720-891-1663

Security News Update for the Week Ending May 31, 2024

Changing your mind … is a federal agency’s prerogative, apparently. Normally under HIPAA, it is the doctor or hospital that has to file the breach notice and until this week, that was the fed’s (HHS) position for the ChangeHealth breach. However, smarter brains have prevailed and rather that consumers getting a dozen notices from different doctors, pharmacies and other care providers, in this case, ChangeHealth will file the notices, Eventually. Credit: The Record

The National Vulnerability Database (NVD) is used by security software makers, researchers, consulting companies and others to understand new vulnerabilities and update anti-malware software. For most of this year, for reasons unknown, NIST has been way behind in adding new entries, to the consternation of many. Now NIST says they have hired a vendor to work with them and the database should be caught up by the end of the government’s fiscal year in September. Credit: HelpNet Security

More than half of the government’s applications have at least one vulnerability that has not been patched for over a year. But, the good news is that less than 1 percent of those are critical bugs. Half of them are in the government’s own code. Veracode, who makes software to detect vulnerabilities, says that 68% of government organizations have some security debt, about the same as industry. But, 59 percent of government apps have debt, compared to 42 percent of apps overall. See the rest of the details at CSO Online

As new state privacy laws go into effect that restrict targeted advertising (Colorado’s goes into effect in a month), Google is warning customers to beware that their advertising may suddenly become less effective. On their other hand, their bill may go down because there are less eyeballs allowing targeted advertising. Google is also discontinuing certain services due to the legal risk to them. Other advertising service providers may tell you it is your problem or not say anything at all, which de facto, makes it your problem. That means that you have to start honoring global opt out or risk large fines. If you need help, contact us. Credit: Google

I bet this shows up as a shocker … to no one. Forty percent of cyber teams have not reported a cyber incident out of fear of getting fired. Total and complete shock. Half of the surveyed security pros say they are unprepared for an attack on a critical third party. More than half said they were not prepared to defend against AI based attacks. Two thirds said they could not currently meet the SEC’s four day disclosure requirement. Why? Time (staff) and money. And executive support. Credit: CyberNews

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *