Resources

Refine your skills, enhance your expertise, and bolster your professional credibility with Access Point Consulting's expansive set of resources. Browse our catalog of articles and bulletins for expert cybersecurity guidance, best practices, timely vulnerability and incident reports, breaking industry news, and more.

State of Security

View all podcasts

Fortifying Healthcare Against Ransomware: Strategies for Resilience and Response | State of Security

Summary This conversation explores the topic of ransomware in the healthcare industry and the importance of cyber resilience. The discussion highlights the impact of ransomware attacks on healthcare organizations, the challenges they face, and the need for proactive measures. The conversation emphasizes the basics of cyber resilience, including disaster recovery plans, vulnerability management, and incident response. The role of AI in ransomware protection is also discussed, along with the importance of operational resilience. Overall, the conversation emphasizes the need for healthcare organizations to prioritize cybersecurity and take proactive steps to protect against ransomware attacks. Chapters 00:00 Introduction and Overview 01:28 Ransomware in the Healthcare Industry 16:39 Addressing Ransomware Risks in Healthcare Organizations 27:36 The Importance of Operational Resilience 32:17 The Role of AI in Ransomware Protection 39:11 The Basics of Cyber Resilience 41:59 Conclusion

Find out more
April 18, 2024

PuTTY Vulnerable to Private Key Compromise Attack

PuTTY, a popular SSH and Telnet client, is currently subject to a vulnerability that can allow an attacker to compromise private keys. This vulnerability, identified as CVE-2024-31497 (CVSSv3: 5.9), affects 521-bit ECSA keys, and allows an attacker to recover a user’s NIST P-521 secret key utilizing a quick attack in roughly 60 signatures. The attacker, after compromising the private key, can log into any service for which that key is used.

Find out more
April 18, 2024

Exploit Code Available for Cisco IMC Vulnerability

A vulnerability, classified as CVE-2024-20295 (CVSSv3: 8.8) is present in the CLI of the Cisco Integrated Management Controller (IMC) which could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. The Cisco PSIRT is aware of proof-of-concept exploit code that is available for the vulnerability, however they are not aware of any malicious use of it yet.

Find out more
April 17, 2024

Zero Day Exploited by Threat Actors in PAN-OS

A vulnerability is present in PAN-OS 10.2, 11.0, and 11.1 firewalls configured with GlobalProtect gateway or portal with device telemetry enabled. This critical weakness identified as CVE-2024-3400 (CVSS 3.0: 10) is a command injection vulnerability which may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability. Threat actors utilized a backdoor after exploitation to perform data exfiltration and lateral movement throughout the network.

Find out more

Guides & Whitepapers

View all
Dangers of Unpatched Healthcare IoT and Network Systems

Dangers of Unpatched Healthcare IoT and Network Systems

It’s not uncommon for large healthcare organizations to support patients via thousands of systems––servers, network hardware, and Internet of Things (IoT) devices particular to the medical practice. Healthcare organizations are primary targets for attackers and are required to follow strict regulations to stop data breaches. HIPAA violations are costly, and unpatched hardware leaves healthcare systems vulnerable to numerous threats including malware, ransomware, security bypasses, and possible remote code execution. Patching systems with the latest update is critical to data protection and risk management, and it keeps the company compliant with HIPAA guidelines.

Find out more
6cd7600d-b040-4723-b0cd-2d93e6b65dbc
Virtual
Live

Reception at Top Golf | SecureWorld Philadelphia

Wed, April 17, 2024 | 4:30 PM-7:30 PM
Top Golf King of Prussia
Live
Virtual

7th Annual Medtech Cybersecurity Risk Mitigation Conference

Tue, Oct 3, 2023 9:00 am - Wed, Oct 4, 2023, 2:30 pm