Tag Archives: US-CERT

VPN Packages Store Cookies Insecurely

The Department of Homeland Security (DHS) issued a warning on April 15, 2019, entitled “VPN Applications Insecurely Store Session Cookies” (Vulnerability Note VU#192371) stating that “[M]ultiple Virtual Private Network (VPN) applications store the authentication and/or session cookies insecurely in memory and/or log files.” The affected products identified by DHS are: Palo Alto Networks GlobalProtect Agent … Continue Reading

US-CERT Issues Advisory About Vulnerabilities in Patient Monitors

The U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Team (US-CERT) recently issued an advisory outlining three vulnerabilities of Drager Infinity Delta patient monitoring devices. The vulnerabilities affect all versions of the Drager models—Delta, Delta XL, Kappa, and infinity Explorer C700—patient monitoring devices. According to the alert, the three security flaws include: Exposure … Continue Reading

US-CERT Warns of New Ransomware: Bad Rabbit

The U.S. Computer Emergency Readiness Team (US-CERT)is warning companies in the U.S. about a new ransomware dubbed “Bad Rabbit.” US-CERT stated that it has received multiple reports of infections by Bad Rabbit in countries around the world. According to security researchers, Bad Rabbit poses as an Adobe update and when the user clicks on the … Continue Reading

Office of the National Coordinator Issues Guidance After NotPetya Attack

Following the most recent ransomware attack, known as NotPetya, (among other nicknames), many health care entities were victims of the ransomware, which prompted the Office of the National Coordinator (ONC) to issue guidance to assist health care entities in the aftermath. In two separate warnings/updates, ONC provides guidance to health care entities on what to … Continue Reading

Take-Aways from WannaCry

We have read multiple reports on WannaCry and if you are reading this and don’t know what WannaCry is, Google it for the background story. The clear message is this is not the last major attack we will see, and future attacks will only get more sophisticated. It is being estimated that the cost associated … Continue Reading

OCR Urges Covered Entities and Business Associates to Use HTTPS

New guidance from the Office for Civil Rights (OCR) urges covered entities and business associates to use Secure Hypertext Transport Protocol (HTTPS) to protect communications from vulnerabilities. According to OCR, the vulnerability can be introduced by the use of products that inspect HTTPS traffic. These products are used to detect malware or unsafe connections, which … Continue Reading

Privacy Tip #29 – U.S. + Canada issue joint ransomware special alert—read and follow recommendations

We have frequently alerted individuals and companies about the increasing risk and success posed by sophisticated phishing schemes. It has become such a real and grave problem that the U.S. Computer Emergency Readiness Team of the Department of Homeland Security (US-CERT) has teamed up with the Canadian Cyber Incident Response Centre to issue a joint … Continue Reading

FDIC cybersecurity framework features four areas critical to bank security

Long gone are the days when a financial institution’s primary security concern was protecting cash in the bank vault, the Federal Deposit Insurance Corporation (FDIC) acknowledges in its recent article, “A Framework for Cybersecurity,” released February 1, 2016. Instead, the framework asserts that cyber-attacks now represent “one of the most critical challenges facing the financial … Continue Reading
LexBlog