Archive for June, 2013

Laptop stolen from Lucile Packard Children’s Hospital

June 27th, 2013

With over 650 physicians and 4750 staff support and volunteers, Lucile Packard Children’s Hospital is a world-class, non-profit hospital devoted entirely to the care of babies, children, adolescents and expectant mothers.  According to the hospital a laptop containing medical information on pediatric patients was stolen from a secure area of the hospital.

The hospital has notified patients by mail that a password-protected, laptop was stolen from a secured, badge-access controlled area of the hospital and there are chances of data theft. Immediately following discovery of the theft, Packard Children’s Hospital launched an aggressive investigation with security and law enforcement.

The laptop contained operating-room schedules during a three-year period beginning in 2009. Hospital officials are not certain which operating schedules were on the computer. As of now, there is no information on whether the patient data has been accessed by anyone or if there has been any data breach due to the laptop theft.  What is clear though that the information didn’t contain any credit card or financial information. Additionally, there were no SSN and confidential data of customers. However, it is quite possible that the laptop may contain patient records such as name, age, medical record number, telephone number, scheduled surgical procedure etc.

The officials stated, “Lucile Packard Children’s Hospital strives to be an industry leader in the area of medical information security. As a result of this incident, we are taking additional steps to further strengthen our policies and controls surrounding the protection of patient data to reduce the chance that an incident of this type will happen again”.

Data breach incidents have been consistently posing problems in the health insurance industry. The problems have accentuated because the professionals at health care industry have been slow in understanding the importance of data protection. The contrary belief that the medical data can’t be secured is nothing more than a myth. This incident should serve as an eye-opener to other experts from the health care industry.

Encryption software like Alertsec would have helped!

The use of encryption software would have helped to keep files protected on the computer. With encryption installed, none of the information or credentials would have been lost. Alertsec uses industry leading Check Point Full Disk Encryption (former Pointsec) software to create a web based encryption service that simplifies deployment and management of PC encryption

The best way to protect information stored on a PC is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

Enhanced by Zemanta

Ubisoft website hacked, account information compromised

June 25th, 2013

Data breaches have been penetrating at a rapid pace and when it comes to websites, they are not strangers to data breach incidents. The latest one to be affected by breach is Ubisoft.

The server of Ubisoft, the game developer behind the great success of “Assassin’s Creed” and “Far Cry” was hacked and a database containing log-in names, email addresses and passwords of the users was accessed illegally by the hackers.

Following the consequences, the firm had closed all the access to their server and started a thorough investigation. All the users were requested to change their passwords and email address.

Ubisoft officials stated “Out of an abundance of caution, we also recommend that you change your password on any other website or service where you use the same or a similar password,”Looking on the positive side, none of the personal payment data of the user was stored on the website, so there was no scope of debit or credit card information data breach. However, email addresses, user names and encrypted passwords were at danger.

Richard Henderson, a security researcher for Fortinet, a cyber security firm, said some major gaming companies are under the watch of hackers who intend to steal account details of users.

An Email by Richard said “All of this info is quite valuable in the ‘virtual gold’ and account markets.”

There may be a possibility that database information of users were not compromised, but still dealing with data breach of this nature proved to be a great challenge for users. In the case of data breach,it is easy for hackers to gain access of the passwords, as a result people using the same username and passwords for other websites would have to pay for this unintentional mistake. Users may end up with spam mails in their inbox associated with the stolen e-mail address.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Linux Malware Campaign uses Hacked DNS Server

June 19th, 2013

The attack that employed compromised Apache Web server binaries is turning out to be more complex than originally thought, as researchers now have found that the attackers also are using Trojaned Nginx and Lighted binaries as part of the campaign. More concerning, though, is the possibility that the attacks also have compromised a number of DNS servers and are using them to change crucial elements of the campaign on the fly and helps hide their tracks.

The new details of the attack campaign, which researchers have dubbed Linux/Cdorked, show that the attackers have cast a wider net than what was found originally and have access to a wider range of compromised machines. Researchers at ESET who have analyzed the attack say that the group behind the attacks may have been active since December 2012. The researchers have discovered more than 400 Web servers compromised by this malware, and that some of them are among the most highly trafficked sites on the Web.

Still, with the new details and further investigation into the attack, researchers still aren’t sure how the attackers are getting their malware onto the compromised Web servers.

“We still don’t know for sure how this malicious software was deployed on the web servers. We believe the infection vector is not unique. It cannot be attributed solely to installations of cPanel because only a fraction of the infected servers are using this management software. One thing is clear, this malware does not propagate by itself and it does not exploit vulnerability in specific software. Linux/Cdorked.A is a backdoor, used by malicious actor to serve malicious content from legitimate websites,” Marc-Etienne M. Leveille of ESET wrote in an analysis of the attacks.

The general pattern of the attacks involves the attackers modifying Web server binaries on target sites, and then using the malicious binary to serve code to certain users that redirect them to a malicious site. The user may then be redirected to a third site, but the end goal is to push the victim to a site that serves the Black hole exploit kit. On mobile devices, such as iPhones and iPads, users are redirected to porn sites.

The attackers in this campaign are being quite careful to hide their actions, both on the client level and in a larger sense. In addition to keeping a large blacklist of IP ranges that the malware will not redirect to malicious Web sites, the attackers also appear to be using compromised DNS servers to change domains and subdomains quickly. The construction of the URLs for these domains that are part of the redirection chain for the Cdorked malware have a peculiar format, and after looking into them, the ESET researchers came to the conclusion that the DNS servers being used have been compromised.

“The peculiar format of the subdomains and the fact that they are constantly changing strongly suggested that the DNS servers were also compromised. We did some tests where we modified the characters of the subdomain and in some cases the IP address in the response changed. With some more testing we were able to confirm that the IP address returned by the DNS request is actually encoded in the subdomain itself. It is using the characters at odd positions to form a 4 bytes long hex string to decode the IP address from. A basic chained XOR cipher is used to encode the IP address,” M.Lavielle said. “Due to the algorithmic nature of this behavior, we see no other explanation than the presence of trojanized DNS server binaries on the nameservers involved in Linux/CDorked.A.”

Cyber security researchers say that the tactics the attackers are using are not the most efficient ones and that they are causing themselves some unnecessary trouble.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

PHP Injection Bug Fixed

June 17th, 2013

A pair of popular WordPress plugins used to help sites cache content has fixed serious vulnerabilities that attackers could exploit simply by including special HTML code in a comment. Both WP Super Cache and W3 Total Cache contained a vulnerability that allowed for PHP code injection through a simple attack vector, but both plugins have now been updated to address the vulnerability.

The vulnerability was in the way that the plugins handled dynamic snippets included in the comments on sites with one of the plugins enabled. An attacker who found a vulnerable site would be able to execute arbitrary code on the backend server. The developers of both plugins have patched the vulnerability and so details of the bug have now become public.

“As a result, blogs with WP Super Cache (before version 1.3) and W3 Total Cache (before version 0.9.2.9) were at risk of PHP code injection. Blog comments could contain dynamic snippets (in HTML-comments) and WordPress core did not them filter out. Upon such a malicious comment having been submitted, a new cached version of the page was created that included the injected PHP-code. Upon the first request of the cached page, that code was successfully executed,” Frank Goossens, a Belgian blogger wrote in description.

First word of the vulnerability appeared in a WordPress user forum about a month ago, and the original poster included detailed code that demonstrated the vulnerability. Last week, Donncha O Caoimh, the author of WP Super Cache, said that he was releasing a new version of his plugin and would add a feature in a future version to disable a function that was one of the causes of the vulnerability.

“I’ve just released a new version of WP Super Cache that removes the html comments from user comments. I’ll publish a post about it in a few days time after most people have hopefully upgraded their sites. In the next release (1.4) I’m going to disable mfunc and associated functions by default because I suspect most users don’t even use them. Admins will have to enable them on the settings page,” O Caoimh wrote.

The hugely popular WordPress publishing platform is used by a wide variety of users, including professional publishers and individual writers. There are hundreds of plugins available for the platform that perform all kinds of tasks, from preventing spam comments to enabling the site to run on mobile platforms, and attackers often target vulnerabilities in those plugins, as they know that users may not update them as often as they should. Just as browser extensions and plugins such as Flash and Java have become favorites of attackers, so too have the WordPress plugins. The security breach on WordPress site has increased and so has data security.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Adobe to patch bug for Reader

June 15th, 2013

Adobe is planning to patch fairly low severity security vulnerability in all of the current versions of Reader and Acrobat that could enable an attacker to track which users have opened a certain PDF document. The vulnerability can’t be used for code execution, but researchers say it could be used as part of a larger attack.

The vulnerability was discovered and disclosed in late April by researchers at McAfee, who had been watching the behavior of some odd PDF samples in recent weeks. They noticed that all of the samples had a similar, weird characteristic, leading them to investigate and discover the vulnerability.

“Recently, we detected some unusual PDF samples. After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader including the latest ‘sandboxed’ Reader XI (11.0.2). Although the issue is not a serious problem (such as allowing code execution), it does let people track the usage of a PDF. Specifically, it allows the sender to see when and where the PDF is opened,” Haifei Li of McAfee wrote.

“When a specific PDF JavaScript API is called with the first parameter having a UNC-located resource, Adobe Reader will access that UNC resource. However, this action is normally blocked and creates a warning dialog asking for permission…The danger is that if the second parameter is provided with a special value, it changes the API’s behavior. In this situation, if the UNC resource exists, we see the warning dialog. However, if the UNC resource does not exist, the warning dialog will not appear even though the TCP traffic has already gone.”

Adobe on Thursday acknowledged the issue and said that it wills vulnerability in its next scheduled Reader update on May 14.  Although neither McAfee nor Adobe consider the vulnerability to be serious, Li said that it could be used as one piece of a larger attack, as a method of gathering some intelligence on a target.

“Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, Internet service provider, or even the victim’s computing routine. In addition, our analysis suggests that more information could be collected by calling various PDF JavaScript APIs. For example, the document’s location on the system could be obtained by calling the JavaScript “this.path” value,” Li wrote.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Google’s plan for Data security

June 13th, 2013

Gmail and Google Apps account hijacking has been the linchpin of a number of high-profile targeted attacks, starting with the Aurora attacks of 2009, right up until last week’s attack against the Twitter account belonging to the satirical Onion news site.

Granted we’re talking about two very different levels of severity between stealing data from the defense industrial base and sending out a few politically motivated hoax Tweets, but the thirst for legitimate credentials among state-sponsored hackers, cybercriminals and hacktivists won’t abate any time soon.

The chase, along with the general inadequacy of passwords, has forced Google for one to aggressively pursue a new direction for authentication into its online services. The company this week announced a new long-term plan for strong authentication, one that builds off a similar initiative in 2008 that led to the current implementations of two-factor authentication for Gmail and risk-based login challenges in order to determine if requests for access are indeed from the intended user.

Going forward, Google hopes to put strong authentication in place when endpoints such as laptops, tablets or Smartphones are first configured and have the device act as an authenticator. It also explained a number of other measures it would like to see implemented in the relatively near future. Clearly, smart phones have changed the dynamic of authentication for Google.

“With mobile devices like Android the usability is even further improved because you only login to the device once at the OS level and it works across all the apps on the device instead of having to go through a multi-step login flow for each application,” said Eric Sachs, a product manager with the Google security team. “However to improve the usability of this approach, one of our goals will be to have a consistent concept of identity between the OS, applications, and websites accessed from the browser on the device.”

Google has also thrown its support behind the Channeled open standard, which aims to secure the cookie on the device that certifies the user has signed in to a service.  The concept puts up a barrier for man in the browser attacks that attempt to sniff and steal cookies as they’re passed to the browser. This tighter connection between cookies and encryption keys as proposed in the standard and currently in place in the Chrome browser is another priority initiative for Google going forward.

“In essence, the browser self-provisions an anonymous public-private key pair for each web domain it needs to talk to via SSL. The web domain can use the consistent SSL public key Channel ID presented by the client device to tie into cookies that it issues to the client device,” Sachs said. “But once the cookies are ‘tied’ in this manner, they are no longer reusable bearer tokens.  The web server will only accept them as part of a connection that has been digitally signed with the same ChannelID.  ChannelID significantly reduces the risk associated with leaked reusable bearer tokens.”

Google said it also is re-thinking how to unlock devices so that pass codes are no longer necessary, and involve the use of fingerprint scanners, Near Field Communication between devices, or proximity readers. These same concepts could be applied, Google said, where the OS would intervene when a risky behavior appears in the browser and request the user to approve it via a fingerprint check, for example. Google acknowledges this could require changes to APIs and how the OS and browser communicate.

Google is doing its best against data breach and enhancement of data security.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Dropbox or Spambox

June 11th, 2013

Dropbox users are reporting spam emails for dedicated email accounts associated with the cloud storage service, in what appears to be leftover problems from last year’s data security breach.

But the cloud storage company has not seen anything to believe that this may be a new problem or a fresh data breach. The firm said in a public posting that it “remains vigilant given the recent wave of security incidents at other tech companies.”

One user explained the problem in a nutshell:

I have an internal to my company email address that I used for Dropbox only and I am getting the same fake PayPal scam emails. This has been happening since about Monday.

There was concern among forum members that following the hack of Zendesk, Dropbox users may have been at risk. “If Dropbox was affected, they should have already announced this like Twitter, Tumblr and Pinterest did,” said another user.

Last July, Dropbox suffered a data breach after it investigated suspicious incidents on its network. After bringing in outside experts to assist with the probe, the company found that usernames and passwords were stolen and some accounts were accessed. This was exacerbated by the successful intrusion of a Dropbox employee’s account containing a project document with user email addresses.

The file storage company then bolstered its accounts with two-factor authentication as well as automated back-end services to weed out suspicious activity.

Dropbox is not only used by small-medium sized businesses but also caters for enterprise clients. Dropbox for Teams added to the company’s freemium model by offering generous storage and a back-end dashboard to administrate Dropbox accounts, such as adding and deleting users.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.


Enhanced by Zemanta

Hackers sentenced to time in prison

June 9th, 2013

LulzSec member Cody Kretsinger will spend one year in prison for his role in breaching the defenses of Sony Pictures Entertainment servers.

The hacker pleaded guilty in April 2012 to one count of conspiracy and one count of unauthorized impairment of a protected computer, according to Reuters.

Kretsinger — also known as “Recursion,” — is part of LulzSec, an offshoot group from hacktivist collective Anonymous. LulzSec first came to attention in 2011, after a number of pranks including hacking The Sun’s website to proclaim that Rupert Murdoch was dead entered the spotlight, as well as the group’s role in coming to the defense of whistleblower website WikiLeaks. However, these pranks later turned into Sony’s worst nightmare — as the group stole the credentials and information of over 70 million user accounts of both PlayStation Network and Sony Online members.

This security breach led to Sony closing down the network for a month. The Information Commissioner’s Office (ICO) in the U.K. later fined the firm £250,000 for what it considered a “serious breach of the Data Protection Act” for not keeping customer data adequately protected. Prosecutors say that the network breach cost Sony over $600,000 in damages.

The 25 year-old has been ordered by a U.S. district judge in Los Angeles to serve 12 months before performing 1,000 hours of community service upon release. Although prosecutors refused to say whether the hacker was co-operating with authorities in return for a softer sentence, a leading member of Anonymous, “Sabu,” in reality Hector Xavier Monsegur, has pleaded guilty to similar charges and offered the FBI information on other hackers.

Three other members of LulzSec — Ryan Ackroyd, Jake Davis, and Mustafa al-Bassam — all pleaded guilty to a computer hacking-related charge at Southwark Crown Court in London. Between them, the hackers admitted to trying to hack into various websites related to Nintendo and Sony, as well as plotting to take down law enforcement agency websites based in the U.S. and United Kingdom.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Suspect arrested for ‘biggest cyberattack in history’

June 7th, 2013

A Dutch national suspected as the mastermind behind the largest DDoS attack ever recorded has been arrested in Spain.

The Associated Press reports that 35 year-old Sven Kamphuis, identified by The New York Times, was arrested Thursday in a city 22 miles north of Barcelona.

Originally from the Dutch city of Alkmaar, the hacking suspect operated from a mobile bunker — a van “equipped with various antennas to scan frequencies” and able to break into networks anywhere in the country. An Interior Ministry statement said that Kamphuis was able to use his “mobile computing office” to coordinate cyberattacks and speak with media before being arrested by Spanish police on the basis of a European arrest warrant issued by the Dutch. German, Dutch, British and U.S. forces all took part in the investigation.

Kamphuis runs Internet service provider CB3ROB and web hosting firm CyberBunker, which has hosted websites including the Pirate Bay and WikiLeaks in the past. The Interior Ministry’s statement says that the accused called himself a spokesperson and diplomat belonging to the “Telecommunications and Foreign Affairs Ministry of the Republic of Cyberbunker.”

The alleged hacker is accused of launching an attack against anti-spam watchdog group Spamhaus. A 300Gbps distributed denial-of-service sent the non-profit into disarray, taking down the agency’s website and forcing Spamhaus to turn to Cloudflare for assistance. According to the cloud services provider, the majority of the attack was traffic sent using a technique called DNS (domain name system) reflection. Usually, DNS resolves wait for a user request, but if the source address is forged, then requests may be “bounced” off different servers, amplifying the amount of traffic a domain name has to cope with and exploiting vulnerabilities in the Internet’s DNS infrastructure. Most cyberattacks tend to peak at 100 billion bits a second, which a third of what Spamhaus and Cloudflare is had to cope with.

The attack on DNS infrastructure resulted in lower speeds for Internet users worldwide.

The attack against Spamhaus — which is known for blocking fake good advertising and preventing it from reaching our email addresses — was one in a list of major DDoS campaigns thought to be masterminded by the Dutch national.

Kamphuis has denied any role in the attack, calling himself simply a “spokesperson” for one of the loose groups established to take down Spamhaus. However, according to the NYT, the alleged hacker used his Facebook page to proactively look for supporters to attack the agency, saying “Yo anons, we could use a little help in shutting down illegal slander and blackmail censorship project ‘spamhaus.org,’ which thinks it can dictate its views on what should and should not be on the Internet.”

The hacking suspect is likely to be extradited from Spain to attend court in the Netherlands.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Cyber crime up in Latin America

June 5th, 2013

Cyber crime across Latin America hasn’t been as well documented in the past.

Essentially, Latin America is the new hot target for cyber criminals — especially when it comes to illegally tapping into government, finance or energy agencies.

The top two types of attacks were identified to be ones on industrial control systems followed by home-grown crime ware kits.

Financial rewards — more so than hacktivism — were cited as the top motivators for cyber crime across the region.

It’s also important to define which nations were included in the report. For the purposes of this study, there were 20 of the 32 Organization of American States member states surveyed.

Between 2011 and 2012, cyber security incidents were up by nearly 40 percent. On a closer level, over a period of 28 days, 39 attacks from 14 different countries were recorded.

Of those 39 attacks, 12 were said to be unique and could be classified as “targeted,” but 13 were repeated by several of the same culprits over a period of several days.

However, researchers admitted it’s difficult (if not impossible) to exactly pinpoint the extent of these attacks due to “a lack of harmonized terminology across the region.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta