The Health Insurance Portability and Accountability Act, best known as HIPAA, is one of the most well-known healthcare privacy laws in the United States. The primary objective of HIPAA is to safeguard patients' Personal Health Information (PHI). HIPAA's Security and Privacy rules establish guidelines for protecting Electronically Protected Health Information (EPHI), and Trustwave DbProtect is a powerful tool to help achieve this goal.

Most data crimes are the result of online compromises. This makes sense, as the criminals don’t need to know any of the old, dirty, hands-on techniques such as lock-picking, dumpster diving, or any other evasive maneuvers to carry out a successful attack. However, this doesn’t mean that the old methods are completely defunct. Physical security is still an important facet of a complete security program.

The FFIEC Cybersecurity Assessment Tool (CAT) is a diagnostic test designed to help institutions identify risks and gauge cybersecurity preparedness. The tool is primarily for financial and non-depository institutions, enabling organizations to make risk-driven security decisions informed by regular cybersecurity assessments and standardized risk measurement criteria.

MITRE ATT&CK is a popular knowledge base that categorizes the Tactics, Techniques and Procedures (TTPs) used by adversaries in cyberattacks. Created by nonprofit organization MITRE, MITRE ATT&CK equips security professionals with valuable insights to comprehend, detect, and counter cyber threats. In this blog post, we dive into the framework, explore different use cases for using it and discuss cross-community collaboration.

Privileged Access Management (PAM) enables organizations to address core controls needed to qualify for many cyber insurance policies. It’s important for organizations to be insured and mitigate the potential impact of a breach, and PAM is a critical part of any risk management strategy. In this blog, we’ll take a look at how organizations can satisfy common cyber insurance requirements with PAM, and the security benefits doing so offers.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including Cactus ransomware and BlackSuit ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

Introducing the new Elastic Security Value Calculator. With this tool, you can quickly quantify the financial efficiencies Elastic® can deliver for your organization. Estimate Elastic's value to your organization. Visualize how Elastic Security improves KPIs around risk, costs, and productivity. The numbers tell the story: achieving holistic visibility reduces risk, improves productivity, and drives cost savings and revenue recovery.

According to Pew Research, 41% of Americans have experienced some form of online harassment – and the severity of incidents has been getting worse over time. Understanding what different types of online harassment look like, and what behaviors harassers engage in, can help you recognize and address it. Keep reading to learn about the different types of online harassment, consequences of online harassment and how to avoid becoming a target.

The Iranian threat actor Charming Kitten is launching sophisticated spear phishing attacks to distribute a new version of its POWERSTAR malware, according to researchers at Volexity. “In the last few years, Volexity has observed threat actors dramatically increase the level of effort they put into compromising credentials or systems of individual targets,” Volexity says.

As executables and scripts are unable to bypass security solutions as attachments, cybercriminals turn to HTML as a means of obfuscation and malicious execution. According to analysis from security vendor Avanan, executables and Office documents as malicious attachments are almost non-existent – thanks to the solid efforts on the part of security companies and Microsoft.