TOP FIVE TIPS TO COMPLY WITH NEW HIPAA PRIVACY AND SECURITY RULES THAT TOOK EFFECT THIS WEEK

Our phones have been ringing off the hook the past few weeks (which is a good thing!) and we anticipate that this will continue as customers, prospects and partners work to get their arms around the new U.S. Department of Health and Human Services (HHS) Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule that [...]

Introducing Our Newest Partner: HealthGuard

We are excited to announce our new partnerships with HealthGuard, a health security and risk management services company. We are providing them with a full suite of Managed Security Services for their customers and partners, including HIPAA Essential, PCI Complete, managed firewall, intrusion detection and prevention, log management, and web application firewall (WAF). Additionally, HealthGuard [...]

DOS using BIND DNS, by Sean Steadman, SOC Analyst

A recently discovered 0-day attack has been causing organizations with hosted domains everywhere mayhem.  The issue is a vulnerability found in the popular DNS application named BIND. This vulnerability is causing DNS servers to crash and interrupt service.  BIND versions with this vulnerability are unable to complete DNS requests for your hosted domains.  After BIND [...]

A Picture is Worth a Thousand Vulnerabilities, by Daniel Cabarcos, SOC Analyst

Recent discoveries in malicious links coming from Brazil have showed hidden block cipher code imbedded in images.  The discovery is assumed to be the first of its kind coming from the Latin American region. The art of hiding information in images is nothing new and in fact has been practiced for hundreds, if not thousands [...]

DHCP Snooping, by Ben Eichorst, Security Engineer

DHCP snooping is a relatively new feature that exists in most switch feature sets. While it may have different names from one switch vendor to another, the concept remains the same. DHCP snooping allows network administrators to force the allocation of IP space on specific switch ports to only be provisioned through DHCP from an [...]

The use of legitimate channels to distribute malicious software to users, by Rory Smith, SOC Analyst

With security companies recording known and popular domains used for spreading malicious software, malicious users are constantly looking for new channels to launch their illegal campaigns. A growing trend in the wild is the distribution of malicious code through legitimate domains. A recent victim to this kind of activity would be none other than Amazon [...]

URL Shortening: A Hacker’s Delight, by Joshua Roback, SOC Supervisor

The social media revolution has created a new market for URL shortening services, such as tinyurl.com and bit.ly.  These services take a URL such as http://www.thesecuritysamurai.com/2011/06/23/the-corporate-security-halftime-report-corporations-0-hackers-over-9000-by-rory-smith-soc-analyst/ and create a redirect site at tinyurl.com/<random string of characters> such as tinyurl.com/6b3bktp.  This is particularly useful when linking to articles or media with long URLs such as the [...]

The recent memory corruption vulnerability in Microsoft Excel By Cesar Salas, SOC Analyst

Another vulnerability has popped up affecting Microsoft Excel, that allows an attacker to execute code as the local user logged in to the device in question.  Microsoft Excel is a widely used spreadsheet program.  It has been confirmed that the memory corruption would allow a user to execute code at locally logged on level privileges.  [...]

The Corporate Security Halftime Report: Corporations: 0 Hackers: over 9000! by Rory Smith, SOC Analyst

We are finally halfway through what seems to be one of the most active years in terms of cyber warfare. In the last six months we have seen a variety of industry giants fall prey to malicious attackers. Fox, Google, Lockheed Martin, HB Gary, Sony, PBS, Nintendo, CIA, RSA and the US Senate have been [...]

StillSecure delivers File Integrity Monitoring Services

File Integrity Monitoring Helps Companies Identify and Remediate Imminent Security Breaches Superior, CO – June 21, 2011 – StillSecure®, a managed network security solutions and certified compliance company, today introduced the StillSecure File Integrity Monitoring Service for organizations seeking to ensure that their systems have not been compromised and those currently struggling with regulatory compliance [...]