March 15, 2017
Lucian Constantin, Csoonline.com, March 9, 2017
Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers. Apache Struts is an open-source web development framework for Java web applications. It’s widely used to build corporate websites in sectors including education, government, financial services, retail and media.
Michael Kan, Computerworld.com, March 14, 2017
Efforts to stop Mirai, a malware found infecting thousands of IoT devices, have become a game of whack-a-mole, with differing opinions over whether hackers or the security community are making any headway.
Lucian Constantin, Pcworld.com, March 13, 2017
Following the recent revelations about the U.S. Central Intelligence Agency’s cyberespionage arsenal, software vendors reiterated their commitments to fix vulnerabilities in a timely manner and told users that many of the flaws described in the agency’s leaked documents have been fixed.
Nicholas Fearn, Idgconnect.com, March 13, 2017
Advancements in technology and software have introduced new possibilities in the security and surveillance world over the past few years. Biometric innovation has, in particular, had a significant impact on cyber security practices right across the world.
Lucian Constantin, Networkworld.com, March 14, 2017
After Edward Snowden revealed that online communications were being collected en masse by some of the world’s most powerful intelligence agencies, security experts called for encryption of the entire web. Four years later, it looks like we’ve passed the tipping point.
Paul Brandau, Delta-risk.net, March 10, 2017
Accessing Clear Text Administrative Passwords In our last blog post, we showed how pen testers can use misconfigurations within Active Directory group management to escalate privileges. However, that technique is heavily dependent on having access to privileged or misconfigured accounts in the first place.
Kieren McCarthy, Theregister.co.uk, March 8, 2017
A new report into nearly 300 websites run by the US government has reached an unsurprising conclusion: they suck.
What may be startling, however, is just how much they suck. According to the Information Technology and Innovation Foundation (ITIF), a dramatic 92 per cent of the websites they reviewed had a significant flaw or failing – whether in terms of security, accessibility or speed.
Hipaajournal.com, March 6, 2017
A major breach of electronic protected health information has been discovered by Universal Care, dba, Brand New Day – A Medicare approved health plan.
On December 28, 2016, Brand New Day became aware that an unauthorized individual had gained access to ePHI provided to one of its HIPAA business associates. Access to ePHI was gained via a third-party vendor system used by Brand New Day’s contracting provider six days previously on December 22, 2016.
Marianne Kolbasuk McGee, Healthcareinfosecurity.com, March 13, 2017
An important theme that emerges from the Department of Health and Human Services’ Office for Civil Rights’ dozens of HIPAA settlements and other enforcement actions is that all aspects of compliance are critical and subject to scrutiny by federal regulators, says former OCR director Leon Rodriguez.
Jim Johnson, Hitechanswers.net, March 9, 2017
With all the recent turbulence in healthcare surrounding Meaningful Use, ICD-10 and now the transition to the Merit-based Incentive Payment System, HIPAA has flown under the radar, in a sense, for some practices. However, in 2017 it’s important that practices make HIPAA compliance a priority. Here are five things we covered in a recent webinar on what all practices should focus on in regards to HIPAA compliance in 2017.