March 22, 2017
Michael Cooney, Networkworld.com, March 20, 2017
A vulnerability in Cisco’s widely deployed IOS software that was disclosed in the recent WikiLeaks dump of CIA exploits has triggered the company to release a critical warning for its Catalyst networking customers.
Bill Brenner, Nakedsecurity.sophos.com, March 15, 2017
There’s good and bad news on the phishing front.
The good news: attackers don’t seem to be coming up with many new tactics to target their victims. The bad news: they don’t have to. They’re doing just fine hooking their prey with the same old tricks.
Patrick Thibodeau, Computerworld.com, March 16, 2017
New research is turning on its head the idea that legacy systems — such as Cobol and Fortran — are more secure because hackers are unfamiliar with the technology.
Paul Brandau, Delta-risk.net, March 17, 2017
In our previous blog posts, we demonstrated how important it is for penetration testers to get credentials that grant administrative access over hosts within the organization to escalate their permissions. This week, we will discuss a relatively recent privilege escalation technique known as Kerberoasting, which pen testers and malicious hackers can use to crack weak network service account passwords.
Tripwire.com, March 20, 2017
There are a variety of ways a company can experience cyber incidents, ranging from a distributed denial of service network attack to internal information theft.
The first response is usually to enlist incident response professionals to resolve the issue as quickly and efficiently as possible. However, there are several factors companies should consider in determining the best response to an incident. The fact is, a poorly executed response or ill-thought-out strategy can have long-term consequences for your business.
Rajiv Gupta, Cmswire.com, March 13, 2017
Say “Silicon Valley startup” and people think innovation. And innovation for many is synonymous with the creed, “Move fast and break things.”
But when Zenefits was caught up in a regulatory scandal, the company reinvented itself with a culture of compliance to regain consumer trust in its software. Companies pursuing innovation and agility are now investing in trust as a competitive differentiator.
Pymnts.com, March 14, 2017
The Canadian government was forced to pull the plug on its website for filing federal taxes after it became clear that cybercriminals had broken into the statistics bureau last week. The hack was reportedly made possible by a newly-disclosed bug in the software.
Brian Krebs, Krebsonsecurity.com, March 16, 2017
For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath the search results for the Web site of a victimized merchant.
Kimberly L. Cappleman, Phelpsdunbar.com, March 17, 2017
The HIPAA security rule requires covered entities, including health care providers and health plans, and their business associates to “conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.” Many compliance plans require this assessment on an annual or periodic basis. If your organization has not updated its risk assessment recently, a review of recent enforcement activity by the Department of Health and Human Services’ Office for Civil Rights (OCR) indicates that now may be the time to do so.
Arman Sadeghi, Hitechanswers.net, March 15, 2017
With so much of the data controlled by doctors and hospitals on electronic devices, including mobile devices, desktop computers, servers, and in the cloud, the security of that data is quickly becoming the most important aspect of HIPAA (not HIPPA) compliance.