π The Japanese government plans to hack into unsecured IoT devices. Will it work? π
π Read
via "Security on TechRepublic".
Ahead of the 2020 Tokyo Olympic Games, the Japanese government is planning to access unsecured Internet of Things devices to identify users and request they change their passwords.π Read
via "Security on TechRepublic".
TechRepublic
The Japanese government plans to hack into unsecured IoT devices. Will it work?
Ahead of the 2020 Tokyo Olympic Games, the Japanese government is planning to access unsecured Internet of Things devices to identify users and request they change their passwords.
β 2019 and Beyond: The (Expanded) RSAC Advisory Board Weighs in on Whatβs Next β
π Read
via "Threatpost | The first stop for security news".
Forward-thinking predictions for the year ahead from some of the cybersecurity industryβs wisest minds.π Read
via "Threatpost | The first stop for security news".
Threat Post
2019 and Beyond: The (Expanded) RSAC Advisory Board Weighs in on Whatβs Next
Forward-thinking predictions for the year ahead from some of the cybersecurity industryβs wisest minds.
🕳 HIPAA Compliance β Privacy Challenges and Solutions 🕳
<code>Media</code><code>For those of you who are not familiar with the Health Insurance Portability and Accountability Act (HIPAA), it was passed in 1996 and has become the foundational data protection standard in the U.S. for the healthcare industry. If you are deciding if HIPAA applies to you, you might consider that while HIPAA does not apply to all healthcare entities, it does apply to:</code><code>Covered entities β Health plans, health care clearinghouses (i.e., billing services) and any health care providers that engage in electronic payment for healthcare</code><code>Business associates β Vendors to covered entities that have access to protected health information β PHI (i.e., law firms, software providers, etc.) </code><code>Additionally, fines for violating HIPAA are severe β from $100 to $50,000 per violation with a maximum penalty of $1.5 million per year for each violation.</code><code> </code><code>Challenges to Complying with HIPAA</code><code>Some of the challenges clients we work with face in complying with HIPAA include:</code><code>Fitting new Technology into Older Laws. HIPAA was adopted in 1996, over 20 years ago, before there were even smartphones! Companies trying to build technology to older standards often face challenges in identifying how to address PHI and what safeguards are needed (i.e., where and when to encrypt). </code><code>Risk Assessments. Companies must consider both regular risk assessments as required by HIPAA and risk assessments related to new or changing processes/projects.</code><code>Vendor Oversight. As a covered entity, a company needs to do proper due diligence over the life of the relationship with a vendor. The right agreements must also be in place to ensure that critical elements of HIPAA are addressed by the vendor (i.e., security obligations, breach notifications).</code><code>Integration with Other Laws. Other privacy laws or requirements address one or more of the same provisions as HIPAA. Companies with activities that fall under another jurisdiction need to examine where the laws intersect and where they provide provisions that oppose each other. Examples include the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).</code><code>Recommendations for HIPAA Compliance</code><code>Achieving, maintaining and demonstrating compliance with HIPAA means companies must implement HIPAAβs administrative, physical and technical safeguards, exercise heightened diligence over vendors where they share PHI and meet the HIPAA breach notification requirements. As you you consider the steps you will take to comply with HIPAA, TrustArc suggests the following:</code><code>Assess you business β Determine if HIPAA applies to your business; conduct a gap analysis against HIPAA requirements; determine cross-compliance overlap; and map processes to determine the scope and reach of HIPAA to business activities, data, systems/applications and vendors.</code><code>Implement HIPAA compliance β Develop or enhance policies to comply with HIPAA; build a successful vendor management program; implement individual rights mechanisms; and develop a privacy impact assessment.</code><code>Maintain compliance β Perform a thorough annual risk assessment and maintain ongoing compliance activities (i.e., policy updates, employee training, vendor assessments, etc.).</code><code>TrustArc can help with all these key areas of HIPAA compliance. TrustArc has extensive experience working with companies in the healthcare field including both covered entities and business associates. We assist companies throughout the lifecycle of HIPAA compliance from immediate needs such as determining if HIPAA applies to a business, initial risk assessments and employee training, to long-term needs such as vendor management, data inventory and PIAs. We can also partner with companies on corrective action plans under regulatoryβ¦
<code>Media</code><code>For those of you who are not familiar with the Health Insurance Portability and Accountability Act (HIPAA), it was passed in 1996 and has become the foundational data protection standard in the U.S. for the healthcare industry. If you are deciding if HIPAA applies to you, you might consider that while HIPAA does not apply to all healthcare entities, it does apply to:</code><code>Covered entities β Health plans, health care clearinghouses (i.e., billing services) and any health care providers that engage in electronic payment for healthcare</code><code>Business associates β Vendors to covered entities that have access to protected health information β PHI (i.e., law firms, software providers, etc.) </code><code>Additionally, fines for violating HIPAA are severe β from $100 to $50,000 per violation with a maximum penalty of $1.5 million per year for each violation.</code><code> </code><code>Challenges to Complying with HIPAA</code><code>Some of the challenges clients we work with face in complying with HIPAA include:</code><code>Fitting new Technology into Older Laws. HIPAA was adopted in 1996, over 20 years ago, before there were even smartphones! Companies trying to build technology to older standards often face challenges in identifying how to address PHI and what safeguards are needed (i.e., where and when to encrypt). </code><code>Risk Assessments. Companies must consider both regular risk assessments as required by HIPAA and risk assessments related to new or changing processes/projects.</code><code>Vendor Oversight. As a covered entity, a company needs to do proper due diligence over the life of the relationship with a vendor. The right agreements must also be in place to ensure that critical elements of HIPAA are addressed by the vendor (i.e., security obligations, breach notifications).</code><code>Integration with Other Laws. Other privacy laws or requirements address one or more of the same provisions as HIPAA. Companies with activities that fall under another jurisdiction need to examine where the laws intersect and where they provide provisions that oppose each other. Examples include the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).</code><code>Recommendations for HIPAA Compliance</code><code>Achieving, maintaining and demonstrating compliance with HIPAA means companies must implement HIPAAβs administrative, physical and technical safeguards, exercise heightened diligence over vendors where they share PHI and meet the HIPAA breach notification requirements. As you you consider the steps you will take to comply with HIPAA, TrustArc suggests the following:</code><code>Assess you business β Determine if HIPAA applies to your business; conduct a gap analysis against HIPAA requirements; determine cross-compliance overlap; and map processes to determine the scope and reach of HIPAA to business activities, data, systems/applications and vendors.</code><code>Implement HIPAA compliance β Develop or enhance policies to comply with HIPAA; build a successful vendor management program; implement individual rights mechanisms; and develop a privacy impact assessment.</code><code>Maintain compliance β Perform a thorough annual risk assessment and maintain ongoing compliance activities (i.e., policy updates, employee training, vendor assessments, etc.).</code><code>TrustArc can help with all these key areas of HIPAA compliance. TrustArc has extensive experience working with companies in the healthcare field including both covered entities and business associates. We assist companies throughout the lifecycle of HIPAA compliance from immediate needs such as determining if HIPAA applies to a business, initial risk assessments and employee training, to long-term needs such as vendor management, data inventory and PIAs. We can also partner with companies on corrective action plans under regulatoryβ¦
π΄ Japan Authorizes IoT Hacking π΄
π Read
via "Dark Reading: ".
A new campaign will see government employees hacking into personal IoT devices to identify those at highest security risk.π Read
via "Dark Reading: ".
Darkreading
Japan Authorizes IoT Hacking
A new campaign will see government employees hacking into personal IoT devices to identify those at highest security risk.
π΄ US Law Enforcement Shuts Down Massive Marketplace for Compromised Servers π΄
π Read
via "Dark Reading: ".
At its peak, xDedic listed over 70,000 owned servers that buyers could purchase for prices starting as low as $6 each.π Read
via "Dark Reading: ".
Darkreading
US Law Enforcement Shuts Down Massive Marketplace for Compromised Servers
At its peak, xDedic listed over 70,000 owned servers that buyers could purchase for prices starting as low as $6 each.
π Top 5 ways people are okay sharing data π
π Read
via "Security on TechRepublic".
Tom Merritt shares five ways companies can request data from their consumers--and actually get it.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 ways people are okay sharing data
Tom Merritt shares five ways companies can request data from their consumers--and actually get it.
π Top 5 ways people are okay sharing data π
π Read
via "Security on TechRepublic".
Tom Merritt shares five ways companies can request data from their consumers--and actually get it.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 ways people are okay sharing data
Tom Merritt shares five ways companies can request data from their consumers--and actually get it.
π΄ Turn Off FaceTime in Apple iOS Now, Experts Warn π΄
π Read
via "Dark Reading: ".
Newly found bug reportedly allows callers to spy on you -- even if you don't pick up.π Read
via "Dark Reading: ".
Dark Reading
Turn Off FaceTime in Apple iOS Now, Experts Warn
Newly found bug reportedly allows callers to spy on you -- even if you don't pick up.
ATENTIONβΌ New - CVE-2016-10740
π Read
via "National Vulnerability Database".
Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.π Read
via "National Vulnerability Database".
β Credential-stuffing attack prompts Dailymotion password reset β
π Read
via "Naked Security".
Dailymotion is resetting the account passwords of an unknown number of users after being hit by a βlarge-scaleβ credential stuffing attack.π Read
via "Naked Security".
Naked Security
Credential-stuffing attack prompts Dailymotion password reset
Dailymotion is resetting the account passwords of an unknown number of users after being hit by a βlarge-scaleβ credential stuffing attack.
β Thievesβ names and descriptions made public on B&Q database β
π Read
via "Naked Security".
DIY giant B&Q reportedly suffered an Elasticsearch database breach this week that gave up information on around 70,000 shoplifters.π Read
via "Naked Security".
Naked Security
Thievesβ names and descriptions made public on B&Q database
DIY giant B&Q reportedly suffered an Elasticsearch database breach this week that gave up information on around 70,000 shoplifters.
β Apple scrambles to fix FaceTime eavesdropping bug β
π Read
via "Naked Security".
Apple is scrambling to fix an embarrassingly dangerous "snooping" bug in its popular FaceTime app.π Read
via "Naked Security".
Naked Security
Apple scrambles to fix FaceTime eavesdropping bug
Apple is scrambling to fix an embarrassingly dangerous βsnoopingβ bug in its popular FaceTime app.
β Facebook to tie together WhatsApp, Instagram and Facebook Messenger β
π Read
via "Naked Security".
Should we cheer for WhatsApp-esque, end-to-end encryption everywhere, or tremble at creeping Facebookism?π Read
via "Naked Security".
Naked Security
Facebook to tie together WhatsApp, Instagram and Facebook Messenger
Should we cheer for WhatsApp-esque, end-to-end encryption everywhere, or tremble at creeping Facebookism?
β Japanese government will try to hack its citizensβ IOT devices β
π Read
via "Naked Security".
Japan will hack citizens' IoT devices to mop up cyber security before the Olympics. Don't like the notion? Here's how to lock 'em down!π Read
via "Naked Security".
Naked Security
Japanese government will try to hack its citizensβ IOT devices
Japan will hack citizensβ IoT devices to mop up cyber security before the Olympics. Donβt like the notion? Hereβs how to lock βem down!
π Enterprise digital transformation leaves data security behind π
π Read
via "Security on TechRepublic".
Implementing modern systems could have a sinister side-effect for enterprise companies.π Read
via "Security on TechRepublic".
TechRepublic
Enterprise digital transformation leaves data security behind
Implementing modern systems could have a sinister side-effect for enterprise companies.
β Apple Disables Group FaceTime Following Major Privacy Glitch β
π Read
via "Threatpost | The first stop for security news".
The bug allows iPhone users to FaceTime other iOS users and eavesdrop on their conversations - even when the other end of the line doesn't pick up.π Read
via "Threatpost | The first stop for security news".
Threat Post
Apple Disables Group FaceTime Following Major Privacy Glitch
The bug allows iPhone users to FaceTime other iOS users and eavesdrop on their conversations - even when the other end of the line doesn't pick up.
π 57% of IT workers who get phished don't change their password behaviors π
π Read
via "Security on TechRepublic".
Despite the wide-ranging effects of the Facebook data privacy scandal, only one-fifth of people are concerned over privacy issues related to social media use, according to a Yubico study.π Read
via "Security on TechRepublic".
TechRepublic
57% of IT workers who get phished don't change their password behaviors
Despite the wide-ranging effects of the Facebook data privacy scandal, only one-fifth of people are concerned over privacy issues related to social media use, according to a Yubico study.
β Researchers Allege βSystemicβ Privacy, Security Flaws in Popular IoT Devices β
π Read
via "Threatpost | The first stop for security news".
A report found that a dozen connected devices are open to several security and privacy issues.π Read
via "Threatpost | The first stop for security news".
Threat Post
Researchers Allege βSystemicβ Privacy, Security Flaws in Popular IoT Devices
A new report found that a dozen connected devices are open to several security and privacy issues.
π΄ Creating a Security Culture & Solving the Human Problem π΄
π Read
via "Dark Reading: ".
People are the biggest weakness to security breaches; people can also be your organization's biggest defense.π Read
via "Dark Reading: ".
Darkreading
Creating a Security Culture & Solving the Human Problem
People are the biggest weakness to security breaches; people can also be your organization's biggest defense.
π Apple disables Group FaceTime function that was allowing callers to listen and view without your consent π
π Read
via "Security on TechRepublic".
Apple iPhone users discovered a serious FaceTime bug that lets you hear audio from another iPhone or even view live video without the recipient's knowledge.π Read
via "Security on TechRepublic".
TechRepublic
Apple disables Group FaceTime function that was allowing callers to listen and view without your consent
Apple iPhone users discovered a serious FaceTime bug that lets you hear audio from another iPhone or even view live video without the recipient's knowledge.