The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have published a joint technical alert that identifies Internet Protocol (IP) addresses that appear to host resources infected with a malware variant used to manage North Korea’s distributed denial of service botnet infrastructure. The intent of sharing… Read the rest
Throughout our interactions with cyber clients, we have received plenty of questions about these cybersecurity “buzzwords”. What are they? Can we do these internally? How do we select a 3rd party resource?
Organizations often perceive these services as a requirement under some type… Read the rest
The Office for Civil Rights (OCR) released new guidance materials that should prove helpful for smaller organizations working on a limited budget. The purpose of the new guidance is to help Covered Entities and Business Associates understand the steps involved with responding to a security incident.
OCR’s checklist… Read the rest
The highly anticipated date of July 1st was supposed to bring private right of action to Canada’s anti-spam legislation. We reported on the topic here.
However, the Government of Canada has chosen to suspend the provision after getting a wave of backlash from businesses. In a statement last… Read the rest
The Federal Financial Institutions Examinations Council (FFIEC) updated their Cybersecurity Assessment Tool to assist in making baseline cybersecurity an achievable goal for smaller institutions.
The tool was originally designed (in June 2015) to help financial institutions identify their cybersecurity risks and preparedness level. Financial regulators view this assessment process as… Read the rest
St. Luke’s hospital came under fire after faxing two patients’ sensitive medical information against their request.
The Office for Civil Rights (OCR) reached a settlement with St. Luke’s-Roosevelt Hospital Center over violations of HIPAA’s Privacy Rule related to impermissible disclosure of protected health information (PHI).
Who is St. Luke’s?
According… Read the rest
All versions of Samba from 3.5.0 onwards are susceptible to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. This advisory warning was released by Samba maintainers on Wednesday, urging Samba… Read the rest
Just as the crisis caused by WannaCry has started to die down, EternalRocks has recently appeared as a significantly more complex variant of ransomware, a WannaCry 2.0 version.
What is EternalRocks?
EternalRocks is a worm (self-propagating, automatically attacks, and compromises systems) that uses *seven* NSA SMB exploit tools to locate… Read the rest
The National Institute of Standards and Technology (NIST) published an updated document highlighting guidelines and best practices related to passwords and authentication methods.
These guidelines revise previous NIST recommendations. Security professionals can leverage the new standards when implementing or revising password policies and protocols for their organizations. The updates lean… Read the rest