By Adrian Gerber
We recently explored the growing data storage options for organizations in the healthcare industry, such as cloud migration or a hybrid of cloud and on-premises. Regardless of which option an organization chooses, there are many factors to consider when moving data to the cloud to ensure the entity is HIPAA compliant and HITRUST certified.
Understanding the compliance-related pros and cons of both cloud and on-premises storage will help healthcare organizations create the infrastructure that fits their particular needs, addresses compliance and certification, and reduces the risk of a breach that can be costly from a financial and reputation standpoint.
By Jimmy Bayne
Microsoft Teams Rooms (MTR), formerly known as Skype Room System and Lync Room Systems, is the latest and greatest solution from Microsoft for managing online collaborative meetings. In many businesses across the globe, a Teams Rooms console (“Teams console”) is the lifeblood of the conference room. The console typically consists of a supported computer system, management dock, camera, and output device(s). The Teams Room application suite runs on Windows 10 Enterprise or Windows 10 Enterprise IoT.
For offensive security testers, this post will cover a simple case where attacking Teams gear may be beneficial when conducting a physical or internal penetration test. For defenders and system administrators, this post will highlight opportunities to reduce the attack surface of your expensive, often forgotten conferencing equipment. Let’s get started…
EmberSec is headed to HIMSS! And while the conference is a phenomenal opportunity to network with colleagues and pick up the latest in marketing swag, there is much to be learned from the various speaker sessions, workshops, forums, and seminars. Here are a few we’ve bookmarked as can’t miss from the HIMSS 2020 agenda, including one of our very own.
By Adrian Gerber
The massive market shift from on-premise services to the cloud rolls on. And for the healthcare industry, a decision to jump on board with this kind of migration is more complex than simply choosing a cloud provider. Yet in order to stay competitive in a world of resilient, agile, and rapidly accessible infrastructure and interoperable data, healthcare providers, device manufacturers, prescription drug companies and many others are driven to pursue new and different storage and hosting solutions.
EmberSec is headed to HIMSS! In addition to our exhibitor presence and participation at both the Cloud Forum and Cybersecurity Forum, By Light CTO, Ken Jenkins, alongside Jimmy Bayne, Security Consultant, EmberSec, will be delivering a session on how to improve your security controls with features underutilized in many enterprises. The session "Enhancing Security Controls with Application Whitelisting," is scheduled to be held on Thursday, March 12th in Cybersecurity Theatre 1 from 10:15a – 10:35a. Attendees of this session will be entered to win a set of Apple AirPods, to be given away at the conclusion of the talk.
Join EmberSec in Orlando, FL at the HIMSS Global Healthcare Conference from March 9th - 13th!
About HIMSS: HIMSS is a global advisor and thought leader supporting the transformation of health through the application of information and technology. As a mission driven non-profit, HIMSS provides thought leadership, community building, public policy, professional/ workforce development and engaging events to bring forward the voice of our members. HIMSS encompasses more than 80,000 global individual members, 630 corporate members, and over 450 non-profit organizations.
By Bradley Wolfenden
For the majority of organizations, regardless of size, any mention of the word ‘cybersecurity’ can lead to some serious anxiety. Whether that anxiety is the result of a lack of general awareness, limited internal expertise, absence of a response plan, restricted budgets, or a myriad of other triggers, there is no doubt that the complex web of cyber best practices can be daunting.
To help calm this overwhelming reality, many business leaders will turn to one of several existing cybersecurity frameworks as a starting place. These frameworks provide guidance around managing risk, foster improved communications, allow for scalability in application, and can support recruitment and hiring of cyber talent. For this blog post the EmberSec team digs in on the NIST Cybersecurity Framework to share how it can be leveraged to improve your overall cybersecurity strategy. We chose to focus this blog specifically on the NIST Framework due to our D.o.D. and government heritage, rich experience working with it, and due cause how it takes a threat-based approach to cybersecurity.
By Bradley Wolfenden
It’s about that time of the year when folks start to think about setting goals for the New Year, and for some, becoming more cyber literate may be at the top of your list (or should be!). To get all of you (n00bs) started, EmberSec has put together the following list of the Top 16 Cyber Terms Everyone Should Know.
CVE-2019-1378: Exploiting an Access Control Privilege Escalation Vulnerability in Windows 10 Update Assistant (WUA)
Windows 10 is an incredibly feature rich Operating System (OS). In the last four years, the innovative folks at Microsoft have continued to introduce and expand functionality as well as improve and integrate security features in its flagship OS. On the second Tuesday of each month, many of us that live in the Windows 10 universe receive updates from the mothership or through derivate means; These monthly patches are typically feature OS updates, security updates, and anti-virus definition updates. In this short post we’ll discuss an alternate Windows update process, a recently discovered vulnerability, and an ‘interesting’ way to exploit it.
By Bradley Wolfenden
As compute power and malicious tools become increasingly accessible, and the profitability of a successful cyber-attack remains on the rise, cyber criminals continue to be motivated to find new and more complex ways to exploit businesses of all sizes. And as these attacks can lead to devastating results, both financially and in terms of business reputation, it’s now more important than ever to develop an effective cybersecurity strategy.
What is an effective cybersecurity strategy?