Robert Grupe's AppSecNewsBits 2025-03-22

EPIC FAILS in Application Development Security practice processes, training, implementation, and incident response
tj-actions: GitHub supply chain attack spills secrets from 23,000 projects
Attackers compromised the project at some unknown point before March and altered its code so the Action would leak secrets from a project's developer workflow into build logs. The GitHub Action was tampered with to inject a Node.js function containing base64-encoded instructions to run a Python script that leaked a project's continuous integration / continuous delivery (CI/CD) secrets from the Runner Worker process. Such secrets can include API keys, passwords, access tokens, and more. Similar malicious code could be found in another project – Flank –and in this case, the data was sent to a GitHub Gist via a POST request.
This attack appears to have been conducted from a PAT [personal access token] linked to @tj-actions-bot account to which 'GitHub is not able to determine how this PAT was compromised.
The personal access token affected was stored as a GitHub action secret which has since been revoked. Going forward no PAT would be used for all projects in the tj-actions organization to prevent any risk of reoccurrence. The password for the bot account was updated, passkeys are now used to secure the account, its permissions were downgraded to the minimum necessary, and commits must now be signed to ensure the integrity of contributions.

tj-actions: Large enterprises scramble after supply-chain attack spills their secrets
The corrupted package, tj-actions/changed-files, is part of tj-actions, a collection of files that's used by more than 23,000 organizations. Tj-actions is one of many GitHub Actions, a form of platform for streamlining software available on the open source developer platform.
The source code for all versions of tj-actions/changed-files received unauthorized updates that changed the "tags" developers use to reference specific code versions. The tags pointed to a publicly available file that copies the internal memory of severs running it, searches for credentials, and writes them to a log. In the aftermath, many publicly accessible repositories running tj-actions ended up displaying their most sensitive credentials in logs anyone could view.
This supply-chain attack should serve as impetus for admins to review any GitHub Actions they use to ensure they use cryptographic hashes, instead of tags, that point to code that has been vetted previously.

'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
The only requirement for successful exploitation is that Tomcat is using file-based session storage, which is common in many deployments.
The attacker starts by sending a PUT request to upload a malicious session file to the server.
The payload is a base64-encoded ysoserial gadget chain, designed to trigger remote code execution when deserialized. This request writes a file inside Tomcat’s session storage directory. Because Tomcat automatically saves session data in files, the malicious payload is now stored on disk, waiting to be deserialized.
To deserialize the payload, attackers need only send a GET request with the JSESSIONID pointing to the malicious session. Tomcat, seeing this session ID, retrieves the stored file, deserializes it, and executes the embedded Java code, granting full remote access to the attacker.
The vulnerability is CVE-2025-24813, and was revealed on March 10 along with updates to close the hole in the open source web server software.

Court filing: DOGE aide broke Treasury policy by emailing unencrypted database
A now-former DOGE aide violated US Treasury policy by emailing an unencrypted database containing people's private information to two Trump administration officials.
DOGE to Fired CISA Staff: Email Us Your Personal Data
The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a password-protected email attachment — presumably with the password needed to view the file included in the body of the email.
The U.S. Citizenship and Immigration Services, which likewise instructs those fired employees who wish to be rehired and put on leave to send a password-protected email attachment with sensitive personal data.
Email is about as secure as a postcard sent through the mail, because anyone who manages to intercept the missive anywhere along its path of delivery can likely read it. In security terms, that’s the equivalent of encrypting sensitive data while also attaching the secret key needed to view the information.
[rG: Passwords and unencrypted sensitive information via email are all fundamental no-no’s. While email can be configured and used as a secure communication channel, most users do not know how to use PKI, nor how to protect the receive data. Messages within an organization can also usually be seen system administrators and support staff. An encrypted file attachment could be OK, but the encryption method needs to be “strong” and the decryption password would need to be shared through some other confidential method.]

Oops, they did it again: Microsoft breaks Outlook with another dubious update
Users of Microsoft's email service might be feeling a distinct sense of déjà vu after the web version of Outlook last night blocked access to Exchange Online mailboxes.
According to Microsoft, the problem was due to "a recent change made to a portion of Outlook on the web infrastructure, that may have resulted in impact."
Reverting the change did the trick, and service was restored, but the question must be asked – does Microsoft test its changes before deploying to production?

Microsoft: Exchange Online bug mistakenly quarantines user emails
Specific URLs are being miscategorised and quarantined by our anti-spam systems, causing impact," said Microsoft describing the root cause. "Some users' Exchange Online email messages may be unexpectedly quarantined.
Efforts to alleviate impact by adding the affected URLs to the appropriate allow list have so far been unsuccessful. We're attempting to manually correct affected email message locations to remediate impact while we review for more offending URLs.”
[rG: Anti-spam solutions have been trying to utilize AI for decades, yet despite all the recent advances, still struggle with both false positives and false negatives.]

Microsoft wouldn't look at a bug report without a video. Researcher maliciously complied
Senior principal vulnerability analyst Will Dormann said last week he contacted Microsoft Security Response Center (MSRC) with a clear description of the bug and supporting screenshots, only to be told that his report wouldn't be looked at without a video.
The video is 15 minutes long and at the four-second mark flashes a screenshot from Zoolander, in which the protagonist unveils the "Center for Kids Who Can't Read Good." It also features a punchy techno backing track while wasting the reviewer's time with approximately 14 minutes of inactivity.
"I get that people doing grunt work have mostly fixed workflows that they go through with common next steps. But to request a video that now captures (beyond my already-submitted screenshots) the act of me typing, and the Windows response being painted on the screen adds what of value now?"
To top it all off, when trying to submit the video via Microsoft's portal, the upload failed due to a 403 error. 

What’s Weak This Week

• CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability:
  Allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys. Related CWE: CWE-506

• CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability:
  Allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string. Related CWE: CWE-22

• CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability:
  Allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. Related CWE: CWE-78

• CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability:
  Enables an attacker to read arbitrary files. Related CWE: CWE-36

• CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability:
  Allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests. Related CWE: CWE-288

HACKING

ClickFix: How to Infect Your PC in Three Easy Steps
ClickFix attacks mimic the “Verify You are a Human” tests that many websites use to separate real visitors from content-scraping bots. Clicking the “I’m not a robot” button generates a pop-up message asking the user to take three sequential steps to prove their humanity.
Step 1 involves simultaneously pressing the keyboard key with the Windows icon and the letter “R,” which opens a Windows “Run” prompt that will execute any specified program that is already installed on the system.
Step 2 asks the user to press the “CTRL” key and the letter “V” at the same time, which pastes malicious code from the site’s virtual clipboard.
Step 3 — pressing the “Enter” key — causes Windows to download and launch malicious code through “mshta.exe,” a Windows program designed to run Microsoft HTML application files.
Hospitality workers are being tricked into downloading credential-stealing malware by cybercriminals impersonating Booking[.]com. The company said attackers have been sending malicious emails impersonating Booking[.]com, often referencing negative guest reviews, requests from prospective guests, or online promotion opportunities — all in a bid to convince people to step through one of these ClickFix attacks.

Arrests in Tap-to-Pay Scheme Powered by Phishing
If you own a mobile phone, the chances are excellent that at some point in the past two years it has received at least one phishing message that spoofs the U.S. Postal Service to supposedly collect some outstanding delivery fee, or an SMS that pretends to be a local toll road operator warning of a delinquent toll fee.
These messages are being sent through sophisticated phishing kits sold by several cybercriminals based in mainland China. And they are not traditional SMS phishing or “smishing” messages, as they bypass the mobile networks entirely. Rather, the missives are sent through the Apple iMessage service and through RCS, the functionally equivalent technology on Google phones.
People who enter their payment card data at one of these sites will be told their financial institution needs to verify the small transaction by sending a one-time passcode to the customer’s mobile device. In reality, that code will be sent by the victim’s financial institution in response to a request by the fraudsters to link the phished card data to a mobile wallet. If the victim then provides that one-time code, the phishers will link the card data to a new mobile wallet from Apple or Google, loading the wallet onto a mobile phone that the scammers control.
These phones are then loaded with multiple stolen wallets (often between 5-10 per device) and sold in bulk to scammers on Telegram. At least one of the Chinese phishing groups sells an Android app called “Z-NFC” that can relay a valid NFC transaction to anywhere in the world. The user simply waves their phone at a local payment terminal that accepts Apple or Google pay, and the app relays an NFC transaction over the Internet from a phone in China.

New Sophisticated Phishing Attack Exploiting Microsoft 365 Infrastructure To Attack Users
The attack begins with threat actors creating administrative accounts under “*.onmicrosoft[.]com” domains to reduce visibility.
They then configure organization name fields with complete phishing messages that urge victims to call fraudulent support numbers. When legitimate Microsoft billing events are triggered, the system generates emails carrying these malicious messages.
By manipulating tenant properties and organization display names within Microsoft 365, attackers can embed phishing content directly within trusted Microsoft communications.
The most alarming aspect of this attack is how it exploits Microsoft’s own billing notification system. When a subscription event is triggered, Microsoft automatically sends confirmation emails that incorporate the organization’s display name. Attackers manipulate this field to include fraudulent messages like: “(Microsoft Corporation) Your subscription has been successfully purchased for 689.89 USD using your checking account. If you did not authorize this transaction, please call 1(888) 651-4716 to request a refund.”

Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account
The attacks represent a significant evolution in threat actors’ capabilities and challenge the widespread assumption that MFA provides near-absolute protection against unauthorized access attempts.
A bypass technique manipulates the authentication process itself rather than attempting to steal or compromise the secondary verification factors. Attackers are exploiting timing vulnerabilities and implementation flaws in how systems validate and track MFA completion status, effectively convincing applications that secondary verification has been successfully completed when it actually hasn’t.
When a user initiates authentication, the primary factor (usually a password) generates an initial session token which is then pending secondary verification. Attackers have discovered methods to intercept and modify this token’s state flags before the MFA challenge is completed.
Security experts recommend organizations implement continuous validation of MFA status throughout session lifetimes rather than only at initial login, and adopt cryptographically signed tokens that cannot be modified without detection.

How do you get ChatGPT to create malware strong enough to breach Google's password manager? Just play pretend.
While online scams, digital identity theft, and malware have existed for as long as the internet has, chatbots that do the bulk of the legwork for would-be criminals have substantially lowered the barriers to entry. "We call them zero-knowledge threat actors, which basically means that with the power of LLMs only, all you need to have is the intent and the goal in mind to create something malicious."
Security researcher Simonovich convinced the role-playing chatbot to write a piece of malware strong enough to hack into Google Chrome's Password Manager, a browser extension that allows users to store their passwords and automatically fill them in when prompted by specific sites. Running the code generated by ChatGPT allowed Simonovich to see all the data stored on that computer's browser, even though it was supposed to be locked down by the Password Manager.
ChatGPT usually responds to direct requests to write malware with some version of an apologetic refusal: "Sorry, I can't assist with that. Writing or distributing malware is illegal and unethical." But if you convince the chatbot it's a character, and the parameters of its imagined world are different than the one we live in, the bot allows the rules to be rewritten.

Developers Beware! AI Coding Tools May Aid Hackers
Pillar Security have uncovered a new supply chain attack vector named “Rules File Backdoor.” The technique, labelled dangerous by researchers, enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions. The attack works across different AI coding assistants, indicating widespread weakness across various AI coding platforms.
By exploiting hidden Unicode characters and sophisticated evasion techniques in the model facing instruction payload, threat actors can manipulate the AI to insert malicious code that bypasses typical code reviews. To anyone using the code assistant, the attack is unnoticeable, which allows malicious code to silently propagate through projects, with the potential to affect millions of end users through compromised code.
Threat actors can generate vulnerable code, such as insecure cryptographic algorithms, implement authentication checks with bypasses, and disable input validation in specific contexts. Other use cases include data exfiltration using the generated code and long-term persistence, where the vulnerabilities get passed on through someone forking the poisoned project.
Researchers recommend auditing existing rules, implementing validation processes, deploying detection tools, and reviewing AI-generated code as technical precautions. 

APPSEC, DEVSECOPS, DEV

Too many software supply chain defense bibles? Boffins distill advice
North Carolina State University and Yahoo! embarked on their study because they feel it’s hard for organizations to pick from the myriad supply chain defense tools in the market. The US National Institute of Standards and Technology (NIST) offers its Secure Software Development Framework (SSDF [PDF]) and Cybersecurity Supply Chain Risk Management Practices guide. CISA has developed a Self-Attestation form. The Open Source Security Foundation developed a software security scorecard. The Cloud Native Computing Foundation offers the OWASP Software Component Verification Standard [PDF], and a Supply chain security framework (S2C2F). There’s also the Proactive Software Supply Chain Risk Management Framework that distilled 73 supply chain security tasks from 10 different frameworks.
The authors also developed a starter kit for organizations that attempts to harmonize the recommendations of the various supply chain security frameworks. In doing so, they have validated webcomic xkcd 927 by creating another framework.
Closing the Chain: How to reduce your risk of being SolarWinds, Log4j, or XZ Utils
The top five starter kit tasks are:

1. role-based access control (E.3.3)

2. system monitoring (D.2.1),

3. boundary protection (E.3.7),

4. monitor changes to configuration settings (E.3.6), and

5. environmental scanning tools (E.3.11)," Four of these apply to the software development environment.

The post-quantum cryptography apocalypse will be televised in 10 years, says UK's NCSC
NCSC claims organizations must be aware of as quantum computers - perceived to be the next major technological change, and yet one that's still in the early stage of development - will pose a threat to current encryption standards.
By 2028, organizations need to have defined their PQC migration goals, pinpointed systems to be upgraded and developed an initial plan for this shift.
NIST recently published three complete standards to replace current equivalents, claiming that quantum computers capable of breaking PKC could exist within ten years.
By 2031, the highest-priority PQC migrations should be completed and that initial plan three years earlier must be refined and show a clearer pathway to full PQC resilience.
By 2035, the full PQC migration should be complete across all systems, products, and services.
Given that real-world quantum computers capable of practical use are still estimated to be decades away, the ten-year deadline would put UK organizations well ahead of the curve.
Google's quantum AI chief predicted recently the first real-world use cases are perhaps five years away.
Nvidia CEO says quantum computing was more likely to be around 20 years away.
Perceived wisdom is that symmetric cryptography won't be affected to any significant degree by quantum, and as long as algorithms with at least 128-bit keys are deployed, they can remain in use. The same goes for hash functions like SHA-256.

Cybersecurity classics: 10 books that shaped the industry

AI development pipeline attacks expand CISOs’ software supply chain risk
Incidents of exposed development secrets via publicly accessible, open-source packages rose 12% last year compared to 2023.
A scan of 30 of the most popular open-source packages found an average of 6 critical-severity and 33 high-severity flaws per package. RL’s scan of more than two dozen widely used commercial-software binaries — including commercial and open-source operating systems, password managers, web browsers, and virtual private network (VPN) software — uncovered a range of problems such as exposed secrets, actively exploited software vulnerabilities, evidence of possible code tampering, and inadequate application hardening.
Open-source software modules and code repositories still accounted for the vast majority of supply chain risks in 2024. AI supply chains are a growing target, with attackers manipulating data, training models, and software libraries. LLMs are frequently integrate with external APIs and data sources, introducing significant risks through these dependencies.

Show top LLMs some code and they'll merrily add in the bugs they saw in training
Research titled "LLMs are Bug Replicators: An Empirical Study on LLMs' Capability in Completing Bug-prone Code," finds that LLM models often regurgitate known flaws rather than correct them.
The boffins tested seven LLMs – OpenAI's GPT-4o, GPT-3.5, and GPT-4, Meta's CodeLlama-13B-hf, Google's Gemma-7B, BigCode's StarCoder2-15B, and Salesforce's CodeGEN-350M – by asking these models to complete snippets of code from the Defects4J dataset. The "intelligence" portion of artificial intelligence still leaves a lot to be desired.

Mastering Prompt Engineering with Functional Testing: A Systematic Guide to Reliable LLM Outputs
Data fixtures: Controlled scenarios that represent the various requirements and edge cases the LLM must handle.
Automated test validation: Ensures prompts are thoroughly tested against various scenarios.
Multiple iterations: Observing the consistency of responses to assess the stability and reliability of the prompt.
Algorithmic scoring: Represents the proportion of successful responses out of the total number of iterations.

Why the Latest JavaScript Frameworks Are a Waste of Time
At first, it’s exciting. A cleaner syntax, better performance, fewer headaches! But after years of jumping from React to Vue to Svelte to Solid (and back again). Innovation is great, but at some point, you have to ask yourself Am I actually building things, or am I just constantly relearning how to build the same thing in a slightly different way?
There is no best framework—only trade-offs.

• React gives you a massive ecosystem but forces you to deal with complex rendering patterns.

• Vue is intuitive but gets opinionated with Vuex, Pinia, and its build tools.

• Svelte eliminates boilerplate but locks you into its compiler-based approach.

• Solid gives you React-like ergonomics with better performance but lacks ecosystem maturity.

• Angular is a powerhouse but comes with a steep learning curve. 

VENDORS & PLATFORMS

Top 10 dynamic application security testing (DAST) tools for 2025
Why DAST-first is a better approach to AppSec

• SAST and SCA don’t prove exploitability but do frequently generate hundreds of alerts without showing what can actually be reached and attacked.

• Developers get overwhelmed and waste time fixing low-risk issues instead of real threats—and eventually start treating all security warnings as false alarms.

• Security teams lack clear prioritization when you can’t separate critical issues from less urgent tasks and from sheer noise.

A DAST-first approach flips this on its head:

• DAST scanning focuses on what attackers see by probing live applications to find exploitable vulnerabilities.

• Automated validation confirms potential vulnerabilities with features like proof-based scanning to cut through false positives.

• Faster remediation and higher efficiency with short time to value as teams focus on first fixing what matters most.

[rG: SSDLC DAST provides “automated pen testing” that should be run continuously throughout the production life of products (whenever there is a new release or vulnerability detection update).]

Google Releases Major Update for Open Source Vulnerability Scanner
OSV-Scanner can now extract from projects source manifest and lockfiles (including .NET: deps.json, Python: uv.lock, JavaScript: bun.lock, and Haskell: cabal.project.freeze and stack.yaml.lock), and artifacts (such as Node modules, Python wheels, Java uber jars, and Go binaries).
It also includes layer-aware scanning for Alpine, Debian, and Ubuntu container images, providing details such as layer history and commands, layers where a package was introduced, the base image, the OS and distribution the container is running, and vulnerabilities unlikely to affect the container image.

Kali Linux 2025.1a released with 1 new tool, annual theme refresh
Kali Linux is a distribution created for cybersecurity professionals and ethical hackers to red team exercises, penetration testing, security audits, and research against networks.
This release is mostly focused on updates, so only one tool was included this time: hoaxshell - Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Cloudflare new approach punishes AI companies that ignore "no crawl" directives.
Web infrastructure provider Cloudflare announced a new feature called "AI Labyrinth" that aims to combat unauthorized AI data scraping by serving fake AI-generated content to bots. The tool will attempt to thwart AI companies that crawl websites without permission to collect training data for large language models that power AI assistants like ChatGPT.
"When we detect unauthorized crawling, rather than blocking the request, we will link to a series of AI-generated pages that are convincing enough to entice a crawler to traverse them. But while real looking, this content is not actually the content of the site we are protecting, so the crawler wastes time and resources."

Farewell Photoshop? Google’s new AI lets you edit images by asking.
Gemini 2.0 Flash can add objects, remove objects, modify scenery, change lighting, attempt to change image angles, zoom in or out, perform other transformations, and remove watermarks from images.

Gemini gets new coding and writing tools, plus AI-generated “podcasts”
You upload some documents, and the AI assimilates the data to generate a conversation between two people who don't exist. Google likens this to a podcast-style discussion. Sometimes, the fake hosts even give the fake podcast a name.
Audio Overviews is also integrated with Deep Research, the AI-powered agent that can peruse the Internet on your behalf. Google recently made Deep Research free for limited use, and now you can do more with those reports. When viewing the results of Deep Research (which also take several minutes to create), you'll now be able to generate an Audio Overview from the report.

Nvidia announces DGX desktop “personal AI supercomputers”
These desktop systems, first previewed as "Project DIGITS" in January, aim to bring AI capabilities to developers, researchers, and data scientists who need to prototype, fine-tune, and run large AI models locally.
The smaller DGX Spark features the GB10 Grace Blackwell Superchip, with a Blackwell GPU and fifth-generation Tensor Cores, delivering up to 1,000 trillion operations per second for AI.
The more powerful DGX Station includes the GB300 Grace Blackwell Ultra Desktop Superchip with 784GB of coherent memory and the ConnectX-8 SuperNIC supporting networking speeds up to 800Gb/s.
The DGX architecture serves as a prototype that other manufacturers can produce. The base-level configuration for a DGX Spark-like computer would retail for around $3,000.

Why Anthropic’s Claude still hasn’t beaten Pokémon
Claude frequently finds itself pointlessly revisiting completed towns, getting stuck in blind corners of the map for extended periods, or fruitlessly talking to the same unhelpful NPC over and over, to cite just a few examples of distinctly sub-human in-game performance. You will see it attempt to walk into walls all the time. Watching Claude 3.7 Sonnet get stuck on Mt. Moon for 80 hours or so can make it “seem like a model that doesn't know what it's doing. Also, despite recent advances in AI image processing, Claude still struggles to interpret the low-resolution, pixelated world of a Game Boy screenshot as well as a human can.

LEGAL & REGULATORY

DORA, PCI DSS 4.0 and the future of compliance
DORA, which went fully into effect as of January 17, 2025, is intended to ensure businesses operating in the financial services sector in Europe have robust, proactive risk management frameworks in place to ensure operational resilience and protect against a host of threats. This policy brings a set of requirements for organizations that are focused on: vulnerability management, data recovery and resilience, and support for open source.
PCI DSS 4.0 is another set of security standards, put forward by the Payment Card Industry (PCI) Security Standards Council, that focuses on establishing a baseline of technical and operational requirements designed to safeguard sensitive account and cardholder data. And with the deadline for full implementation of its heightened compliance obligations taking effect on March 31, 2025, businesses need to ensure they are ready.

Navigating the 2024 proposed HIPAA security rule amendments
The HHS’ Office for Civil Rights has issued a proposed rule that, if adopted, would significantly amend the HIPAA Security Rule. The updates aim to fortify the confidentiality, integrity and availability of electronic protected health information, or ePHI, amid escalating cybersecurity threats in healthcare. Once the proposed amendments are finalized and published in the Federal Register, entities will have 180 days within which to comply.
On Jan. 20, however, President Donald Trump issued an executive order imposing a “Regulatory Freeze Pending Review.” While the executive order places into question the status of the proposed rule (as well as all other proposed federal regulations), the imposition of enhanced cybersecurity requirements for healthcare providers should be considered a near certainty.
Key proposals in the enhanced security rule:

1. Uniformity across implementation specifications: All specifications will now be mandatory, with specific exceptions.

2. Comprehensive documentation: Must maintain written documentation of all Security Rule policies, procedures, plans and analyses.

3. Updated definitions and specifications: Must be updated to reflect technological advances and modern terminology.

4. Technology asset inventory and network mapping: Must maintain an ongoing technology asset inventory and a network map illustrating the movement of ePHI. These must be updated annually or when significant changes occur.

5. Enhanced risk analysis: Requires a periodic written risk assessment detailing technology asset review, threat identification, vulnerability assessments and risk level evaluations.

6. Access management: Must notify designated parties within 24 hours when a workforce member’s access to ePHI or relevant systems is changed or terminated.

7. Incident response and contingency planning: Must establish detailed written procedures for incident response, including restoration within 72 hours and prioritized system recovery plans.

8. Auditing and business associate oversight: Must conduct annual compliance audits and ensure business associates verify technical safeguards annually through assessments which would now be certified in writing by the BA’s “subject matter expert.” What are considered “compliance audits” and who qualifies as an “auditor” under the proposed rule remains to be seen.

9. Encryption and authentication: ePHI at rest and in transit, alongside multi-factor authentication, will be mandatory.

10. Technical safeguards and controls: Must deploy anti-malware protection, enforce software controls, disable unused network ports and implement network segmentation.

11. Vulnerability and penetration testing: Must conduct vulnerability scans every six months and penetration tests annually.

12. Backup and recovery protocols: Separate, dedicated technical controls for secure ePHI backup and recovery.