Category Archives: Cybersecurity
Your Not HIPAA Compliant Using Windows 7
If your using Windows 7 or older on your network you are not HIPAA Compliant and should be ashamed for putting your clients and patient information at risk.
What WINDOWS 7 “END OF LIFE” and HIPAA mean for you?
What you need to worry about is that Windows 7 will no longer receive windows security updates for vulnerabilities and this in itself is a breach in HIPAA compliance. This also means that Microsoft will no longer offer technical support for any issues, software updates, and security updates or fixes.
One of the main reasons why Your Not HIPAA Compliant Using Windows 7 is because of the lack of security updates and fixes. This puts all information stored on Windows 7, including confidential client information, will be at risk. Hackers and external security threats will know about this stop date, and as such will find it easier to push through … Read the rest
Mozilla patches zero-day flaw in Firefox
Mozilla the makers of Firefox has issued a zero-day security update for Firefox and Firefox Extended Support Release, which were found to contain an actively exploited flaw in the IonMonkey JIT compiler.
What is known
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” they stated in the official advisory posted by Mozilla, citing the two elements as StoreElementHole and FallibleStoreElmenet. “We are aware of targeted attacks in the wild abusing this flaw.”
Announced January 8, 2020
Impact: critical
Products: Firefox, Firefox ESRFixed in
- Firefox 72.0.1
- Firefox ESR 68.4.1
Designated CVE-2019-17026, the zero-day bug was reported by researchers at Qihoo 360 ATA. The problem has been fixed with the latest release of Firefox 72.0.1 and Firefox ESR 68.4.1
No other details have been provided by firefox. Click here to Download Latest Firefox Software to patch the zero-day flaw.
… Read the rest
Zynga.com maker of Words with Friends data is on the Dark Web
Zynga.com, maker of Words with Friends suffered a data breach in December that included 228m records and that data has recently surfaced on the Dark Web.
In the past you may have signed up for Words with Friends and other zynga.com created games and provided the information to a service that is in some way associated with zynga.com. It may be difficult for you to remember, or you simply may not know other services are associated with zynga.com. What is important to know is that information belonging to all these users are now being shared improperly on the dark web.
Even though you may have stopped using zynga.com (games Words with Friends and Draw Something), or perhaps deactivated the account, or maybe unsubscribed, the information could still be available in their systems.
Exposed Information
- Username
- Password
- Facebook Username/ID
What can you do next?
Being proactive with best practices and … Read the rest
Android Phones Vulnerable Due To Pulse Secure VPN
Hackers are exploiting existing vulnerabilities in Pulse Secure VPN and Android Phones. The flaw tracked as CVE-2019-1150, has been rated ‘Highly’ critical. This arbitrary read file vulnerability affects multiple versions of Pulse Connect Secure and Pulse Policy Secure. This flaw allows remote attackers to connect via HTTPS to an enterprise network without the requirement of any valid username or password.
Attackers can use the flaw to view logs and files, turn-off multifactor authentication, download arbitrary files and execute malicious code on enterprise networks.
Good News is Pulse Secure has released a security update to address the issue and users are urged to apply the patches immediately to mitigate such attacks.
- Automating System Updates with Unattended-Upgrades on Ubuntu
- How to Add a Large Disk Partition as Storage in Proxmox VE
- How to Remove Radmin Viewer with PowerShell
- How to Automate Ubuntu Server System Updates and Package Installation
- Introducing Zevonix: Your Pathway
Your NETFLIX Membership Has Expired Phishing Email
Did you know that your Netflix Membership has expired on Dec 31st 2019? Hackers are using these types of Phishing emails to try and gain access to your account to obtain private information and maybe watch some NETFLIX on your dime.
Some common tip-offs that an email is phony are typos, grammatical mistakes, awkward language, missing words, extra spaces, and other signs that the email was written unprofessionally. Such emails might also ask you to look at an attachment or click a link and then give your personal information on a Web page or in a form. Or the sender’s email address might look suspicious. If you hover over the links you can even see that it would not direct you to legit URL. Here Are A Few Email TIPS
- Automating System Updates with Unattended-Upgrades on Ubuntu
- How to Add a Large Disk Partition as Storage in Proxmox VE
- How
WordPress 5.3.1 patches four security vulnerabilities
WordPress has pushed out version 5.3.1 patching four security issues.
WordPress versions 5.3 and earlier contain a few vulnerabilities and the WordPress is recommending users that utilize WordPress to download the the latest version. This is a short-cycle maintenance release and soon will be superseded by a full update when version 5.4 is released.
WordPress did not make note of any CVEs, but they did say in a PUBLIC MESSAGE that the vulnerabilities included contained an issue where a unprivileged user could make a post sticky via the REST API; an problem where cross-site scripting (XSS) could be stored in well-crafted links; a stored XSS vulnerability using block editor content and the fix also hardens wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
- Automating System Updates with Unattended-Upgrades on Ubuntu
- How to Add a Large Disk Partition as Storage in Proxmox VE
- How to Remove Radmin
Facebook Exposed 267M Users Phone Numbers
Researchers have found a database which exposes the names, phone numbers and Facebook user IDs of 267M of the Facebook users. This database was left unsecured on the web for nearly two weeks before it was removed.
The Data Exposed
In total 267,140,436 records were exposed. Most of the affected users were from the United States. Diachenko says all of them seem to be valid. Each contained:
- A unique Facebook ID
- A phone number
- A full name
- A timestamp
“A database this big is likely to be used for phishing and spam, particularly via SMS,” according to the Thursday report. “Facebook users should be on the lookout for suspicious text messages. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”
Facebook users can make some changes in their profiles from being scraped by strangers by adjusting their account privacy
A Simple But Strong Cyber Security Strategy
It’s quite a task having to protect a small business from online dangers. The threats that can come across your network are vast and in order to avoid them you should consider having a Simple But Strong Cyber Security Strategy.
You don’t have to know much about this topic to know that you absolutely need some sort of cyber security. Here are some Simple But Strong Cyber Security Strategy steps that you can follow in order to protect your small business while still educating yourself and employees about the matter.
Install the latest antivirus software
One of the most important things to have is a business class antivirus software. The antivirus software you use to protect your small business files should always be kept up to date and active on every computer used by your employees within your office space and you should also consider protecting computers that access the … Read the rest
Signs your Android phone may have a Virus or other Malware
Here are some signs your Android phone may have a virus or malware. Remember while the external damage is usually visible, internal damage is usually hidden from view.
Android Malware like virus is known to perform repeated tasks that can take up resources on your devices. Signs of Android malware may show up in these ways.
- Your phone is too slow.
- Apps take longer to load.
- The battery drains faster than expected.
- There is an abundance of pop-up ads.
- Your phone has apps you don’t remember downloading.
- Unexplained data usage occurs.
- Higher phone bills arrive.
How to remove viruses and other malware from your Android device
- Power off the phone and reboot in safe mode. Press the power button to access the Power Off options. Most Android phones come with the option to restart in Safe Mode. Here’s how, according to Google, although Safe Mode can vary by phone: Press
Hackers Use Fake Windows Update Emails to Inject Cyborg Ransomware
Hackers are using a Fake Windows Update email to inject cyborg ransomware. The email campaign has been found during the latest Windows 10 November 2019 update that was release. Users are getting fake emails regarding this update Windows update and it states that you should download the update attached. This attachment is not a Windows 10 update, it actually installs “Cyborg Ransomware” in your PC.
How it Happens
Users will first receive an email regarding urging them to download the updates like “Critical Microsoft Windows Update!” or “Install Latest Microsoft Windows Update Now”. With this fake email will contain an attachment which has a “.jpeg” file which is not a picture; it’s an executable file.
Once you run this file it will download another executable file called bitcoingenerator.exe, which is programmed to deliver malware in your system. This file contains the Cyborg … Read the rest
Loading ...