Monthly Archives: January 2020


Your Not HIPAA Compliant Using Windows Server 2008

If your using Windows Server 2008 or older on your network it makes you none HIPAA Compliant and should be ashamed for putting your clients and patient information at risk.

What Windows Server 2008 “END OF LIFE” and HIPAA mean for you?

What you need to worry about is that Windows Server 2008 will no longer receive windows security updates for vulnerabilities and this in itself is a breach in HIPAA compliance. This also means that Microsoft will no longer offer technical support for any issues, software updates, and security updates or fixes.

One of the main reasons why Your Not HIPAA Compliant Using Windows Server 2008 is because of the lack of security updates and fixes. This puts all information stored on Windows Server 2008, including confidential client information, will be at risk. Hackers and external security threats will know about this stop date, and as such will … Read the rest


Your Not HIPAA Compliant Using Windows 7

If your using Windows 7 or older on your network you are not HIPAA Compliant and should be ashamed for putting your clients and patient information at risk.

What WINDOWS 7 “END OF LIFE” and HIPAA mean for you?

What you need to worry about is that Windows 7 will no longer receive windows security updates for vulnerabilities and this in itself is a breach in HIPAA compliance. This also means that Microsoft will no longer offer technical support for any issues, software updates, and security updates or fixes.

One of the main reasons why Your Not HIPAA Compliant Using Windows 7 is because of the lack of security updates and fixes. This puts all information stored on Windows 7, including confidential client information, will be at risk. Hackers and external security threats will know about this stop date, and as such will find it easier to push through … Read the rest


Mozilla patches zero-day flaw in Firefox

Mozilla the makers of Firefox has issued a zero-day security update for Firefox and Firefox Extended Support Release, which were found to contain an actively exploited flaw in the IonMonkey JIT compiler.

What is known

“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” they stated in the official advisory posted by Mozilla, citing the two elements as StoreElementHole and FallibleStoreElmenet. “We are aware of targeted attacks in the wild abusing this flaw.”

Announced January 8, 2020
Impact: critical
Products: Firefox, Firefox ESRFixed in

  • Firefox 72.0.1
  • Firefox ESR 68.4.1

 

Designated CVE-2019-17026, the zero-day bug was reported by researchers at Qihoo 360 ATA. The problem has been fixed with the latest release of Firefox 72.0.1 and Firefox ESR 68.4.1

No other details have been provided by firefox. Click here to Download Latest Firefox Software to patch the zero-day flaw.

Read the rest

Zynga.com maker of Words with Friends data is on the Dark Web

Zynga.com, maker of Words with Friends suffered a data breach in December that included 228m records and that data has recently surfaced on the Dark Web.

In the past you may have signed up for Words with Friends and other zynga.com created games and provided the information to a service that is in some way associated with zynga.com. It may be difficult for you to remember, or you simply may not know other services are associated with zynga.com. What is important to know is that information belonging to all these users are now being shared improperly on the dark web.

Even though you may have stopped using zynga.com (games Words with Friends and Draw Something), or perhaps deactivated the account, or maybe unsubscribed, the information could still be available in their systems.

Exposed Information

  • Email
  • Username
  • Password
  • Facebook Username/ID

What can you do next?

Being proactive with best practices and … Read the rest


Android Phones Vulnerable Due To Pulse Secure VPN

Hackers are exploiting existing vulnerabilities in Pulse Secure VPN and Android Phones. The flaw tracked as CVE-2019-1150, has been rated ‘Highly’ critical. This arbitrary read file vulnerability affects multiple versions of Pulse Connect Secure and Pulse Policy Secure. This flaw allows remote attackers to connect via HTTPS to an enterprise network without the requirement of any valid username or password.

Attackers can use the flaw to view logs and files, turn-off multifactor authentication, download arbitrary files and execute malicious code on enterprise networks.

Good News is Pulse Secure has released a security update to address the issue and users are urged to apply the patches immediately to mitigate such attacks.

Read the rest

Your NETFLIX Membership Has Expired Phishing Email

Did you know that your Netflix Membership has expired on Dec 31st 2019? Hackers are using these types of Phishing emails to try and gain access to your account to obtain private information and maybe watch some NETFLIX on your dime.

Some common tip-offs that an email is phony are typos, grammatical mistakes, awkward language, missing words, extra spaces, and other signs that the email was written unprofessionally. Such emails might also ask you to look at an attachment or click a link and then give your personal information on a Web page or in a form. Or the sender’s email address might look suspicious. If you hover over the links you can even see that it would not direct you to legit URL. Here Are A Few Email TIPS 

Read the rest

WordPress 5.3.1 patches four security vulnerabilities

WordPress has pushed out version 5.3.1 patching four security issues.

WordPress versions 5.3 and earlier contain a few vulnerabilities and the WordPress is recommending users that utilize WordPress to download the the latest version. This is a short-cycle maintenance release and soon will be superseded by a full update when version 5.4 is released.

WordPress did not make note of any CVEs, but they did say in a PUBLIC MESSAGE that the vulnerabilities included contained an issue where a unprivileged user could make a post sticky via the REST API; an problem where cross-site scripting (XSS) could be stored in well-crafted links; a stored XSS vulnerability using block editor content and the fix also hardens wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.

Read the rest
Dell Network Tutorials

Update Firmware On Dell N2024 Switches

These are a few steps on how to Update Firmware On Dell N2024 Switches

  1. Before making any configurations, we will want to make sure that the switches have latest firmware.
  2. Grab the Switch Service Tag and go to the dell website and download the latest firmware.
  3. Since the creation of this article the latest firmware for my Dell N2024 is N2100v6.6.0.13.A03
  4. We will need a USB Thumb Drive and extract the firmware N2000Stdv6.6.0.13.stk and place it into the root of the USB Drive.
  5. We will be updating the switches individually plug in your usb drive to the front of the switch.
  6. Plug in your console cable from the switch to your computer.
  7. Plug in the power cable just to the one switch and it should start booting up
  8. Use Putty to get connected to COM3 through whatever COM number.
  9. Once you see the following we are ready to throw some
Read the rest

Stay Informed

Receive instant notifications when new content is released.