Archive for July, 2013

University of Delaware’s system hacked

July 29th, 2013

University of Delaware is a major research institution, and one of the oldest universities in the US. UD has become the victim of recent data breach incidents, as personal information of more than 72,000 past and present employees was compromised from the university’s system.

Email had been sent by the university to ensure that those affected are properly informed. To pin down the scale of the breach and to identify any other risk, investigators have been called in.

A system was set up for the employees to check if they were affected or not, all the affected employees were offered credit monitoring services to keep an eye out for potential identity theft.

The risk of identity theft is high as the data stolen included names, addresses, university IDD numbers and Social Security Numbers.

The FBI and forensic teams are probing further, but so far few specifics have emerged, beyond the rather vague statement in the official announcement that the breach was down to “a vulnerability in software acquired from a vendor” – basically saying the fault was with some piece of software not created internally, which doesn’t really narrow the field very much.

However, local news sources claim the flaw was in Struts2 software, which suggests the hack is related to Java.

“The University will not contact you and ask to confirm any of your personal information. If an unknown person contacts you and claims that he or she can help you if you would just confirm your personal information, do not surrender any information,” the university stated.

The university is working with FBI officials on the issue, and is trying to make sure something like this doesn’t happen again. Local news report suggested that the breach was first spotted more than a week ago, leading to sections of the university website being inaccessible for a time.

Get your personal as well as office laptops encrypted by Alertsec

With so much vulnerability on public networks unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Laptop containing 2000 Fairfax students’ data stolen

July 27th, 2013

Fairfax School is an 11-19 secondary school with academy status in Sutton Coldfield, north of Birmingham. The school was established in 1959. A laptop containing health records for 2,000 students of Fairfax County public school was stolen. The laptop contained personal information and was stolen from a health department employee’s car, as told by school and health officials.

School officials sent a letter to parents explaining that someone broke into the car and took the laptop. Officials also told, a briefcase containing student records in paper was also stolen along with the health department issued laptop.

The laptop contained personal information of nearly 2,000 Fairfax students at six schools, including Lanier and Rocky Run middle schools, Brookfield, Fairfax Villa and Navy elementary schools and Chantilly High School and Chantilly Academy.

As told by the health officials at school, the laptop included personal data of students such as their names, school system identification numbers and specific medical conditions. However, Social Security numbers, health insurance information or address of students was not stored in the laptop.

The school nurse had the permission to carry the laptop and the documents with her at home, but it was noticed that the nurse failed to keep the files secure, violating protocol.

The personal records on paper should have stored in locked briefcase, separate from the laptop. The information on laptop should not have been stored on laptop’s hard drive, officials said. Health officials said, the files were supposed to be stored on encrypted portable drives as they were personally identifiable information. The nurse will face strict action against this mistake.

According to spokesman Glen Barbour, current security procedures are being reviewed with employees by the health department.

Barbour said “We are going above and beyond to make sure this doesn’t happen again”.

Get your personal as well as office laptops encrypted by Alertsec

With so much vulnerability on public networks unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

USA: High-risk place for Data Theft

July 23rd, 2013

A research conducted by German companies shows that the US is a high-risk place for data theft, second only to China.

Ernst & Young carried out a survey of 400 companies in July, it found out that 26 percent of German security professionals, IT and senior managers felt that US was a highly risky country when it comes to data theft and Industrial espionage. These figures were just 6 percent two years back. China was still a high-risk company as responded by 28 percent. Russia stands at third place, as just 12 percent respondents consider it as risky place data theft.

Head of Forensic Technology & Discovery Services at EY, Bodo Meseke said that German companies had a misconception that attacks were most likely to come from Russia or China, but they need to realize that very extensive monitoring measures are carried out by Western intelligence agencies.

26 percent of respondents were worried about this sort of data theft coming from a foreign competitor, with 17 percent concerned about state agencies and secret services from abroad. 16 percent of people were concerned about domestic competitors and 9 percent were worried about their own employees.

The survey was conducted to study attitudes towards the risk of data theft and Industrial espionage. 86% of managers are confident that their company would not become a victim. They are confident about their security measures including firewalls and secure password policies, though these security measures are easy to break for skilled hackers.

Meseke explained “When it comes to their own safety, the companies are, unfortunately, often lulled into false sense of security,”

“A professional data thief can circumvent a password. It’s important for companies to make it more difficult for would-be data thieves with things like intrusion detection systems and beefed up security departments so that they look for another target.” he added further.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

CERA website hacked

July 19th, 2013

Canterbury Earthquake Recovery Authority was formed in response to the February 2011 Christchurch earthquake. It has wide-ranging powers and can suspend laws and regulations for the purpose of earthquake recovery. Malicious software was discovered in CERA website recently.

Server which hosts the CERA website was going through a routine check, this is when they found that something was wrong with their server.

To conduct an in-depth maintenance check, the external company which manages the server advised CERA to cooperate with them during the maintenance stage. CERA said that maintenance process had found out that software called c99madshell had been embedded into the website.

This type of software is used to hack into website and search for private information, such as credit card numbers. But CERA does not contain this type of information.

In a statement CERA said “There is nothing to suggest the malicious software had been activated after being embedded”.

“Investigation shows the software was most likely implanted with malicious intent. While it is disappointing that there are people intent on causing damage in this way, I’m very glad to find our security systems have identified this issue.” said CERA chief executive Warwick Isaacs.

He further added “There is no suggestion that any part of the CERA site has been compromised, but we are treating this situation with the highest degree of seriousness.”

To ensure that none of the videos, photographs or text had been corrupted, Mr. Isaacs had asked that every page of information which were updated on the CERA website in the past month should be individually checked. While this is underway, the website will be offline.

Mr. Isaacs said he expects all of the functions of the website to be restored later today. The website is not linked to any internal CERA databases.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

California AG reports 131 Data Breaches in 2012

July 17th, 2013

Data breach incidents are increasing at fast pace and their impact is affecting millions of people. California being one of its victims, the personal information of millions of individuals were exposed in data breaches last year.

Personal information of 2.5 million residents of California were exposed in 131 online data breaches in 2012, as indicated by a recent study done by Attorney General of California. However, more than half of these incidents were easily avoidable.

In a report released by the Attorney General Kamala Harris she revealed that out of 2.5 million California residents affected by data breaches in 2012, 1.4 million would have been fine if the companies had encrypted their data. If the exposed data had been cloaked earlier these incidents would have never been reported under existing state law.

According to some other findings in 2012, average of 22,500 people were affected in each breach. Majority of data leakage incidents were reported in retail industry followed by the insurance and financial sectors. More than 100,000 people were involved in five of the reported data breaches, more than half of breaches involved SSN.

“Data breaches are a serious threat to individuals’ privacy, finances and even personal security. Companies and government agencies must do more to protect people by protecting data.” Harris said in a release.

Harris gave some suggestions for companies and agencies, explaining them that data encryption should always be used to secure the data. She asked them to train their employees and contractors to improve the overall security in an organization. However, some experts in IT security industry declared awareness training to be a waste of money and time.

She further proposed to improve the readability of breach notices, better the access to resources for victims of breaches involving Social Security and driver’s license numbers, and the passage of legislation mandating notifications of breaches involving the exposure of online credentials, such as usernames and passwords.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Apple admits its developer site was hacked

July 15th, 2013

Apple’s website meant for developers was down for few days, this outrage was due to a hack. Software developers use this website for tools and resources to write software for iPhones, iPads and Macs, it also contains sensitive financial information, which is encrypted.

Attempts were made to access personal information about developers. This data breach incident comes at a time when third-party developers were testing their apps on Apple’s iOS 7.

Apple said that no customer information had been compromised, but was unable to rule out the possibility that some email addresses, mailing addresses and developers’ names may have been accessed. An Apple spokesman said the website which suffered from data breach was not associated with any customer information.

Apple wrote to developers on its website “Sensitive personal information was encrypted and cannot be accessed. However, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and email addresses may have been accessed”.

“This event shows that our private information and our developer account may be leaked, I hope Apple will spend more time and resources on security to protect our private information.” said Cui Tong, a Beijing-based iOS developer.

Apple apologized for the inconvenience that this data breach incident caused for software developers and that it was working “around the clock” to restore the website soon.

“To prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database,” Apple said in a statement.

The membership of the developers, if set to be expired has been extended by Apple and all third-party apps will remain on Apple’s app store.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Sony drops fine appeal; agrees to pay £250,000

July 12th, 2013

Sony is a Japanese multinational conglomerate corporation headquartered in Tokyo, Japan. Ranked 87th on the 2012 list of Fortune Global 500, it is one of the leading manufacturers of electronic products. Back in April 2011, Sony’s PlayStation Network and Qriocity online music and video service were compromised after an external intrusion into their network. The company was hit with £250,000 fine by the Information Commissioner’s Office (ICO) because of the data breach incident in 2011.

Sony has decided not to appeal the fine imposed by the ICO and agrees to pay £250,000 as a fine. Earlier when ICO had imposed the fine on the company, they had appealed for it explaining that the exposure of users’ data was the result of a “focused and determined criminal attack”.

The Japanese electronic giant further says that their decision to pay the fine was taken not because they agree with the ICO’s decision but because Sony fears that the appeal procedure will reveal information related to their security procedures. The ICO confirms that Sony will drop its appeal via Twitter.

“It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe” ICO deputy commissioner David Smith said when announcing the fine.

Sony spokesperson said “After careful consideration we are withdrawing our appeal. This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding. We continue to disagree with the decision on the merits”.

ICO welcomes Sony’s decision, saying “We welcome Sony Computer Entertainment Europe Limited’s decision not to appeal our penalty notice following a serious breach of the Data Protection Act.”

Flashback:

The Sony PlayStation Network and Qriocity online music and video service were compromised sometime between April 16 and April 19 in 2011 after an external intrusion into the network. Sony temporarily turned off both services to prevent any more attacks. Personal information belonging to 77 million account holders had been stolen. The information included names, addresses, log-in and password credentials, password security answers, email addresses, and birth dates. User purchase history and credit card information might had been compromised.

 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Stanford University’s network hacked again

July 11th, 2013

America’s famous Stanford University is also one of the victim of recent data breach incidents. This one being the second hack since May.

The University authorities had warned all the users, which include its staff, alumni and its students, to update their details as soon as possible. Specific details still remain scarce.

A banner alert had been posted on the main page of account system and all the users were sent email alert.

In recent months, there have been a lot similar hacks at Stanford and other universities, as found out by TechCrunch. The suspected hacker is claiming responsibility for the latest breach. Named Ag3nt47, the hacker has his information available publicly, casting doubt on his claim.

As stated by Stanford bosses, they were still not aware if any sensitive data had been stolen during this data breach incident. They also found this breach similar to other incidents which had been reported in past months by many large organizations and companies.

It is still not clear whether there is any direct connection to previous breach incidents in the university or attacks done by Ag3nt47.

Following the increasing number of cyber attacks, the worries of university community has been growing. Many of these data breach incidents seem to be targeting the precious research data.

It can be concluded that the data stolen aims at using the personal information for identity theft and passwords and usernames can be used to access the accounts.

University networks are much more hard to secure than corporate systems, because there are multiple devices and the individuals who use them, requiring attention towards wide range of services. This makes the data easily available to the hackers.

Whenever such incident takes place, users are urged to change their password as soon as possible, so selecting a strong password is recommended.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data Breach: Corporate security at risk

July 8th, 2013

Seems like the Business owners are not much concerned about their data security, they are not making any special efforts to defend systems against hackers. According to a San Diego State MIS professor, five men stealing data from corporate database over a period of seven years were charged by the Justice Department recently.

More than 160 million card numbers had been stolen and hundreds of millions of dollars were inflicted as financial harm to more than a dozen major companies.  No audit of said costs or detailed breakdown was provided. The alleged criminal enterprise was characterized as the largest of its kind to be prosecuted in the United States, by the Justice Department.

To obtain the login credentials and credit card numbers, a variety of hacking techniques were used by the accused, including SQL injection attacks to place malware on networks. To capture credit card transaction data from payment networks they even used network sniffer programs.

U.S. attorney Paul J. Fishman of the District of New Jersey said in a statement. “Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy and our national security. And this case shows, there is a real practical cost because these types of frauds increase the costs of doing business for every American consumer, every day. We cannot be too vigilant and we cannot be too careful.”

Murray Jennex, professor at San Diego State University MIS said despite recent improvements in dealing with SQL injection attacks and other hacking techniques, made after the defendants were engaged in their alleged conspiracy, many companies are still susceptible because they don’t test their systems adequately and they don’t spend enough money on security.”

“We’ve had economic issues so people haven’t put as much money into security as they should,” Jennex said in a phone interview. He further explained that Computer security does not generate revenue at all, so it is not considered as a priority and risk assessment is only as good as the people who conduct them.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Hackers Attack Ubisoft, Steal Customer Data

July 5th, 2013

French game maker Ubisoft has admitted that hackers have breached its networks, gaining access to usernames, email addresses and encrypted passwords. The incident likely affects millions of people worldwide.

PCMag’s Max Eddy reported, “Yesterday, French video game publisher Ubisoft alerted fans that customer information had been accessed by an attacker. The company advises everyone with an Ubisoft account to log in and change their passwords, but victims might have other dangers ahead. On the Ubisoft blog, Gary Steinman writes that user names, email addresses, and encrypted passwords were accessed during the intrusion. That’s the bad news, but here’s the good news: because Ubisoft does not store payment information, no credit card or other sensitive data was accessed.”

Matt Peckham with Time added, “The France-based company says it ‘instantly took steps’ to seal the breach and began investigating ‘with the relevant authorities, internal and external security experts, and to start restoring the integrity of any systems that may have been compromised.’ Ubisoft notes that Uplay, the company’s in-game digital distribution and multiplayer service, was not impacted — only Ubisoft’s website, though you can use your Uplay account credentials to log into the site, so I’m guessing Uplay accounts are at risk as well.”

Paresh Dave with the Los Angeles Times noted, “The company didn’t disclose how many of its users were hit, but it has sold more than 55 million of its top game…. Many websites automatically reset user passwords after a data breach. But Ubisoft took a different approach, recommending via email that users manually update their passwords on its website and any other websites where users might use a similar password.”