA compliance from immediate needs such as determining if HIPAA applies to a business, initial risk assessments and employee training, to long-term needs such as vendor management, data inventory and PIAs. We can also partner with companies on corrective action plans under regulatoryβ¦
π΄ Japan Authorizes IoT Hacking π΄
π Read
via "Dark Reading: ".
A new campaign will see government employees hacking into personal IoT devices to identify those at highest security risk.π Read
via "Dark Reading: ".
Darkreading
Japan Authorizes IoT Hacking
A new campaign will see government employees hacking into personal IoT devices to identify those at highest security risk.
π΄ US Law Enforcement Shuts Down Massive Marketplace for Compromised Servers π΄
π Read
via "Dark Reading: ".
At its peak, xDedic listed over 70,000 owned servers that buyers could purchase for prices starting as low as $6 each.π Read
via "Dark Reading: ".
Darkreading
US Law Enforcement Shuts Down Massive Marketplace for Compromised Servers
At its peak, xDedic listed over 70,000 owned servers that buyers could purchase for prices starting as low as $6 each.
π Top 5 ways people are okay sharing data π
π Read
via "Security on TechRepublic".
Tom Merritt shares five ways companies can request data from their consumers--and actually get it.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 ways people are okay sharing data
Tom Merritt shares five ways companies can request data from their consumers--and actually get it.
π Top 5 ways people are okay sharing data π
π Read
via "Security on TechRepublic".
Tom Merritt shares five ways companies can request data from their consumers--and actually get it.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 ways people are okay sharing data
Tom Merritt shares five ways companies can request data from their consumers--and actually get it.
π΄ Turn Off FaceTime in Apple iOS Now, Experts Warn π΄
π Read
via "Dark Reading: ".
Newly found bug reportedly allows callers to spy on you -- even if you don't pick up.π Read
via "Dark Reading: ".
Dark Reading
Turn Off FaceTime in Apple iOS Now, Experts Warn
Newly found bug reportedly allows callers to spy on you -- even if you don't pick up.
ATENTIONβΌ New - CVE-2016-10740
π Read
via "National Vulnerability Database".
Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.π Read
via "National Vulnerability Database".
β Credential-stuffing attack prompts Dailymotion password reset β
π Read
via "Naked Security".
Dailymotion is resetting the account passwords of an unknown number of users after being hit by a βlarge-scaleβ credential stuffing attack.π Read
via "Naked Security".
Naked Security
Credential-stuffing attack prompts Dailymotion password reset
Dailymotion is resetting the account passwords of an unknown number of users after being hit by a βlarge-scaleβ credential stuffing attack.
β Thievesβ names and descriptions made public on B&Q database β
π Read
via "Naked Security".
DIY giant B&Q reportedly suffered an Elasticsearch database breach this week that gave up information on around 70,000 shoplifters.π Read
via "Naked Security".
Naked Security
Thievesβ names and descriptions made public on B&Q database
DIY giant B&Q reportedly suffered an Elasticsearch database breach this week that gave up information on around 70,000 shoplifters.
β Apple scrambles to fix FaceTime eavesdropping bug β
π Read
via "Naked Security".
Apple is scrambling to fix an embarrassingly dangerous "snooping" bug in its popular FaceTime app.π Read
via "Naked Security".
Naked Security
Apple scrambles to fix FaceTime eavesdropping bug
Apple is scrambling to fix an embarrassingly dangerous βsnoopingβ bug in its popular FaceTime app.