As more and more hotels are turning rooms into offices, the FBI is warning remote workers of cyber-threats lurking in the shadows. With the COVID-19 pandemic forcing an increasing number of companies to shift to remote work, some employees working from home have been struggling to find a quiet environment for work. The hospitality industry has also been impacted by the pandemic, with more and more hotels...
Read More
Learn about the Health Insurance Portability and Accountability Act (HIPAA) and the requirements for HIPAA compliance in Data Protection 101, our series on the fundamentals of information security. A Definition of HIPAA ComplianceThe Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place...
Read More
As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server. "This enables an attacker to quietly take over the App Service's git server,...
Read More
As cloud storage solutions are becoming more and more popular, we look at several simple steps you can take to secure your files on Google Drive. Cloud storage solutions have steadily become as popular as external storage devices; some may even argue that they are slowly surpassing them. The main selling point of the cloud is that it is quickly, easily, and readily accessible from almost...
Read More
NIST’s tool can help organizations improve the testing of their employees’ phish-spotting prowess. Researchers at the US National Institute of Standards and Technology (NIST) have devised a new method that could be used to accurately assess why employees click on certain phishing emails. The tool, dubbed Phish Scale, uses real data to evaluate the complexity and quality of phishing attacks to help organizations comprehend where their...
Read More
If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed 'Zerologon' (CVE-2020-1472) and discovered by Tom Tervoort of Secura, the privilege escalation vulnerability exists due to the insecure usage of AES-CFB8 encryption for Netlogon sessions, allowing remote attackers...
Read More