Catalin Cimpanu reports: A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users’ systems. Dell has released a patch for this security flaw on April…
Category: Commentaries and Analyses
Hackers Snatch and Try Unsuccessfully to Ransom Data from IT Service Provider; CityComp’s Big Clients Impacted
Joseph Cox reports: Hackers have broken into an internet infrastructure firm that provides services to dozens of the world’s largest and most valuable companies, including Oracle, Volkswagen, Airbus, and many more as part of an extortion attempt, Motherboard has learned. The attackers have also released data from all of those companies, according to a website…
AZ: Is a Desert Valley Dental breach ongoing? And did OCR order them to notify patients?
So this is something that I don’t recall ever seeing before as part of an initial breach disclosure. CBS5 reports: A Phoenix dental office has an ongoing breach of protected health information, Arizona’s Family learned Monday. The U.S. Department of Health and Human Services Office of Civil Rights ordered Desert Valley Dental to inform the…
China Ministries Jointly Release Guidelines for Protecting Personal Information Online
Hunton Andrews Kurth writes: On April 11, 2019, the People’s Republic of China’s Network Security Bureau of the Ministry of Public Security, the Beijing Network Industry Association and the Third Research Institution of the Ministry of Public Security jointly released a “Guide to Protection of Security of Internet Personal Information (the “Guide”). The Guide presents…
Audit: HHS Info Security Program ‘Not Effective’
Marianne Kolbasuk McGee reports: The Department of Health and Human Services’ information security program has received a “not effective” rating as a result of several weaknesses found in an annual review of compliance with the Federal Information Security Management Act of 2014. The HHS Office of Inspector General report is based on an audit conducted…
Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks
Swati Khandelwal reports: A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate,…