β WordPress Users Urged to Delete Zero-Day-Ridden Plugin β
π Read
via "Threatpost | The first stop for security news".
The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.π Read
via "Threatpost | The first stop for security news".
Threat Post
WordPress Users Urged to Delete Zero-Day-Ridden Plugin
The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.
π΄ 3 Ways Companies Mess Up GDPR Compliance the Most π΄
π Read
via "Dark Reading: ".
The best way to conform to the EU's new privacy regulation is to assume that you don't need to hold on to personal data, versus the opposite.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution β
π Read
via "Threatpost | The first stop for security news".
Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution.π Read
via "Threatpost | The first stop for security news".
Threat Post
Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution
Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution.
π How to use SSH through a Linux Jump Host π
π Read
via "Security on TechRepublic".
Jack Wallen shows you how you can use SSH to proxy through a jump host from one machine to another.π Read
via "Security on TechRepublic".
β Dailymotion Fights Ongoing Credential-Stuffing Attack β
π Read
via "Threatpost | The first stop for security news".
The YouTube competitor said that it was hopeful that it's containing the damage.π Read
via "Threatpost | The first stop for security news".
Threat Post
Dailymotion Fights Ongoing Credential-Stuffing Attack
The YouTube competitor said that it was hopeful that it's containing the damage.
π The Japanese government plans to hack into unsecured IoT devices. Will it work? π
π Read
via "Security on TechRepublic".
Ahead of the 2020 Tokyo Olympic Games, the Japanese government is planning to access unsecured Internet of Things devices to identify users and request they change their passwords.π Read
via "Security on TechRepublic".
TechRepublic
The Japanese government plans to hack into unsecured IoT devices. Will it work?
Ahead of the 2020 Tokyo Olympic Games, the Japanese government is planning to access unsecured Internet of Things devices to identify users and request they change their passwords.
β 2019 and Beyond: The (Expanded) RSAC Advisory Board Weighs in on Whatβs Next β
π Read
via "Threatpost | The first stop for security news".
Forward-thinking predictions for the year ahead from some of the cybersecurity industryβs wisest minds.π Read
via "Threatpost | The first stop for security news".
Threat Post
2019 and Beyond: The (Expanded) RSAC Advisory Board Weighs in on Whatβs Next
Forward-thinking predictions for the year ahead from some of the cybersecurity industryβs wisest minds.
🕳 HIPAA Compliance β Privacy Challenges and Solutions 🕳
<code>Media</code><code>For those of you who are not familiar with the Health Insurance Portability and Accountability Act (HIPAA), it was passed in 1996 and has become the foundational data protection standard in the U.S. for the healthcare industry. If you are deciding if HIPAA applies to you, you might consider that while HIPAA does not apply to all healthcare entities, it does apply to:</code><code>Covered entities β Health plans, health care clearinghouses (i.e., billing services) and any health care providers that engage in electronic payment for healthcare</code><code>Business associates β Vendors to covered entities that have access to protected health information β PHI (i.e., law firms, software providers, etc.) </code><code>Additionally, fines for violating HIPAA are severe β from $100 to $50,000 per violation with a maximum penalty of $1.5 million per year for each violation.</code><code> </code><code>Challenges to Complying with HIPAA</code><code>Some of the challenges clients we work with face in complying with HIPAA include:</code><code>Fitting new Technology into Older Laws. HIPAA was adopted in 1996, over 20 years ago, before there were even smartphones! Companies trying to build technology to older standards often face challenges in identifying how to address PHI and what safeguards are needed (i.e., where and when to encrypt). </code><code>Risk Assessments. Companies must consider both regular risk assessments as required by HIPAA and risk assessments related to new or changing processes/projects.</code><code>Vendor Oversight. As a covered entity, a company needs to do proper due diligence over the life of the relationship with a vendor. The right agreements must also be in place to ensure that critical elements of HIPAA are addressed by the vendor (i.e., security obligations, breach notifications).</code><code>Integration with Other Laws. Other privacy laws or requirements address one or more of the same provisions as HIPAA. Companies with activities that fall under another jurisdiction need to examine where the laws intersect and where they provide provisions that oppose each other. Examples include the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).</code><code>Recommendations for HIPAA Compliance</code><code>Achieving, maintaining and demonstrating compliance with HIPAA means companies must implement HIPAAβs administrative, physical and technical safeguards, exercise heightened diligence over vendors where they share PHI and meet the HIPAA breach notification requirements. As you you consider the steps you will take to comply with HIPAA, TrustArc suggests the following:</code><code>Assess you business β Determine if HIPAA applies to your business; conduct a gap analysis against HIPAA requirements; determine cross-compliance overlap; and map processes to determine the scope and reach of HIPAA to business activities, data, systems/applications and vendors.</code><code>Implement HIPAA compliance β Develop or enhance policies to comply with HIPAA; build a successful vendor management program; implement individual rights mechanisms; and develop a privacy impact assessment.</code><code>Maintain compliance β Perform a thorough annual risk assessment and maintain ongoing compliance activities (i.e., policy updates, employee training, vendor assessments, etc.).</code><code>TrustArc can help with all these key areas of HIPAA compliance. TrustArc has extensive experience working with companies in the healthcare field including both covered entities and business associates. We assist companies throughout the lifecycle of HIPAA compliance from immediate needs such as determining if HIPAA applies to a business, initial risk assessments and employee training, to long-term needs such as vendor management, data inventory and PIAs. We can also partner with companies on corrective action plans under regulatoryβ¦
<code>Media</code><code>For those of you who are not familiar with the Health Insurance Portability and Accountability Act (HIPAA), it was passed in 1996 and has become the foundational data protection standard in the U.S. for the healthcare industry. If you are deciding if HIPAA applies to you, you might consider that while HIPAA does not apply to all healthcare entities, it does apply to:</code><code>Covered entities β Health plans, health care clearinghouses (i.e., billing services) and any health care providers that engage in electronic payment for healthcare</code><code>Business associates β Vendors to covered entities that have access to protected health information β PHI (i.e., law firms, software providers, etc.) </code><code>Additionally, fines for violating HIPAA are severe β from $100 to $50,000 per violation with a maximum penalty of $1.5 million per year for each violation.</code><code> </code><code>Challenges to Complying with HIPAA</code><code>Some of the challenges clients we work with face in complying with HIPAA include:</code><code>Fitting new Technology into Older Laws. HIPAA was adopted in 1996, over 20 years ago, before there were even smartphones! Companies trying to build technology to older standards often face challenges in identifying how to address PHI and what safeguards are needed (i.e., where and when to encrypt). </code><code>Risk Assessments. Companies must consider both regular risk assessments as required by HIPAA and risk assessments related to new or changing processes/projects.</code><code>Vendor Oversight. As a covered entity, a company needs to do proper due diligence over the life of the relationship with a vendor. The right agreements must also be in place to ensure that critical elements of HIPAA are addressed by the vendor (i.e., security obligations, breach notifications).</code><code>Integration with Other Laws. Other privacy laws or requirements address one or more of the same provisions as HIPAA. Companies with activities that fall under another jurisdiction need to examine where the laws intersect and where they provide provisions that oppose each other. Examples include the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).</code><code>Recommendations for HIPAA Compliance</code><code>Achieving, maintaining and demonstrating compliance with HIPAA means companies must implement HIPAAβs administrative, physical and technical safeguards, exercise heightened diligence over vendors where they share PHI and meet the HIPAA breach notification requirements. As you you consider the steps you will take to comply with HIPAA, TrustArc suggests the following:</code><code>Assess you business β Determine if HIPAA applies to your business; conduct a gap analysis against HIPAA requirements; determine cross-compliance overlap; and map processes to determine the scope and reach of HIPAA to business activities, data, systems/applications and vendors.</code><code>Implement HIPAA compliance β Develop or enhance policies to comply with HIPAA; build a successful vendor management program; implement individual rights mechanisms; and develop a privacy impact assessment.</code><code>Maintain compliance β Perform a thorough annual risk assessment and maintain ongoing compliance activities (i.e., policy updates, employee training, vendor assessments, etc.).</code><code>TrustArc can help with all these key areas of HIPAA compliance. TrustArc has extensive experience working with companies in the healthcare field including both covered entities and business associates. We assist companies throughout the lifecycle of HIPAA compliance from immediate needs such as determining if HIPAA applies to a business, initial risk assessments and employee training, to long-term needs such as vendor management, data inventory and PIAs. We can also partner with companies on corrective action plans under regulatoryβ¦
π΄ Japan Authorizes IoT Hacking π΄
π Read
via "Dark Reading: ".
A new campaign will see government employees hacking into personal IoT devices to identify those at highest security risk.π Read
via "Dark Reading: ".
Darkreading
Japan Authorizes IoT Hacking
A new campaign will see government employees hacking into personal IoT devices to identify those at highest security risk.
π΄ US Law Enforcement Shuts Down Massive Marketplace for Compromised Servers π΄
π Read
via "Dark Reading: ".
At its peak, xDedic listed over 70,000 owned servers that buyers could purchase for prices starting as low as $6 each.π Read
via "Dark Reading: ".
Darkreading
US Law Enforcement Shuts Down Massive Marketplace for Compromised Servers
At its peak, xDedic listed over 70,000 owned servers that buyers could purchase for prices starting as low as $6 each.
π Top 5 ways people are okay sharing data π
π Read
via "Security on TechRepublic".
Tom Merritt shares five ways companies can request data from their consumers--and actually get it.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 ways people are okay sharing data
Tom Merritt shares five ways companies can request data from their consumers--and actually get it.
π Top 5 ways people are okay sharing data π
π Read
via "Security on TechRepublic".
Tom Merritt shares five ways companies can request data from their consumers--and actually get it.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 ways people are okay sharing data
Tom Merritt shares five ways companies can request data from their consumers--and actually get it.
π΄ Turn Off FaceTime in Apple iOS Now, Experts Warn π΄
π Read
via "Dark Reading: ".
Newly found bug reportedly allows callers to spy on you -- even if you don't pick up.π Read
via "Dark Reading: ".
Dark Reading
Turn Off FaceTime in Apple iOS Now, Experts Warn
Newly found bug reportedly allows callers to spy on you -- even if you don't pick up.
ATENTIONβΌ New - CVE-2016-10740
π Read
via "National Vulnerability Database".
Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.π Read
via "National Vulnerability Database".
β Credential-stuffing attack prompts Dailymotion password reset β
π Read
via "Naked Security".
Dailymotion is resetting the account passwords of an unknown number of users after being hit by a βlarge-scaleβ credential stuffing attack.π Read
via "Naked Security".
Naked Security
Credential-stuffing attack prompts Dailymotion password reset
Dailymotion is resetting the account passwords of an unknown number of users after being hit by a βlarge-scaleβ credential stuffing attack.
β Thievesβ names and descriptions made public on B&Q database β
π Read
via "Naked Security".
DIY giant B&Q reportedly suffered an Elasticsearch database breach this week that gave up information on around 70,000 shoplifters.π Read
via "Naked Security".
Naked Security
Thievesβ names and descriptions made public on B&Q database
DIY giant B&Q reportedly suffered an Elasticsearch database breach this week that gave up information on around 70,000 shoplifters.
β Apple scrambles to fix FaceTime eavesdropping bug β
π Read
via "Naked Security".
Apple is scrambling to fix an embarrassingly dangerous "snooping" bug in its popular FaceTime app.π Read
via "Naked Security".
Naked Security
Apple scrambles to fix FaceTime eavesdropping bug
Apple is scrambling to fix an embarrassingly dangerous βsnoopingβ bug in its popular FaceTime app.
β Facebook to tie together WhatsApp, Instagram and Facebook Messenger β
π Read
via "Naked Security".
Should we cheer for WhatsApp-esque, end-to-end encryption everywhere, or tremble at creeping Facebookism?π Read
via "Naked Security".
Naked Security
Facebook to tie together WhatsApp, Instagram and Facebook Messenger
Should we cheer for WhatsApp-esque, end-to-end encryption everywhere, or tremble at creeping Facebookism?
β Japanese government will try to hack its citizensβ IOT devices β
π Read
via "Naked Security".
Japan will hack citizens' IoT devices to mop up cyber security before the Olympics. Don't like the notion? Here's how to lock 'em down!π Read
via "Naked Security".
Naked Security
Japanese government will try to hack its citizensβ IOT devices
Japan will hack citizensβ IoT devices to mop up cyber security before the Olympics. Donβt like the notion? Hereβs how to lock βem down!
π Enterprise digital transformation leaves data security behind π
π Read
via "Security on TechRepublic".
Implementing modern systems could have a sinister side-effect for enterprise companies.π Read
via "Security on TechRepublic".
TechRepublic
Enterprise digital transformation leaves data security behind
Implementing modern systems could have a sinister side-effect for enterprise companies.