07Oct 2020 by nathan

Interesting advisory from the Treasury Dept. regarding ransomware

CTC NEWS, Industry News, Tech news
If you are a potential ransomware victim, an insurance company who provides ransomware protection, an IT Services provider or financial institution who may provide services to a ransomware victim, the latest advisory from the U. S. Treasury Department suggesting that you may be subject to civil penalties if you pay, recommend paying or facilitate the payment of a ransom may be worth a read. The U.S. Department of the Treasure's Office of Foreign Assets Control (OFAC) released an advisory on 1 October 2020 that suggests that it can and may pursue civil penalties against victims of ransomware who pay the ransom as well as third parties who recommend or facilitate ransomware payments. I've linked the advisory below and have copy / pasted some of the pertinent sections of the advisory…
Read More
24Aug 2020 by nathan

Zoom Outage

Industry News, Tech news
We have received a number of reports that Zoom is down. We have looked into the matter and it does appear that Zoom is having problems, it looks like the issue is specific to the Zoom Web Client and that it is not impacting the Zoom desktop clients. Additional information is available from Downtime Detector via the link below: https://downdetector.com/status/zoom/
Read More
05Aug 2020 by nathan

OpSec is hard. Lessons learned from the Twitter hack arrests.

Industry News, Tech news
As many of you may already know, social media platform Twitter was attacked on 15 July 2020 and 130 high-profile accounts were taken over and used in a scam to collect Bitcoin. During the attack, there was a lot of discussion and marvel at the scope and complexity of the attack and a $1 million bounty was offered to "those who successfully track down and provide evidence for bringing to justice the hackers / people" [behind the attack]. Coverage of the attack and 'buzz' on social media continued for a couple of days. Fast forward to this morning and one of the first things in my news feed was an article that the 17 year old alleged mastermind of the attack was arrested after authorities tracked him down using a…
Read More
22Jul 2020 by nathan
Adobe issues emergency update to multiple products

Adobe issues emergency update to multiple products

Industry News, Tech news
Adobe has released emergency updates to address critical vulnerabilities in multiple products including Photoshop, Bridge and Prelude. The vulnerabilities could be used by an attacker to gain access to unpatched systems. Additional Info https://threatpost.com/critical-adobe-photoshop-flaws-patched-in-emergency-update/157581/
Read More
14Jul 2020 by nathan

Excellent articles / video series from the FTC on protecting Small Business from Cyber Threats

CTC NEWS, Industry News, Tech news
The FTC has released an excellent (and short) video series highlighting some excellent information to help small businesses better understand cyber threats and steps they can take to protect themselves. The videos all relatively short (I believe the longest so far is around four minutes +/-) and the concepts are simple (but not easy). If you own, manage or work for a small business, this is an excellent resource and definitely one that I would recommend checking out. US CERT ArticleFTC ArticleFCC Video Series Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you're not taking full advantage of? Are you looking for…
Read More
02Jul 2020 by nathan

Microsoft issues emergency security update

CTC NEWS, Industry News, Tech news
A private security researcher discovered two bugs affecting Windows 10 and Windows Server 2019 that can allow a remote attacker to take remote control of a computer if a user opens a specially crafted image. The bug was reported to Microsoft and updates to fix the bugs were issued earlier today. Additiinal information is available here .
Read More
15Jun 2020 by nathan

Can I use Windows 7 and / or Windows Server 2008 and still be HIPAA compliant?

Tech news
On 14 January of this year, Microsoft ended support for its Windows 7 and Windows Server 2008 workstation and server operating systems. This meant that neither Windows 7 or Windows Server 2008 would receive any additional security updates or support from Microsoft. Based on this, I believe that the short answer is no. The HIPAA Security Rule requires that all software used by Covered Entities and their Business Associates be kept up to date with updates from the [software] manufacturer. This means the Electronic Medical Records (EMR), Electronic Health Records (EHR), Practice Management software as well as the Operating Systems. In the case of Windows 7 and Windows Server 2008, since the manufacturer [Microsoft] no longer provides support or updates, this simply is not possible, even if your EMR, EHR,…
Read More