TOP 10 Gaming 1TB SSDs for Feb 2019
Here are the TOP 10 Cost Effective Gaming 1TB SSD’s for Feb 2019. If your a real gamer you know the way to go is having a Great SSD in your rig! Who doesn’t need 1TB of storage now a days? Today’s Games have evolved so much that they take massive amounts of storage so below are my cost effective 1TB gaming SSD’s for Feb 2019.
Read the rest
Critical vulnerability in WordPress plugin Simple Social Buttons
There is a critical vulnerability in the WordPress plugin called Simple Social Buttons. The vulnerability can be used to enable a non-admin user to modify your WordPress installation and allow them to take over your website.
So what is the issue here? The researchers with WebARX stated on Monday (2-11-19) that the vulnerability results from two issues in the Simple Social Buttons plugin being how the application was coded and a lack of permission checks. This vulnerability allow any user type to change any option from the ‘wp_options’ database table, which is where the crucial configuration of a WordPress installation is located.
“Improper application design flow, chained with lack of permission check resulted in privilege-escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table,” Luka Sikic, developer and researcher with WebARX, stated on a Monday post.… Read the rest
HIPAA COMPLIANCE PROGRAM TIPS
Here are the Fundamental and Practical Tips for achieving HIPAA compliance with your organization.
The Seven Fundamental Elements of an Effective Compliance Program
- Implementing written policies, procedures and standards of conduct.
- Designating a compliance officer and compliance committee.
- Conducting effective training and education.
- Developing effective lines of communication.
- Conducting internal monitoring and auditing.
- Enforcing standards through well-publicized disciplinary guidelines.
- Responding promptly to detected offenses and undertaking corrective action.
Five Practical Tips for Creating A Culture of Compliance
- Make compliance plans a priority now.
- Know your fraud and abuse risk areas.
- Manage your financial relationships.
- Just because your competitor is doing something doesn’t mean you can or should. Call 1-800-HHS-TIPS to report suspect practices.
- When in doubt, ask for help.
Feel free to comment below if you need assistance or have any questions regarding HIPAA Compliance and click on the following post looking for a HIPAA Compliance Checklist
… Read the rest
Slack has upcoming HIPAA Compliant Features
Slack has been working hard and now have some upcoming HIPAA Compliant Features in the works. So far their file upload service is the only feature that is HIPAA compliant. Let’s not shy away from the vendor just yet because after all they are NIST complaint and which plays a roll into HIPAA.
Since its launch, Slack has not been HIPAA compliant, although steps have been taken to develop a version of the platform that can be used by healthcare organizations. That version is called Slack Enterprise Grid.
The only HIPAA compliance Slack app would be the Enterprise Gold which is not the same as the other business platforms. Slack Enterprise Gold is built on a more robust platform designed for 500 or more employees.
The Slack Enterprise Gold platform encrypts data in transit and at rest. It has customer message retention and data loss prevention. Which is a step … Read the rest
Remote Desktop Protocol Has Plenty Code-Execution Flaws
Remote Desktop Protocol has plenty of code-execution flaws in both open-source RDP and Microsoft’s RDP client. This makes it possible for a malicious hackers to infect a client computer and then allow them to intrude into the IT network as a whole.
What IS RDP?
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, macOS, iOS, Android, and other operating systems. RDP servers are built into Windows operating systems; an RDP server for Unix and OS X also exists.
So What Is The Issue?
According to Check Point research released on Tuesday at a Las Vegas event, open-source and Microsoft … Read the rest
Why You Need Security Education and Awareness Training.
One of the greatest threats to information security could actually come from within your company or organization. Inside ‘attacks’ have been noted to be some of the most dangerous. It is not always disgruntled workers who are a threat. Often, it is the non-malicious, uninformed employees.
1. It is the first line of defense against security risks
You cannot protect yourself against something that you are oblivious of its existence. So, you must be really aware of threats to both physical and information security. This is the only way you can prevent them. And you cannot achieve this except with security awareness education.
2. You will be complying with regulatory requirements
The number of laws that require employees of organizations to undergo certain forms of security awareness training is now on the increase. And if this law isn’t presently binding on your business or employer, chances are high that the … Read the rest
New SpeakUp Backdoor Infects Linux and MacOS
A new malware campaign has been found containing a new Backdoor Trojan called SpeakUp and they are targeting Linux Servers and MacOS by exploiting vulnerabilities in their systems.
Check Point researchers stated that the malware campaign attacks Linux servers from all over the world using the CVE-2018-20062 ThinkPHP remote code execution vulnerability as an initial infection vector.
To upload a “PHP shell that serves and executes a Perl backdoor” on vulnerable Linux machines, it will employ command injection techniques to send shell commands via a GET request’s “module” parameter:
s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^>index.php
Followed by the Trojan injecting a backdoor by pulling the ibus Perl script payload and store it in /tmp/e3ac24a0bcddfacd010a6c10f4a814bc, which will immediately be launched with the help of a follow-up malicious HTTP request designed to execute the Perl-based backdoor, pause for a couple of seconds and delete the file to remove any indication that something is wrong.
The malware … Read the rest
The Decorating Website Houzz Was Breached
The decorating website called Houzz stated that account usernames and passwords have been compromised by an unknown source. They also mentioned if their users also logged into Houzz using Facebook, their user’s public Facebook ID was exposed as well.
Houzz quickly sent emails to their users base to urge them to change their passwords.
“Houzz recently learned that a file containing some of our user data was obtained by an unauthorized third party,” which was stated on their website. “The security of user data is our priority. We immediately launched an investigation and engaged with a leading forensics firm to assist in our investigation, containment and remediation efforts. We have also notified law enforcement authorities.”
When did they find out about this incident?
… Read the rest
“We learned about the incident in late December 2018 and immediately engaged with a leading forensics firm to assist in our investigation, containment, and remediation efforts.”
Keep Winning With Malwarebytes
What is Malwarebytes good at?
- Being a second layer of defense against malware and ransomware.
- Plays nice with other antivirus products.
- Be well protected regardless of the browser you prefer using.
Malwarebytes for Windows Premium vs. Free
Malwarebytes is offered in two versions: Premium version and a Free version. The Free version can detect and remove malware, spyware and rookits from your machine. The Premium version does the same things, but has a few other features:
- Real-time protection
- Anti-exploit
- Anti-ransomware
- Malicious website protection
Pros and cons
Here are some pros about the Premium version of Malwarebytes for Windows:
- It includes anti-exploit features that some traditional antivirus products do not, and which can protect
Say Goodbye Google+
Recently on January 30th 2019 Google has announced that they will be shutting down Google+ on April 2, 2019.
… Read the restIn December 2018, we announced our decision to shut down Google+ for consumers in April 2019 due to low usage and challenges involved in maintaining a successful product that meets consumers’ expectations. We want to thank you for being part of Google+ and provide next steps, including how to download your photos and other content.
On April 2nd, your Google+ account and any Google+ pages you created will be shut down and we will begin deleting content from consumer Google+ accounts. Photos and videos from Google+ in your Album Archive and your Google+ pages will also be deleted. You can download and save your content, just make sure to do so before April. Note that photos and videos backed up in Google Photos will not be deleted.
The
Loading ...