Medical Web Experts is now a SOC 2 Type 1 Certified Compliant Organization
During Q2 2021, Medical Web Experts became a SOC 2 Type 1 compliant organization. The SOC 2 certification was developed by the American Institute of Certified Public Accountants (AICPA) as a way of evaluating whether a company follows the criteria for managing customer data according to their five trust service principles: security, availability, processing integrity, confidentiality, and privacy.
Top 30 Routinely Exploited Vulnerabilities
In a joint advisory CISA, ACSC, the NCSC, and FBI released what they found to be the vulnerabilities most commonly exploited in the wild. All have patches available, yet were found to be the backdoor for attackers in a lot of organizations. This should serve as a reminder of the importance of having a security patching process in place, particularly on internet-exposed endpoints and servers.
NSO Group Under Scrutiny by the Israeli Authorities
After the Pegasus project scandal – where 50,000 phone numbers were leaked, exposing the targets of cyber-espionage by NSO Group clients around the world (which included journalists, human rights activists, and the French President Emmanuel Macron, among others) – the Israeli government is under pressure to investigate the practices behind NSO Group. Under discussion are export licenses for hacking tools, as well as how governments or foreign clients should meet NSO Group’s terms of services, and how that is enforced.
Amnesty International has also released a tool that can be used to check devices suspected of being infected by NSO Group’s spyware.
Healthcare Hosting Provider Breached with Ransomware
Cloudstar, a Florida cloud-based hosting provider that specializes in various industries including healthcare, was hit by a ransomware attack, setting off an ongoing disruption that began on July 16th. Cloudstar engaged a security company to help them with the process of reversing the attack, but most of their clients’ data was compromised, and some of their financial clients are having significant problems.
Ransomware can wreak havoc on both companies and their clients. It’s important to have a complete and periodically-tested disaster recovery plan in place to ensure that your organization can get back to business quickly if something like this happens.
