Lucene search
+L

140 matches found

The Hacker News
The Hacker News
added 2024/12/30 12:43 p.m.10 views

New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

The United States Department of Health and Human Services' HHS Office for Civil Rights OCR has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance...

7AI score
Exploits0
NVD
NVD
added 2024/11/23 5:15 a.m.24 views

CVE-2024-11332

The HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on...

6.4CVSS0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/23 4:32 a.m.14 views

CVE-2024-11332 HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on...

6.4CVSS5.8AI score0.003EPSS
Exploits0References2
CVE
CVE
added 2024/11/23 4:32 a.m.56 views

CVE-2024-11332

CVE-2024-11332 : Stored XSS in the WordPress plugin “HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents” (versions up to 1.3.4) via the hipaatizer shortcode. Exploitation requires authenticated access at contributor level or higher; payloads execute when users view in...

6.4CVSS5.7AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/23 4:32 a.m.29 views

CVE-2024-11332 HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on...

6.4CVSS0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.7 views

PT-2024-16917 · WordPress · Hipaa Compliant Forms With Drag’N’Drop Hipaa Form Builder

Name of the Vulnerable Software and Affected Versions: HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder plugin for WordPress versions up to, and including, 1.3.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode due to insufficient...

6.4CVSS7.9AI score0.003EPSS
Exploits0References5
Qualys Blog
Qualys Blog
added 2024/11/14 7:33 p.m.7 views

Best Practices for Cloud Compliance

Introduction In today’s data-driven landscape, businesses are embracing cloud computing technology for its efficiency and scalability. A Cloud Security Alliance CSA report revealed that 98% of organizations worldwide use cloud services. Yet, more than 1/3rd of those organizations may not be using...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/10/30 1:34 p.m.8 views

Change Healthcare Breach Hits 100M Americans

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay,...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/30 10:30 a.m.17 views

Embarking on a Compliance Journey? Here's How Intruder Can Help

Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understa...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/19 9:30 a.m.16 views

Acronym Overdose – Navigating the Complex Data Security Landscape

In the modern enterprise, data security is often discussed using a complex lexicon of acronyms—DLP, DDR, DSPM, and many others. While these acronyms represent critical frameworks, architectures, and tools for protecting sensitive information, they can also overwhelm those trying to piece together...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/04/18 2:45 p.m.22 views

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

The Federal Trade Commission FTC has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data. Cerebral has agreed to an order that will restrict how the company can use or disclose sensitive...

7.5AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2024/03/11 1:57 p.m.138 views

Test and evaluate your WAF before hackers

Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies available on the market. Since the last century, WAFs have evolved by incorporating the cloud and using Machine Learning instead of RegExp. Currently, few...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2024/02/21 9:20 a.m.35 views

Cybersecurity for Healthcare—Diagnosing the Threat Landscape and Prescribing Solutions for Recovery

On Thanksgiving Day 2023, while many Americans were celebrating, hospitals across the U.S. were doing quite the opposite. Systems were failing. Ambulances were diverted. Care was impaired. Hospitals in three states were hit by a ransomware attack, and in that moment, the real-world repercussions...

9.8CVSS9.7AI score0.12661EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/01/30 10:49 a.m.79 views

Top Security Posture Vulnerabilities Revealed

Each New Year introduces a new set of challenges and opportunities for strengthening our cybersecurity posture. It's the nature of the field – the speed at which malicious actors carry out advanced persistent threats brings a constant, evolving battle for cyber resilience. The excitement in...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/18 10:31 a.m.42 views

Unmasking the Dark Side of Low-Code/No-Code Applications

Low-code/no-code LCNC and robotic process automation RPA have gained immense popularity, but how secure are they? Is your security team paying enough attention in an era of rapid digital transformation, where business users are empowered to create applications swiftly using platforms like Microso...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/12/11 8:59 p.m.9 views

Living our Values and Leveraging Diverse Skill Sets: How Jonathan Atwood Built a Successful Career as a Customer Advisor at Rapid7

At Rapid7, our Customer Advisors play a pivotal role at ensuring our customers understand their threat landscape – and feel confident in their security programs. By collaborating across various internal teams, strengthening customer relationships, and proactively seeking solutions and advocating...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/11/09 1:47 p.m.34 views

Nude “before and after” photos stolen from plastic surgeon, posted online, and sent to victims&#8217; family and friends

The FBI is investigating a data breach where cybercriminals were able to steal patients’ records from a Las Vegas plastic surgeons office, and then post the details online which included nude photos. In February, cybercriminals gained access to Hankins & Sohns network, which has offices in both...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/26 11:50 a.m.58 views

Essential Guide to Cybersecurity Compliance

SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert's head spin. If you're embarking on your compliance journey, read on to discover the differences between standards, which is best for your business...

6.4AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/06/27 12:0 a.m.13 views

How to Reach Compliance with HIPAA

Explore how to fulfil HIPAA compliance standards without friction...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/06/15 6:21 p.m.24 views

In Healthcare Organizations, Data Security Risks Persist Despite HIPAA Compliance

In a recent blog post, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations today. This storm is escalating in size, force, and risk levels. The Health Insurance Portability and Accountability Act HIPAA sets the standard for protecting this dat...

6.9AI score
Exploits0
Rows per page
Query Builder