Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2022

How to Become HIPAA Compliant in 2022 (Includes Checklist)

HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR). In 2013, the final Omnibus rule was enacted, binding business associates - or third-party vendors - to the Health Insurance Portability and Accountability Act. This modification added another level of compliance complexity to an industry not accustomed to operating in the cybersecurity domain - the healthcare industry.

UpGuard Creating Risk Waivers in Risk Assessment Demo // Chris Schubert, Senior Product Manager

Hear from UpGuard's Senior Product Manager, Chris Schubert, as he introduces you to UpGuard's new Risk Waiver workflow in Risk Assessments. This quarter, we’ve expanded our risk assessments framework so that you can waive risks within each individual risk assessment. This feature streamlines the risk waiver workflow so you can now create, review and waive risks all within a risk assessment.

UpGuard Shared Profiles and NDA Protection // Harsh Budholiya, Product Marketing Lead

Learn from UpGuard's Product Marketing Lead, Harsh Budholiya, as he introduces you to UpGuard's NDA Protection feature in Shared Profiles. As part of Shared Profiles, you now have the option to add a non disclosure agreement, or NDA, that must be accepted by organizations before access is granted. This gives Shared Profile owners complete visibility and control over their privacy settings with features including access controls and logs to ensure sensitive and private information contained in Shared Profiles remains secure.

How Did the Cash App Data Breach Happen?

The CashApp data breach was caused by a former employee who accessed customer financial reports as an act of revenge against the company after their employment was terminated. According to the April 2, 2022 filing with the Securities Exchange Commission by Block (CashApp’s parent company), the employee required access to the financial reports as part of their daily duties.

How to Integrate HECVAT into VRM Programs

‍HECVAT (Higher Education Community Vendor Assessment Toolkit) is a security assessment questionnaire that measures the cybersecurity risk of third-party vendors for higher education institutions. It helps universities ensure that their third-party vendors have implemented proper security practices and policies, which are measured against a comprehensive list of security controls, to protect the large amounts of sensitive data and personally identifiable information (PII) they manage.

What Makes an Effective and Successful CISO?

A CISO (chief information security officer) is a company's senior executive responsible for developing, managing, and implementing its organization’s security program and improving its cybersecurity posture. The CISO oversees the information security programs, protects organizational data and assets, develops IT infrastructures, builds security teams, and handles the overall IT security of the company.

Top Cybersecurity Regulations in India [Updated 2022]

India’s ever-expanding digital infrastructure in the wake of the pandemic has escalated the demand for new, updated, and improved regulatory mandates for strengthening cybersecurity. Rampant cybersecurity incidents have been occurring weekly, alarming businesses, organizations, and individuals across India.

How Did LAUSD Get Hacked in 2022?

Vice Society, the cybercriminal gang responsible for the attack, is believed to have used internal login credentials leaked on the dark web to access LAUSD’s network and launch the ransomware attack. Twenty-three internal LAUSD credentials were leaked on the dark web leading up to the attack, with at least one set granting access to LAUSD’s Virtual Private Network (VPN).

What Caused the Uber Data Breach in 2022?

The Uber data breach began with the purchase of stolen credentials belonging to an Uber employee from a dark web marketplace. The hacker tried to log into Uber’s network with these credentials but was unsuccessful because the account was protected by MFA. To overcome this security barrier, the hacker contacted the employee and, while pretending to be a member of Uber’s security team, asked them to accept the MFA push notification sent to their phone.

The Baseline Requirements of the RBI Cyber Security Framework

Financial institutions are amongst the most highly targeted organizations for cyber security attacks. To address this, the Reserve Bank of India (RBI) has outlined a list of controls, known as the RBI Guidelines for Cyber Security Framework, for banks to achieve a minimum recommended baseline of cyber attack resilience. Each area carries several detailed specifications from the list of controls outlined by the Reserve Bank of India.

What is Dark Web Monitoring? Tracking Data Leaks & Breaches

‍Dark web monitoring is the process of tracking your organization’s information on the dark web. Dark web monitoring solutions can scan through billions of pages on the internet to find leaked or stolen information, such as compromised passwords, credentials, intellectual property, and other sensitive data being shared and sold among cybercriminals operating on the dark web.

What Is an Identity Breach? Recognizing Early Signs & Types

An identity breach is an identity-based impersonation attack in which a hacker exploits vulnerabilities to obtain PII (personally identifiable information), contact information, credit card numbers, and important credentials like passwords and usernames to commit identity theft, identity fraud, or other cybercrimes without the victim’s knowledge. Using stolen information from a data breach, cybercriminals may attempt to steal classified information or money from the victim.

What is Cyber Insurance? Understanding the Basics

Cyber insurance (also cyber liability insurance coverage or cyber risk insurance) is a type of insurance policy that helps organizations cover financial damages related to cyber attacks or data breaches. Cyber insurance is especially important as the cost of a data breach continues to rise, and the amount of cyber attacks is higher than ever.

How to Avoid a Disaster Like the Optus Breach

The Optus data breach was the second-largest data breach in Australia. 9.8 million current and former Optus customers were impacted by the event, with 2.1 million suffering compromises of highly-sensitive government identification information, like driver’s license numbers and passport numbers. In other words, this single cybersecurity incident has placed almost half of the Australian population at risk of identity theft scams and financial fraud.

The New OpenSSL Vulnerabilities: How to Protect Your Business

The OpenSSL project has announced two security vulnerabilities tracked as CVE-2022-3602 and CVE-2022-3786. The good news is that these vulnerabilities are unlikely to facilitate remote code execution as originally anticipated, and only OpenSSL version 3.0.0 and later are impacted. The bad news, however, is that even though the remote control is unlikely, it’s still possible.

Compliance Guide: Australia & its New Telco Regulation (2022)

Of the many lessons that can be learned from how the Optus data breach was handled, one stands out - Australia’s privacy laws are not equipped to support Aussie data breach victims. To change this, the Australian Government is amending its Telecommunications Regulations 2021 Act. APRA-regulated financial entities can now be involved in efforts to mitigate financial fraud following a data breach.