Free Secure File Transfer by Firefox Send
Firefox Send allows you to securely share small to large file sizes which is perfect for docs and sharing graphic files or collaborating with co-workers on a presentation. With Send you can share file sizes up to 1GB quickly. To send files up to 2.5GB, sign up for a free Firefox account.
The software uses end-to-end encryption to keep your data secure from the moment you share to the moment your file is opened. It also offers security controls that you can set. You can choose when your file link expires, the number of downloads, and whether to add an optional password for an extra layer of security.
Firefox Send makes it easy for your recipient, too. No hoops to jump through. They simply receive a link to click and download the file. They don’t need to have a Firefox account to access your file. Overall, this makes the … Read the rest
Microsofts April 9th security update impacts some antivirus software vendors
People have been noticing that Microsoft’s recent April 9th security update is causing some problems with a few antivirus vendors like Sophos, Avira, Avast, McAfee and some others.
Microsoft has stated that the the Security Update is causing end user computers to have very slow startup times bad performance and be unresponsive and even causing systems to fail to boot.
“Microsoft is working on a resolution and will provide an update in an upcoming release,” according to Microsoft.
Currently the root cause of the issue by the April 9th security patch is unclear. But both McAfee and Avast suggest that the problems are tied to the change Microsoft made within the Windows Client-Server Runtime Subsystem (csrss.exe). This CSRSS process is a vital part of Windows and is responsible for many windows functions.
Currently there is no fix for this issue.
… Read the rest
Microsoft Outlook.com Email Accounts Breached By Hackers
Many users received a notification from Microsoft Outlook.com letting them know about accounts being breached by hackers.
A Motherboard report said that the breach is “much worse” than what was reported. The hackers were able to access emails and attachments and that the hackers were able to access a large number of Outlook, MSN and Hotmail email accounts.
“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a Microsoft spokesperson meanwhile said in a statement.
“Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access,” Microsoft said. “Our data indicates that account-related information (but not the content of any emails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used.”
Public Announcement from Microsoft
Microsoft said to … Read the rest
Windows Zero-Day Exploit
Windows has recently released a patch for a vulnerability exploit in the windows operating system which was unknown to many people until last week. The vulnerability would allow a hacker to open a door for full system control.
Discovered by Vasily Berdnikov and Boris Larin of Kaspersky Lab on St. Patrick’s Day this year, the flaw (CVE-2019-0859) is a use-after-free issue in the Windows kernel that allows local privilege escalation (LPE). It’s being used in advanced persistent threat (APT) campaigns targeting 64-bit versions of Windows (from Windows 7 to older builds of Windows 10).
win32k!xxxFreeWindow+0x1344 on up-to-date Windows 7 SP1 x64
The exploit we found in the wild was targeting 64-bit versions of Windows (from Windows 7 to older builds of Windows 10) and exploited the vulnerability using the well-known HMValidateHandle technique to bypass ASLR.
After a successful exploitation, the exploit executed PowerShell with a Base64 encoded command. … Read the rest
TrickBot phishing scams for 2019 tax season
Hackers are once again using the TrickBot banking trojan to exploit the tax season by pushing malicious Microsoft Excel spreadsheet documents via spam campaigns. IBM noticed a few different types of phishing emails are pretending to be from ADP and Paychex which are malicious emails spreading the TrickBot trojan.
“Taxpayers should be on constant guard for these phishing schemes, which can be tricky and cleverly disguised to look like it’s the IRS,” said IRS Commissioner Chuck Rettig. “Watch out for emails and other scams posing as the IRS, promising a big refund or personally threatening people. Don’t open attachments and click on links in emails. Don’t fall victim to phishing or other common scams.”
An IBM security person mentioned:
… Read the rest“Once TrickBot is installed on a potentially vulnerable device and can reach other devices on the network, it can further spread and pivot,” researchers with IBM X-Force warned in a Monday
FEMA Exposed PII for Millions of Disaster Victims
The Federal Emergency Management Agency (FEMA) exposed the personal identifiable information of 2.3 million individuals by oversharing data with a contractor.
The individuals who were affected by hurricanes Harvey, Irma, and Maria, as well as the 2017 wildfires in California , had provided their information to the Federal Emergency Management Agency (Fema) while applying for transitional sheltering in hotels.
“Since discovery of this issue, Fema has taken aggressive measures to correct this error,” Fema press secretary Lizzie Litzow said in a statement. “Fema is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system,”
According to FEMA a network assessment found that the contractors network contain 11 vulnerabilities and so far only a few have been resolved. Since there has not been no indication of intrusion within the last 30 days which is how far back the logs go back, there … Read the rest
Oregon DHS fell victim to a targeted phishing attack
Nine employees Oregon department of Human Services managed to fall for a targeted phishing attack which compromised 350,000 patients and 2 million Emails.
On a notice by the Cyber Security Team on January 28th determined that the email accounts were breached after nine employees fell to spear-phishing attack. The links they clicked on allowed hackers to access the employees email information. Oregon DHS hired a third party security team to investigate the incident and determine what information was exposed.
The investigation revealed that the compromised email accounts contained around 2 million emails which included personal and medical data of patients. The hacker had access to their full names, addresses, DOB’s , SSN’s and other details. During the investigation they did not find evidence that the data was copied from the systems.
This breach could have been avoided if there was proper cybersecurity awareness training regarding the types of threats that … Read the rest
BAE Report States HUMAN ERROR still major Security Risk
BAE Systems has revealed that even though organizations have continued attempts to improve their cybersecurity, human error is still the major vulnerability towards an organizations network.
They compiled a report by speaking to board level executives, IT decision makers and security professionals to better understand what the current state of corporate incident response capabilities and readiness were.
What they found from their results was to be expected, the BAE Systems research showcased how the majority of organizational breaches are caused by human error. Hackers prey on the uninformed employees.
They have examined that the breaches caused by human error were at 71 percent due to phishing attacks and 65 percent were due to indirect virus and malware infections.
Response Teams Saw A Rise In incidents
BAE Systems also noticed that incident response teams have been working with a number of incidents increases per month.
The research also revealed that many … Read the rest
Counter-Strike 1.6 servers used to push malware
Just about 39% of all Counter-Strike 1.6 servers were being used to push malware to end users. It’s amazing that still to this day counter-strike 1.6 is still being play after 20 years. The game still has many players and there is a high demand for hosting providers to provide players to rent game servers.
Dr. Web, researchers explained that the developers are using the game clients vulnerabilities to push the Belonard Trojan botnet by deploying malicious servers to promote the game servers and enlist more victims to the botnet. At its peak, this botnet grew so large that approximately 39% of the 5,000 Counter-Strike 1.6 servers were compromised and looking to infect more connected players.
… Read the rest“Using this pattern, the developer of the Trojan managed to create a botnet that makes up a considerable part of the CS 1.6 game servers,” stated the research by Dr. Web. “According to our
HIPAA Violation Examples And Fines
Not keeping up with HIPAA regulations can be quite costly for any physician’s office or entity that needs to adhere to compliance. HIPAA Violation fines range from $100 to over $4 Million. Staying compliant is not an easy task, regulations are always changing and you are required be up to date about every change. I have written below a few basic examples and how to avoid them.
What is this so called HIPAA Violation?
A HIPAA violation happens when there is some sort of Breach, acquisition, access or a disclosure of Protected health Information which is known as (PHI) that can result in personal risk of the patients.
Everyone that works with PHI should be compliant:
-
Health Plans
-
Health care clearing houses
-
Health care providers who transmit claims in electronic form
-
Medicare prescription drug card sponsors
-
Any Business Associate, Entity or Individual that has access to any type of PHI.
Loading ...