HIPAA Requirements For Passwords
Did you know, within the HIPAA security requirements there are guidelines for deploying and creating a passwords management policy, this would include: creating, changing and protecting passwords? These guidelines were established under the HIPAA Security Rule and within the HIPAA Security Rule it is required to provide Security Awareness and Training for creating policies and procedures on how to preform the storing, changing and creation of passwords.
Complying With HIPAA Security Policies
Many security professionals tend to argue over the HIPAA best practices for passwords but they are all in agreement that there should be a minimum of 8 characters, include upper and lower case letters, numbers, and special characters, this practice has been challenged in recent years, as has the practice of enforcing changes to passwords regularly. However keep in mind that many healthcare organizations are choosing to make it a minimum of 12 characters.
Keeping up with randomly … Read the rest
Purple Fox Malware Evolves With Worm Capabilities
The Windows malware called Purple Fox Evolves with worm capabilities. Purple Fox in the past the malware targeted Windows machines through a various attack methods like phishing and exploits before the software was evolved.
Guardicore Labs revealed that Purple Fox can now breach windows machines through SMB Brute-Force attacks. The Purple Fox malware would compromise various IIS7.5 servers to push rootkit’s which would then allow Purple Fox to hide itself within the Windows machine.
Once the payload is deployed, an MSI installed launches.
… Read the rest“The installer pretends to be a Windows Update package along with Chinese text which roughly translates to ‘Windows Update’ and random letters,” which Guardicore Labs explained. “These letters are randomly generated between each different MSI installer to create a different hash and make it a bit difficult to tie between different versions of the same MSI.”
“This is a ‘cheap’ and simple way of evading various detection
Three Linux vulnerabilities provided root access to hackers since 2006
Three Linux vulnerabilities provided root access to hackers since 2006 in the iSCSI module used for getting to shared data storage. This flaw could allow root access to any hacker with a user account.
The three vulnerabilities – CVE-2021-27363, CVE-2021-27364 and CVE-2021-27365 – were in the Linux code since 2006 going unnoticed until the researchers from GRIMM discovered them.
… Read the restAdam Nichols, Software Security Principal at GRIMM said. “If you already had execution on a box, either because you have a user account on the machine, or you’ve compromised some service that doesn’t have repaired permissions, you can do whatever you want basically,”
Even though the flaw “are in code that isn’t remotely accessible, so this isn’t like a remote exploit,” said Nichols. However they can take “any existing threat that might be there. It just makes it that much worse,” he explained. “And if you have users on the system
Microsoft released one-click solution for Exchange Vulnerability
To combat the severe vulnerability facing exchange servers, Microsoft has released a one-click solution to help server administrators mitigate the problem.
Microsoft Stated “We realized that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server,”
It has been reported by RISKIQ that over 80,000 servers are still vulnerable. Microsoft decided to take action and create a solution to mitigate the problem quicker. The one-click application should resolve the issues with exchange server 2013, 2016 and 2019.
You can find the download and more details on Microsoft’s Security Response Center.
Has your computer been hijacked with cryptojacking?
There are so many ways that hackers can use your computer to make themselves money and cryptojacking is one of them. Worst part about it is if you don’t have proper security in place you wont even know that your infected.
What is Cryptojacking?
Well the term cryptojacking refers to the unauthorized use of someone’s computer for mining cryptocurrency, for example bitcoin. Cryptojacking is a big deal because the hackers are stealing your computing power and making your systems slower. All the computing power they are using up will have a tangible effect in your power consumption and could cost you double in your power bill.
How does Cryptojacking work?
There are a few methods that you can be infected with Cryptojacking.
- Hackers can send you an email and trick you into clicking the link that loads the malicious software on your computer.
- Hackers can compromise a website or an
Importance of Cyber Security in the Workplace
Organizations need to elevate their security posture at the workplace and put in place a cyber security policy to better protect their data and their client’s data. Most company’s these days have a database containing confidential information such as:
- Private financial data of company assets.
- Personal details of customers, executives, employees, vendors and partners of the firm.
- Unfinished or ongoing projects, new software developments and patents of primal importance that are exclusive to the company.
- Confidential information about existing or potential clients of the company.
Cyber Security is absolutely a requirement these days and should no longer be over looked. All company’s should at least follow simple cyber security practices and employees should be aware of cyber security threats by providing them cyber security awareness training.
It is best to have a workplace security policy in place because your aren’t just protecting your employees’ but also the personal credentials … Read the rest
How To Protect Your Healthcare Institutions Against Cyber Attacks
Healthcare has become a top priority due to the pandemic and with so many wheels turning to keep up with demands several things fall through the cracks and one of them being cyber security.
Healthcare cyber attack breaches and leaks not only hurt the institutions financially but also hurt its patients for the rest of their lives. Therefore, everyone needs to do their part and take the necessary precautions and try to keep ahead of threats. Here are some simple cyber security measures you can take.
Vulnerability Management
Hackers love to find exploits and unpatched vulnerabilities in the IT infrastructure they are attacking so they can ensure the success of their attempt. You will need to make sure that all the security patches and device firmware are updated regularly. Overlooking even a small vulnerability in your healthcare’s IT security can have severe ramifications. Conducting periodic Vulnerability Assessment and Penetration Testing … Read the rest
The Strategy Behind Ransomware Attacks
Everyone Hates Ransomware Attacks and we should learn their strategy. Ransomware is a type of malware that is installed onto computers through malicious emails. The ransomware encrypts the computers data and then requires the victims to purchase a decryption key. Once the data is encrypted the hackers will demand a ransom, which can set you back a few hundred dollars to a few thousand which are payable in Bitcoin.
There are a number of attack vectors through which ransomware can gain unauthorized access into computer systems. One of the most common ways used to access computers is via phishing emails and email attachments. Hackers make these emails look really legitimate and trick the users to open them. Once these emails are opened and attachments are downloaded, the attackers take over the victims’ computers.
Hackers can also access your network through Remote Desktop (RDP) that are open directly to the public. … Read the rest
How to configure VMware vMotion on vSphere 6.7
Learn the essentials of configuring VMware vMotion on vSphere 6.7. Discover seamless live migration of virtual machines with this comprehensive guide.
In these steps below I will be guiding you through setting up VMware vMotion using vSphere 6.7.
- Log into your vSphere 6.7 portal
- In my case I want to have my esxi2 server to have the ability use vMotion.
- Proceed with Clicking the Configure Tab
- On the left hand side scroll down and location “Networking” , Click on VMKernel adapters.
- Proceed with clicking on the Add Networking button.
- You are now prompted with the Add Networking Wizard. In step 1 of this wizard. You will Keep VMkernel Network Adapter Selected, then click Next.
- Step 2 in the wizard we will be selecting New Standard Switch and then proceed with clicking Next.
- In Step 3 of the wizard, best practice is to use a dedicated Unused adapter.
New Android Malware Spreading Through WhatsAPP
New Malware has been discovered being pushed through WhatsApp messages and once infected it will push to other contacts in order to expand what appears to be an adware campaign.
ESET researcher Lukas Stefanko said “This malware spreads via victim’s WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app” .
The malware will introduce itself as a Huawei Mobile app, upon clicking the link it will redirect users to a lookalike Google Play Store and luring you to install the malware app. You will be prompted to grant it notification access, which is then abused to carry out the malware attack.
Please be vigilant and always consider that the messages people send you with links may lead you to malware, especially if it something random and out of character from one of your contacts.
… Read the rest
Loading ...