November 2020

As more and more hotels are turning rooms into offices, the FBI is warning remote workers of cyber-threats lurking in the shadows. With the COVID-19 pandemic forcing an increasing number of companies to shift to remote work, some employees working from home have been struggling to find a quiet environment for work. The hospitality industry has also been impacted by the pandemic, with more and more hotels...

Read More

Learn about the Health Insurance Portability and Accountability Act (HIPAA) and the requirements for HIPAA compliance in Data Protection 101, our series on the fundamentals of information security. A Definition of HIPAA ComplianceThe Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place...

Read More

As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server. "This enables an attacker to quietly take over the App Service's git server,...

Read More

As cloud storage solutions are becoming more and more popular, we look at several simple steps you can take to secure your files on Google Drive. Cloud storage solutions have steadily become as popular as external storage devices; some may even argue that they are slowly surpassing them. The main selling point of the cloud is that it is quickly, easily, and readily accessible from almost...

Read More

NIST’s tool can help organizations improve the testing of their employees’ phish-spotting prowess. Researchers at the US National Institute of Standards and Technology (NIST) have devised a new method that could be used to accurately assess why employees click on certain phishing emails. The tool, dubbed Phish Scale, uses real data to evaluate the complexity and quality of phishing attacks to help organizations comprehend where their...

Read More

If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed 'Zerologon' (CVE-2020-1472) and discovered by Tom Tervoort of Secura, the privilege escalation vulnerability exists due to the insecure usage of AES-CFB8 encryption for Netlogon sessions, allowing remote attackers...

Read More

While wanting to return a found USB flash drive is commendable, you should avoid taking unnecessary risks, lest your device get infested and your data compromised. External data storage devices have been around almost as long as computers have existed. Magnetic tape and floppy disks, which were once the dominant media, are now mostly fond memories, while optical discs are mostly used in gaming consoles. For...

Read More

Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call unsuspecting targets and listen to them before even they picked up the audio call. The flaw was discovered and reported to Facebook by Natalie Silvanovich of Google's Project Zero bug-hunting team last month on October 6 with a 90-day deadline, and impacts version 284.0.0.16.119...

Read More