Commentaries and Analyses – Page 333

Dell Wyse Thin Client scores two perfect 10 security flaws

Posted on December 23, 2020 by Dissent

Thomas Claburn reports: Dell, which pitches its Wyse ThinOS as “the most secure thin client operating system,” plans to publish an advisory on Monday for two security vulnerabilities that are as bad as they could possibly be. CVE-2020-29491 and CVE-2020-29492 are both critical flaws, managing a perfect (although unwelcome) CVSS score of 10 out of…

SolarWinds Adviser Warned of Lax Security Years Before Hack

Posted on December 22, 2020 by Dissent

There will be those who say that this is not the time to look back at mistakes made, or this is not the time to point fingers while we are still in the midst of understanding the scope of a major attack and what needs to be done, but …. yes, this piece by Ryan…

Security Firms Form the ‘Ransomware Task Force’ Hoping to Place an Embankment

Posted on December 22, 2020 by Dissent

Bill Toulas reports: A group of 19 large companies and experts in the field of cybersecurity have felt the need to do something tangible to stop the rise of the ransomware threat, and so they have united forces under the ‘Ransomware Task Force’ (RTF). The group has the goal of developing new technical solutions, as…

Twitter Fine: a View into the Consistency Mechanism, and “Constructive Awareness” of Breaches

Posted on December 22, 2020 by Dissent

Mark Young, Shona O’Donovan and Paul Maynard of Covington & Burling writes about the recent news-making fine the DPC issued to Twitter. They write, in part: Process aside, the DPC’s decision contains some interesting points on when a controller is deemed to be “aware” of a personal data breach for the purpose of notifying a…

Securing Picture Archiving and Communication System (PACS) Cybersecurity for the Healthcare Sector:

Posted on December 21, 2020 by Dissent

NIST SP 1800-24 OCR is sharing the National Cybersecurity Center of Excellence’s (NCCoE) at the National Institute for Standards and Technology (NIST) SP 1800-24, Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector. This practice guide can help HIPAA covered entities and their business associates implement current cybersecurity standards and best practices to…

Breach alerts dismissed as junk? New guide for sending vital emails may help

Posted on December 21, 2020 by Dissent

An article by Bradley Barth raises a number of good points for entities to consider — BEFORE they ever need to send breach notification emails. And not only does the article describe considerations for entities/senders, but the article also provides some tips for recipients of notification emails: …the Messaging, Malware and Mobile Anti-Abuse Working Group…