Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Patrick C Miller :donor: (patrickcmiller@infosec.exchange)'s status on Sunday, 02-Feb-2025 05:12:01 JST Patrick C Miller :donor:

US takes aim at healthcare cybersecurity with proposed HIPAA changes https://www.csoonline.com/article/3810936/us-takes-aim-at-healthcare-cybersecurity-with-proposed-hipaa-changes.html
In conversation about 4 months ago from infosec.exchange permalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.csoonline.com
  
  US takes aim at healthcare cybersecurity with proposed HIPAA changes
  
  Security experts welcome proposed changes to the regulation’s security rules while warning about political uncertainty, feasibility, and the potential cost to healthcare orgs.
- Embed this notice
  Erik van Straten (erikvanstraten@infosec.exchange)'s status on Sunday, 02-Feb-2025 06:11:49 JST Erik van Straten
  in reply to
  
  @patrickcmiller : oops, from https://www.csoonline.com/article/3810936/us-takes-aim-at-healthcare-cybersecurity-with-proposed-hipaa-changes.html:
  "the rollout of multi-factor authentication as a defense against phishing"
  What part of #Evil #Proxy do these people not understand?
  #EvilProxy #PhaaS #EvilGinx2 #Weak2FA #WeakMFA #2FA #MFA #Phishing #TwoStepVerification #FakeWebsite #AitM #MitM
  In conversation about 4 months ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: www.csoonline.com
    
    US takes aim at healthcare cybersecurity with proposed HIPAA changes
    
    Security experts welcome proposed changes to the regulation’s security rules while warning about political uncertainty, feasibility, and the potential cost to healthcare orgs.
  2. Screenshot grabbed from the video right below "Microsft 2FA" [sic] in https://www.resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web This screenshot was made after the user was asked to enter their email address and their password; shown is the website asking for the user's 2FA/MFA data. A browser can be seen with, in its address bar, a lock icon followed by (I inserted '[' and ']' to prevent accidental opening): login-live.rproxy[.]io/ (irrelevant stuff) In the webpage (which has the typical gradient Microsof colors) a dialogbox is dislplayed, with the following info and fields: [MS logo] Microsoft <email address blurred by ReSecurity> Approve sign-in request ! Because you've turned on two-step verification, you need to approve request X4Z7F on your Microsof Authenticator app. [ ] I sign in frequently from this device. Don't ask me to approve resuests here. <link> I can't use my Microsoft Authenticator app right now
    https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/930/584/666/414/026/original/b6bb841063fa2756.jpg

Public

Conversation

Notices

Feeds