Those who work in the healthcare industry know: HIPAA compliance is often fiercely enforced by the Department of Health and Human Services, and penalties can be steep. “Each covered entity is required to implement safeguards to prevent the unauthorized disclosure of PHI. These safeguards will vary depending on the size of the covered entity and the nature of healthcare it provides, but the penalties for failing to safeguard the integrity of PHI can be extremely high.

HIPAA’s regulations refer to two parties: a covered entity and a business associate. These groups are required to achieve PHI compliance. Specifically, this means these groups are liable for protecting the confidentiality, integrity, and availability of personal health information.

Since the beginning of 2022, the unfolding geopolitical conflict between Russia and Ukraine has resulted in the discovery of new malware families and related cyberattacks. In January 2022, a new malware named WhisperGate was found corrupting disks and wiping files in Ukrainian organizations. In February 2022, another destructive malware was found in hundreds of computers in Ukraine, named HermeticWiper, along with IsaacWiper and HermeticWizard.

When a company implements multifactor authentication, the organization is usually confident that it’s using the best system possible. However, not all MFA is built the same and there are times when the MFA solution being implemented is not delivering the protection required.

A month ago I tweeted about my annoyance with SSO or Single Sign On. While single is in the name, I’m required to “single sign on” multiple times a day. I’m not the only one; the tweet went viral with over 25k likes and 2 Million impressions. The tongue-in-check tweet created a lot of fun responses and more rage against SSO user experience than I expected. SSO was meant to solve password fatigue but we got something worse.

A six-figure surprise is awesome when it’s a lottery win. It’s not so awesome when it’s the “Amount Due” appearing in your monthly cloud bill. But enterprises receive these “surprises” all the time, and what can sting even more is trying to explain this preventable expense to management. Inefficient (not optimized) traffic routing to and from your various cloud instances and other services can hurt your business in other ways too.

63%. That's the number of SOC analysts who say they are likely to switch jobs in the next year, according to our Voice of the SOC Analyst report. Considering that SOC teams are understaffed and that the cybersecurity industry as a whole is facing severe staffing shortages, team leaders need to ensure that they're doing everything they can to retain their talent. However, SOC leaders may not know exactly what approach to take.

Contract with a third-party for managed SIEM services is increasingly affordable and requested by all-size organizations. Without any doubt, the advantages associated with this service allow monitoring, analyzing, and responding to cyber security threats more cost-effectively. However, what is a managed SIEM precisely? Is the price the only feature to take into account? What is the difference between a managed SIEM Provider (MSP) and a Managed Security Service Provider (MSSP)?

The situation with Dirty Pipe is rapidly evolving. We will update the information in this blog as it is released publicly. On March 7, 2022, Max Kellermann publicly disclosed a vulnerability in the Linux kernel, later named Dirty Pipe, which allows underprivileged processes to write to arbitrary readable files, leading to privilege escalation. This vulnerability affects kernel versions starting from 5.8.