Remote Desktop Protocol: Securing Access

Data Breach Today

Microsoft's Remote Desktop Protocol is one of the most widely used utilities for connecting to remote machines. But it poses risks if organizations don't actively monitor how it's used, says Chris Morales of the security firm Vectra

Access 149

Texas Ransomware Responders Urge Remote Access Lockdown

Data Breach Today

Lessons Learned From Crypto-Locking Malware Attack That Hit 22 Municipalities Three weeks after a ransomware attack slammed 22 Texas municipalities' systems, state officials say more than half of the cities have returned to normal operations and the rest have advanced to system restoration.

Access 216

Facebook: Developers Wrongfully Accessed User Data - Again

Data Breach Today

Company Acknowledges 100 Third-Party Developers Had Unauthorized Access Facebook has revealed that, once again, it allowed third-party app developers to wrongfully gain access to its customers' private data.

Access 130

'Virus Infection' Prohibits Access to Patient Records

Data Breach Today

Attack on a California Medical Group Affects Nearly 198,000 Individuals A recent cyberattack on a California medical imaging and oncology services provider, which prohibited access to patient data, is one of the largest health data breaches reported so far this year

Access 216

Access

InfoGovNuggets

Think instead about who can deny a single individual access to information, while providing access to 190 other people. Who is entitled to access information in your company? What controls are in place to make sure that people who shouldn’t have access don’t get access? Access Compliance (General) Controls Culture Duty Governance Government Internal controls Policy Third parties Uncategorized

Cybercrime Black Markets: RDP Access Remains Cheap and Easy

Data Breach Today

Also Hot: Payment Card Numbers, Identity Packets, DDoS Attacks, Shell Companies Cybercrime is surging, thanks in no small part due to the easy availability of inexpensive hacking tools and services.

Hackers Sell Access to Bait-and-Switch Empire

Krebs on Security

Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S.

Access 281

Google Restricts Huawei's Access to Android

Data Breach Today

As US/China Trade Tensions Escalate, Experts Warn of 'Unintended Consequences' After the Trump administration last week blacklisted Huawei amid rising trade tensions, Google says it has canceled the Chinese smartphone giant's Android license.

Access 198

Scrutiny of Google's Access to Patient Data Intensifies

Data Breach Today

Congress Demands Answers; Advocacy Group Raises Concerns Ascension healthcare system's sharing of data with Google on millions of patients is drawing increased scrutiny from members of Congress as well as privacy advocates. What are the major areas of concern

Access 130

Case Study: Improving ID and Access Management

Data Breach Today

What are some of moves that organizations can make to improve their identity and access management? Veda Sankepally, an IT security manager at managed care company Molina Healthcare, describes critical steps in this case study interview

Access 132

Access

InfoGovNuggets

Isn’t it good that airlines are competing based on providing better access to your information? “Firms Push Better In-Flight Web Access,” The Wall Street Journal , February 26, 2018 B4. But it’s a good thing to have better access to information when you are in the air, right? Access Information ValueCompetition is a good thing. Airlines and satellite providers team up to give passengers faster in-flight web service.

Access and Identity: With 'Zero Trust,' Less Is More

Data Breach Today

Access 180

Zero Trust: Secure Access in Complex Environments

Data Breach Today

With mobile apps and cloud computing, enterprises are facing challenges creating secure, trusted access paths The zero trust model has been around for a decade, and the ideas around it have evolved as applications have left the enterprise perimeter, says Lisa Lorenzin of Zscaler.

Access 146

Healthcare Case Study: Identity and Access Management

Data Breach Today

How can a large healthcare delivery system efficiently handle identity and access management for thousands of clinicians and other users of patient data? Robert Siebenthaler of PeaceHealth explains how his organization, which operates 10 medical centers, has developed a fine-tuned, role-based approach

Access 164

Privacy Analysis: Google Accesses Patient Data on Millions

Data Breach Today

Massive Research Project With Ascension Health System Raises Concerns A newly disclosed collaboration between Google and the massive Ascension healthcare system that the partners say is designed to improve patient care is raising serious privacy concerns.

Access 158

Cybercrime Markets Sell Access to Hacked Sites, Databases

Data Breach Today

Payment Card Theft, Ransomware Facilitated by Cybercrime-as-a-Service Offerings One mystery with the recently discovered payment card sniffing attacks against such organizations as British Airways and Newegg has been how attackers might have first gained access to the victims' networks.

Sudo Bug Opens Root Access on Linux Systems

Threatpost

Vulnerabilities all keyword bypass CVE-2019-14287 flaw Linux privilege restrictions root access runas sudo vulnerabilityThe bug allows users to bypass privilege restrictions to execute commands as root.

Access 113

For Sale: Admin Access Credentials to Healthcare Systems

Data Breach Today

Cybercriminals are "upping their game" by stealing and then auctioning off on the dark web administrative access credentials to healthcare organizations' clinician and patient portals, says Etay Maor of IntSights

Sales 146

Hard-Coded Credentials Found in ID, Access Control Software

Data Breach Today

Researchers Say Other Flaws Also Remain Unpatched Researchers from Tenable Security claim they have found what is essentially a skeleton key for an ID and access control system that could open the doors for anyone, plus other less severe but nonetheless zero-day vulnerabilities

Access 203

HIPAA Case: Hospital Fined for Ex-Employee's Access to PHI

Data Breach Today

Enforcement Action is the Third in Recent Weeks, Eighth This Year In its third enforcement action in recent weeks, federal regulators have hit a Colorado medical center with a HIPAA fine in a case involving failure to terminate a former employee's remote access to patient data.

Access 205

FBI: Encryption Blocked Access to 7,800 Devices

Data Breach Today

Director Calls For 'Responsible' Solution That's Not a Backdoor FBI Director Christopher Wray says the agency was unable to access nearly 7,800 devices in fiscal 2017 because of encryption, which he alleges will pose ever-increasing complications for law enforcement.

GDPR Data Subject Access Requests: How to Respond

IT Governance

The EU GDPR (General Data Protection Regulation) grants data subjects the right to access their personal data. This is known as a DSAR (data subject access request). What is the right of access? .

The 4 Pitfalls of Privileged Access Management

Data Breach Today

Bomgar's Sam Elliott on Overlooked Areas of Security Overlooked areas of security and defense include four pitfalls of privileged access management, says Sam Elliott of Bomgar, who offers insights on taking the right steps

Access 153

Before Elections, US Cut Russian Trolls' Internet Access

Data Breach Today

military curtailed the internet access of an infamous Russian trolling operation around the mid-term elections in November 2018 to stem the spread of noxious disinformation, and also directly contacted some of the troll-factory employees by name, the Washington Post reports Mindful of Escalation, American Spies Cautiously Spar with Russia The U.S.

Access 172

Facebook Privacy Breach: 100 Developers Improperly Accessed Data

Threatpost

Facebook said that 100+ third-party app developers had access to restricted data for members of Groups, in its latest privacy snafu.

Report: Remote Access Is No. 1 Healthcare Tech Hazard

Data Breach Today

ECRI Institute Calls Attention to Cyber Risks for Second Consecutive Year Hackers remotely accessing medical devices and systems - potentially disrupting care and putting patients at risk - is the No.

Access 185

Why Is Providing Patients Access to Records So Challenging?

Data Breach Today

Access 173

How 'Zero Trust' Better Secures Applications and Access

Data Breach Today

Organizations are accepting that the network perimeter no longer serves as the "ultimate defense" and thus adapting zero-trust principles, including least privilege, based on the understanding that they may already have been compromised, says Darran Rolls of SailPoint

Access 130

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

CISA published a security advisory to warn of multiple critical vulnerabilities affecting in Prima FlexAir access control system. Prima access control has a wide range of solutions, including wall-mounted readers, electronic lock cylinders, parking access control, and elevator control.

Access 103

9 Top Network Access Control (NAC) Solutions

eSecurity Planet

Network access control is critical for controlling the security of devices that attach to your network. We review nine NAC solutions

Attorney General Barr Argues for Access to Encrypted Content

Data Breach Today

Attorney General William Barr argued on Tuesday that enabling law enforcement to access encrypted content would only minimally increase data security risks. Critics Argue That Backdoors Would Create Security Risks U.S. Barr's comments drew criticism from lawmakers and technologists, who contend backdoors would put the public at greater risk

Zebrocy: A Russian APT Specializing in Victim Profiling, Access

Threatpost

Critical Infrastructure Government Malware analysis apt BlackEnergy custom malware go loader Sofacy support group victim access zebrocyThe Russian-speaking APT acts as a support group for high-profile APTs like Sofacy and BlackEnergy.

Access 108

Why Do Data Brokers Access the Australian Electoral Roll?

Data Breach Today

Restricted Data Access Required by Anti-Money Laundering and Anti-Terrorism Laws Massive data brokers - Equifax, Experian, Illion and others - are leveraging Australia's electoral roll, which is a tightly held and valuable batch of data. While this little-known practice might sound alarming, in fact it's required under Australia's anti-money laundering and anti-terrorism rules

Access 153

Iran – Government blocks Internet access in response to the protests

Security Affairs

Iran – After the announcement of the government to cut fuel subsidies, protests erupted in the country and the authorities blocked Internet access. Initially, mobile networks stopped working in large areas of the country, the government blocked any access to the Internet.

Modern Identity and Access Management

Data Breach Today

What are the critical questions that need to be addressed by anyone managing identity and access management in a modern enterprise? How do we establish and maintain digital trust without burdening our users? David Duncan of CA Technologies offers answers to these questions

Access 100

Evaluating the GCHQ Exceptional Access Proposal

Schneier on Security

The basic problem is that a backdoor is a technical capability -- a vulnerability -- that is available to anyone who knows about it and has access to it. Surrounding that vulnerability is a procedural system that tries to limit access to that capability.

Access 114

Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws

Threatpost

Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices. IoT Vulnerabilities Web Security access point Aironet Series Cisco Cisco patch controller critical vulnerability Denial of Service remote code execution software flaw Wi-Fi WLAN

Experts found undocumented access feature in Siemens SIMATIC PLCs

Security Affairs

Researchers discovered an undocumented access feature in Siemens SIMATIC S7-1200 programmable logic controller (PLC) that could be exploited by attackers to execute arbitrary code on affected devices. Using this functionality requires physical access to the UART interface during boot process.”

Should Staff Ever Use Personal Devices to Access Patient Data?

Data Breach Today

of Veterans Affairs Spotlights Tough Choices When is it acceptable to allow healthcare workers to use their personal smartphones to access patient records? Incident at Oklahoma Dept.

Access 158

Facebook Can't Reset All Breach Victims' Access Tokens

Data Breach Today

Social Network Reveals It Cannot Log Users Out of All Third-Party Services Warning: Attackers behind the recently revealed Facebook mega-breach may still be able to access victims' accounts at some third-party web services and mobile apps - and Facebook has offered no timeline for when a full lockdown might occur - although there are no signs of third-party account takeovers

Access 152