Tag Search: privacy

How to secure protected health information

Posted on Wednesday October 21, 2020  |  healthcare it, privacy, data breach, phishing, cybersecurity, phi, protected health information, access policies, full disk encryption

Protected health information (PHI) includes different types of data, including a patient's Social Security number, billing information, and health condition. Because of the wealth of confidential information it encompasses, PHI is highly valuable to hackers, who can use stolen PHI to carry out fraudulent activities. This puts healthcare organizations and other businesses that handle PHI at high risk of a data breach. If your organization operates in the healthcare industry, follow these best practices to keep PHI secure.

 

Why using a VPN is more important than ever before

Posted on Monday October 05, 2020  |  server, privacy, vpn, encryption, cybersecurity, ip leaking, virtual private network

In the past, a simple antivirus software was all you needed to stay safe from online threats. Today, it takes more than that to protect your PC and the information stored on it. Whether you're sending an important email or chatting with a coworker online, chances are your data can be easily intercepted. This is why you need a virtual private network (VPN). Here's how a VPN can protect your online privacy and how to choose the best one for your needs.

 

Turn off invasive Windows 10 settings in four steps

Posted on Wednesday July 01, 2020  |  security, browser, microsoft, cookies, privacy, pc, cortana, windows 10, microsoft edge, p2p file sharing

Windows 10 has become the operating system (OS) of choice among business and personal users. Despite the many improvements to the OS that Microsoft has rolled out, Windows 10 isn't perfect. In fact, many users have complained about its intrusive default privacy settings. Luckily, you can easily turn these settings off to ensure your privacy.

 

Crooks Abuse Google Analytics To Conceal Theft of Payment Card Data

Posted on Monday June 22, 2020  |  crime, google, privacy, security

An anonymous reader quotes a report from Ars Technica: Hackers are abusing Google Analytics so that they can more covertly siphon stolen credit card data out of infected ecommerce sites, researchers reported on Monday. Payment card skimming used to refer solely to the practice of infecting point-of-sale machines in brick-and-mortar stores. The malware would extract credit card numbers and other data. Attackers would then use or sell the stolen information so it could be used in payment card fraud. One challenge in pulling off the hack is bypassing website security policies or concealing the exfiltration of massive amounts of sensitive data from endpoint security applications installed on the infected network. Researchers from Kaspersky Lab on Monday said that they have recently observed about two dozen infected sites that found a novel way to achieve this. Instead of sending it to attacker-controlled servers, the attackers send it to Google Analytics accounts they control. Since the Google service is so widely used, ecommerce site security policies generally fully trust it to receive data. "Google Analytics is an extremely popular service (used on more than 29 million sites, according to BuiltWith) and is blindly trusted by users," Kaspersky Lab researcher Victoria Vlasova wrote here. "Administrators write *.google-analytics.com into the Content-Security-Policy header (used for listing resources from which third-party code can be downloaded), allowing the service to collect data. What's more, the attack can be implemented without downloading code from external sources." The researcher added: "To harvest data about visitors using Google Analytics, the site owner must configure the tracking parameters in their account on analytics.google.com, get the tracking ID (trackingId, a string like this: UA-XXXX-Y), and insert it into the web pages together with the tracking code (a special snippet of code). Several tracking codes can rub shoulders on one site, sending data about visitors to different Analytics accounts." The "UA-XXXX-Y" refers to the tracking ID that Google Analytics uses to tell one account from another. As demonstrated in the following screenshot, showing malicious code on an infected site, the IDs (underlined) can easily blend in with legitimate code.

 

Why autocomplete passwords are risky

Posted on Friday March 20, 2020  |  firefox, safari, security, web browsers, privacy, chrome, passwords, auto fill, cybersecurity, general articles c

Many people use auto-fill passwords for their convenience. What you might not know is that hackers and advertisers can use them to get access to websites and other applications and gather sensitive information. Learn more about the risks of using autocomplete passwords.

 

Flaw in Billions of Wi-Fi Devices Left Communications Open To Eavesdropping

Posted on Wednesday February 26, 2020  |  android, iphone, privacy, security, Wireless Networking

Billions of devices -- many of them already patched -- are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air, researchers said on Wednesday at the RSA security conference. From a report: The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, Raspberry Pi 3's, and Wi-Fi routers from Asus and Huawei. Eset, the security company that discovered the vulnerability, said the flaw primarily affects Cyperess' and Broadcom's FullMAC WLAN chips, which are used in billions of devices. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126. Manufacturers have made patches available for most or all of the affected devices, but it's not clear how many devices have installed the patches. Of greatest concern are vulnerable wireless routers, which often go unpatched indefinitely. "This results in scenarios where client devices that are unaffected (either patched or using different Wi-Fi chips not vulnerable to Kr00k) can be connected to an access point (often times beyond an individual's control) that is vulnerable," Eset researchers wrote in a research paper published on Wednesday. "The attack surface is greatly increased, since an adversary can decrypt data that was transmitted by a vulnerable access point to a specific client (which may or may not be vulnerable itself)."

 

Page:   1234567891011

Celebrating 35+ Years

Managed Internet Connections

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016