I haven’t seen a Windows worm in the wild in a long time. The last time a major worm infestation took place was in 2003 in the days of Blaster which spread via an unpatched flaw in RPC. That same year was Slammer, and Code Red a few years before in 2001. This new worm code named ‘Morto’ has been seen in the wild and is accounting for a spike in RDP traffic on 3389/tcp as it spreads. Users are … →
As security guys (and Linux/GNU fanboys), we tend to do absolutely everything possible via the commandline. This is pretty easy in Linux/Unix OS’s, but unfortunately we deal with a lot of Windows boxen in our line of work, where it is less than easy at times. One common scenario we need to undertake is exporting all the GPO’s in a certain domain or forest for later analysis. For a small place this isn’t a big deal as there may only … →
In July, the HHS’ Office of Civil Rights (OCR) announced that they had appointed consulting firm KPMG to conduct up to 150 HIPAA audits of covered entities and business associates by the end of 2012. The implementation of the audit program fulfills a compliance enforcement mandate of the 2009 HITECH Act. The KPMG contract enables OCR to put “feet on the street,” while retaining an oversight role in the process. Sue McAndrew, OCR’s deputy director for health information privacy, confirms … →
