Trickbot can now obtain your remote access credentials
The Banking Trojan called Trickbot has an updated ability and can now harvest your username and passwords from remote access type applications. This would allow the hacker to remote into systems using the username and password obtained.
TrendMicro Analysts stated “The malware arrives via an email disguised as a tax incentive notification from a major financial services company. This email includes a macro enabled (XLSM) Microsoft Excel spreadsheet attachment (detected as Trojan.W97M.MERETAM.A) that purportedly contains the details of the tax incentive. However, as these attachments usually go, this macro is malicious and will download and deploy Trickbot on the user’s machine once activated.”
The figure below is the email that someone will receive with the malware payload disguised as an attached excel document. Please be vigilant, don’t open an attachment unless you know who it is from & are expecting it.
You can be more safe by following the best … Read the rest
Best Home Lab For SysAdmins
This home lab is great for anyone who is just starting off their IT career and looking to get a step up in knowledge by chasing after it. If your a SysAdmin already get yourself a lab anyways because the more you know the better.
Having a Home Lab builds your confidence because you obtain the technical know how for deploying new infrastructures. You gain confidence because you have created the environments you currently work with or you create a similar clients environment in your home lab then you learn what could happen and what will happen and how to go about troubleshooting or setups and migrations. As someone that has their own Home Lab I do know the benefits of it and what knowledge you would gain from it. As an employer I ask every interviewee if they have a home lab or not because this lets me know … Read the rest
Best Wireless Access Point Is The UniFi UAP AC Pro
The best wireless access point in my option is the Ubiquiti UniFi UAP AC Pro. You get Enterprise grade equipment for the fraction of the cost. I have been deploying these access points for 3+ years and feedback from clients are nothing but great. They provide awesome coverage and they have great performance. The
The UniFi AC Pro AP features the latest Wi-Fi 802.11ac, 3×3 MIMO technology in a refined industrial design and is ideal for deployment of maximum‑performance wireless networks.
You can manage these access points through software you setup on your computer or your can purchase another piece of hardware that contains the software for you. With this software controller you can manage their Firewalls, Switches and these Unifi wireless access points. 
- Manage Your Networks from a Single Control Plane
- Intuitive and Robust Configuration, Control and Monitoring
- Remote Firmware Upgrade
- Users and Guests
- Guest Portal/Hotspot Support
Click
… Read the rest 
HIPAA Compliance Checklist
Are you looking for a HIPAA Compliance Checklist to self-evaluate your practice or organization? I have created an easy to read document that does just that.
This HIPAA Compliance Checklist was built upon a previous post called: HIPAA Compliance Program Tips which spoke about The Seven Fundamental Elements of an Effective Compliance Program Implementing written policies, procedures and standards of conduct.
This checklist is only created with knowledge of general questions and answers that you should have in place to state that you are HIPAA compliant, and does not qualify as legal advice. Successfully completing this checklist DOES NOT certify that you or your organization are HIPAA compliant.… Read the rest
TOP 10 Gaming 1TB SSDs for Feb 2019
Here are the TOP 10 Cost Effective Gaming 1TB SSD’s for Feb 2019. If your a real gamer you know the way to go is having a Great SSD in your rig! Who doesn’t need 1TB of storage now a days? Today’s Games have evolved so much that they take massive amounts of storage so below are my cost effective 1TB gaming SSD’s for Feb 2019.
Read the rest
Critical vulnerability in WordPress plugin Simple Social Buttons
There is a critical vulnerability in the WordPress plugin called Simple Social Buttons. The vulnerability can be used to enable a non-admin user to modify your WordPress installation and allow them to take over your website.
So what is the issue here? The researchers with WebARX stated on Monday (2-11-19) that the vulnerability results from two issues in the Simple Social Buttons plugin being how the application was coded and a lack of permission checks. This vulnerability allow any user type to change any option from the ‘wp_options’ database table, which is where the crucial configuration of a WordPress installation is located.
“Improper application design flow, chained with lack of permission check resulted in privilege-escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table,” Luka Sikic, developer and researcher with WebARX, stated on a Monday post.… Read the rest
HIPAA COMPLIANCE PROGRAM TIPS
Here are the Fundamental and Practical Tips for achieving HIPAA compliance with your organization.
The Seven Fundamental Elements of an Effective Compliance Program
- Implementing written policies, procedures and standards of conduct.
- Designating a compliance officer and compliance committee.
- Conducting effective training and education.
- Developing effective lines of communication.
- Conducting internal monitoring and auditing.
- Enforcing standards through well-publicized disciplinary guidelines.
- Responding promptly to detected offenses and undertaking corrective action.
Five Practical Tips for Creating A Culture of Compliance
- Make compliance plans a priority now.
- Know your fraud and abuse risk areas.
- Manage your financial relationships.
- Just because your competitor is doing something doesn’t mean you can or should. Call 1-800-HHS-TIPS to report suspect practices.
- When in doubt, ask for help.
Feel free to comment below if you need assistance or have any questions regarding HIPAA Compliance and click on the following post looking for a HIPAA Compliance Checklist
… Read the rest
Slack has upcoming HIPAA Compliant Features
Slack has been working hard and now have some upcoming HIPAA Compliant Features in the works. So far their file upload service is the only feature that is HIPAA compliant. Let’s not shy away from the vendor just yet because after all they are NIST complaint and which plays a roll into HIPAA.
Since its launch, Slack has not been HIPAA compliant, although steps have been taken to develop a version of the platform that can be used by healthcare organizations. That version is called Slack Enterprise Grid.
The only HIPAA compliance Slack app would be the Enterprise Gold which is not the same as the other business platforms. Slack Enterprise Gold is built on a more robust platform designed for 500 or more employees.
The Slack Enterprise Gold platform encrypts data in transit and at rest. It has customer message retention and data loss prevention. Which is a step … Read the rest
Remote Desktop Protocol Has Plenty Code-Execution Flaws
Remote Desktop Protocol has plenty of code-execution flaws in both open-source RDP and Microsoft’s RDP client. This makes it possible for a malicious hackers to infect a client computer and then allow them to intrude into the IT network as a whole.
What IS RDP?
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, macOS, iOS, Android, and other operating systems. RDP servers are built into Windows operating systems; an RDP server for Unix and OS X also exists.
So What Is The Issue?
According to Check Point research released on Tuesday at a Las Vegas event, open-source and Microsoft … Read the rest
Why You Need Security Education and Awareness Training.
One of the greatest threats to information security could actually come from within your company or organization. Inside ‘attacks’ have been noted to be some of the most dangerous. It is not always disgruntled workers who are a threat. Often, it is the non-malicious, uninformed employees.
1. It is the first line of defense against security risks
You cannot protect yourself against something that you are oblivious of its existence. So, you must be really aware of threats to both physical and information security. This is the only way you can prevent them. And you cannot achieve this except with security awareness education.
2. You will be complying with regulatory requirements
The number of laws that require employees of organizations to undergo certain forms of security awareness training is now on the increase. And if this law isn’t presently binding on your business or employer, chances are high that the … Read the rest
Loading ...