Below is a summary of the previous week's security news which is most relevant to IT Directors
- Healthcare insurance provider Anthem admitted that hackers accessed a database containing up to 80 million records containing PII. (Reference)
- This story joins that ranks of the Target breach and is one of the most severe security breaches in the healthcare industry to date.
- Upshot: An enterprise security assessment could have helped Anthem assess and mitigate the risks that were exploited. For example, the databases containing PII were not encrypted. This is just one of at least 250 controls Equilibrium's security team assesses on a regular basis.
- Adobe released a critical update for Flash on Thursday (v220.127.116.115). (Reference)
- Important Adobe and Java updates are released often and your IT administrator should keep workstations up to date.
- Upshot: A robust and flexible workstation management solution such as Equilibrium System Monitoring (ESM) or Microsoft's SCCM can push these updates to hundreds of endpoints with minimal effort.
- 99.88% of About.com's pages are vulnerable to Cross Site Scripting (XSS), which is a common and major known vulnerability vector. (Reference)
- This issue has gone unpatched since it was privately communicated to the company 3 months ago by a security professional in Singapore.
- Upshot: Including web and application developers in the security assessment and management process is critical in addition to the infrastructure team.
Author: Todd Bey
Equilibrium IT Solutions, Inc.