Archive for the ‘AlertSec Xpress’ category

Content to Prevent Data Breach

July 3rd, 2017

Egnyte a Calif. based content collaboration and governance specialist has launched a new cloud-based solution which looks after insider threat. The product focus on IT security professionals. Nowadays distributed workspace needs shared information system which uses on-premises collaboration platforms or cloud-based services which may cause data breach.

“As users and organizations are more global and interdependent they need to share more content with each other and then need to do it in a secure way using EFSS [enterprise file synchronization and sharing] solutions not email attachments for instance,” Isabelle Guis, chief strategy officer at Egnyte mentioned.

“But as you hire contractors and have many places where your content resides (on-premises, cloud, cloud apps, etc.) it is very difficult to enforce the security policies at the repository level or even train all your users and new hires to properly handle their content.”

Data leaks can occur due to various loopholes.

“For example, a merger and acquisition folder could be shared via a public link and one of the intended recipients forwards the link to someone who should not see that data,” Guis said. “Or, a very common example – a disgruntled employee downloads all of ‘their’ work, which is actually the company’s IP [intellectual property], right before leaving your company and going to a competitor,” a situation allegedly at the center of the high-stakes Google-Uber lawsuit.

Egnyte product looks for sensitive content in the database.

Then it “provides real–time analysis of all the content within an organization and presents actionable insights to help administrators prevent these types of aforementioned data breaches,” Guis said.

“Egnyte Protect continuously analyzes an organization’s entire content environment and classifies the most sensitive information, such as credit card numbers, social security numbers, sensitive IP, HIPAA information, and much more,” she added. “Then, in real–time, Egnyte Protect identifies vulnerabilities, alerts administrators, and offers actions that can immediately fix any issue that is found across all of the organization’s content repositories.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Kmart Attacked by Hackers Again

July 2nd, 2017

Kmart suffered another data breach when its server was attacked by hackers.

 “Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls,” a Kmart FAQ on the data breach states. “Once aware of the new malicious code, we quickly removed it and contained the event.”

 Sears Holdings owns Kmart. It has not mentioned the number of affected card holder in the statement. Also, the location impact is also not disclosed. But it mentioned that only card information got breached.

 “All Kmart stores were EMV ‘Chip and Pin’ technology enabled during the time that the breach had occurred and we believe the exposure to cardholder data that can be used to create counterfeit cards is limited,” the company stated. “There is no evidence that kmart.com or Sears customers were impacted nor that debit PIN numbers were compromised.”

 This is the second breach in three years. Security of the card is crucial and online shops are finding it difficult to secure.

 “Consumers should monitor the transactions on any account linked to credit or debit cards they have used in a Kmart store and report any fraudulent transactions to their bank as soon as they are identified,” Capps said. “Given the brisk migration to a chip-and-pin system, we are unlikely to see the stolen credentials used for in-person payments, but they can be used for online transactions. “

 In 2014, Kmart was affected by malware.

 “We will likely find that this attack started with a stolen credential, used to inject the malware into Kmart’s networks,” Nir Polak, CEO of security vendor Exabeam mentioned. “In this modern operating environment, better behavioral analysis — focused on both use of credentials and on the system processes that are spawned from malware — is the best way to detect and shut down these attacks.”

____________________________________________________________________________________________

 Alertsec encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Massive New Ransomware Attack

June 29th, 2017

Recently world suffered a massive WannaCry attack. Now new ransomware attack was launched using same Windows vulnerability. Ukraine is the most affected country affecting government, transport systems, banks and power utilities and companies like WPP, pharma giant Merck, manufacturing company Saint-Gobain, and Russian steel and oil giants Evraz and Rosneft.

One WPP subsidiary has asked staff to turn off and disconnect all Windows machines as it was a victim of “massive global malware attack, affecting all Windows servers, PCs and laptops.”

Shipping company Maersk tweeted, “We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack. We continue to assess the situation. The safety of our employees, our operations and customers’ business is our top priority.”

Merck tweeted “We can confirm our company’s computer network was compromised today as part of the global hack. Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more.”

Kaspersky Lab researchers mentioned that it is entirely new threat and named it as NotPetya.

“Organizations in Russia and the Ukraine are the most affected, and we have also registered hits in Poland, Italy, the UK, Germany, France, the U.S. and several other countries,” the researchers mentioned. ”This appears to be a complex attack which involves several attack vectors. We can confirm that a modified EternalBlue exploit is used for propagation at least within the corporate network.”

Jake Kouns, CISO at Risk Based Security mentioned that the attack by WannaCry should have been taken seriously. “Unfortunately, the fast spread of Petya makes it pretty clear that regardless of the reasons for not updating systems, whether they were valid or not, many companies were unable to properly address things the first time around,” he said.

He added that unpatched software is at risk.

“It is critical that all organizations which are able to apply patches for these known vulnerabilities,” he said. “If there is some legit reason for this not being possible, it is imperative to take other precautions and implement compensating controls to protect their systems and mitigate the risk.”

“Companies need to rapidly adopt a much more continuous strategy around patching and security testing, along with a robust disaster recovery plan that gets tested frequently.”Cybric CTO Mike Kail mentioned.

Netskope co-founder and CEO Sanjay Beri said the implications could be massive. “The Petya ransomware attack should serve as an urgent warning for the U.S. — we need a plan in place and the administration has to stop dragging its feet on hiring a Federal CISO,” he said.

“Worse than the recent WannaCry attack, the Petya ransomware campaign is targeting critical infrastructure which, according to an MIT report, is essentially defenseless against cyber criminals,” Beri added. “If this attack reaches us — and given the rate and manner with which it’s spreading it’s only a matter of time — the country’s critical infrastructure is at enormous risk of shutting down.”

“The extortion model is here to stay,” the report states. “More stable growth, which is at a higher level on average, could indicate an alarming trend: a shift from chaotic and sporadic actors’ attempts to gain foothold in [the] threat landscape to steadier and higher volumes.”

___________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc. 

WannaCry ransomware attacked Honda

June 28th, 2017

Honda recently stopped its production at its Sayama, Japan plant due WannaCry ransomware.

The production facility manufactures 1,000 vehicles per day. The plant was started next day.

Along with Honda, Nissan and Renault also halted production at plants in Japan, Britain, France, Romania and India.

“We recommend that you revisit your security patches immediately and ensure that all of your networked computers can connect to kill switches.”Webroot senior threat research analyst Tyler Moffitt said.

Tripwire senior systems engineer Paul Norris mentioned that companies need to take steps to protect themselves.”Effective measures in defeating these sorts of attacks include implementing an effective email filtering solution that is capable of scanning content on emails, hazardous attachments and general content for untrusted URLs,” he said. “Another option would be to better educate the workforce on how to recognize a suspicious email from unknown senders, knowing not to click an untrusted URL, as well as not opening an unexpected attachment.”

RiskVision CEO Joe Fantuzzi mentioned that the Honda plant shutdown shows growing risks in the manufacturing industry. “While manufacturing hasn’t experienced the same attention as other sectors in regards to emerging ransomware trends, it’s now clear that WannaCry and other advanced threats pose severe and crippling risks to this sector, which among other things can halt production, expose blueprints and intellectual property, aid competitors and decimate profit margins, while taking weeks or months to be fully remediated,” he said.

“What’s more, manufacturing isn’t beholden to the same security and compliance standards as healthcare, financial services and other market verticals, making enforcement of consistent security standards even more difficult,” Fantuzzi added. “Consequently, it’s imperative that manufacturers categorize assets in terms of business criticality to see where their most important vulnerabilities reside because taking the initiative to find and prioritize critical vulnerabilities is a small investment in comparison to the long-term damage that could result if these vulnerabilities are ever found by cyber criminals and exploited.”

“Warding off cyber threats, including cyber espionage, is a top corporate priority across industries, but manufacturers and distributors need to do much more to protect their patents, designs and formulas, as well as their private company and employee information,” Jim Wagner, partner-in-charge of Sikich’s manufacturing and distribution practice, said in a statement.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ransomware Attack at Airway Oxygen

June 25th, 2017

Michigan-based Airway Oxygen, Inc. recently suffered data breach due to ransomware attack. Facility is notifying patients that their PHI may have been affected. Airway Oxygen supplies medical equipment.  It mentioned that facility becomes aware of the breach when ransomware was installed in its technical infrastructure. The incident prevented Airway from accessing its own data.

Affected information included full names, home addresses, dates of birth, telephone numbers, diagnoses, types of services provided, and health insurance policy numbers. Bank account numbers, debit or credit card numbers, and Social Security numbers were not included in the breach.

As per the OCR tool, 500,000 individuals were affected by the breach.

“Since learning of the incident, we immediately took steps to secure our internal systems against further intrusion, including by scanning the entire internal system, changing passwords for users, vendor accounts and applications, conducting a firewall review, updating and deploying security tools, and installing software to monitor and issue alerts as to suspicious firewall log activity,” explained the statement, which was signed by Airway Oxygen President Stephen Nyhuis.

Facility in the statement mentioned that it has notified FBI. Also, the cyber security firm is hired to help in the investigation.

“We take the security of those with whom we work and their data very seriously and our team is working diligently to ensure breaches of this type do not happen in the future.”

As per the statement, facility mentioned that steps were taken to secure internal systems. Scanning of the technical infrastructure was carried out. Passwords were changed for the users. Vendor accounts are monitored and review is done for security firewall, security tools. New software installation is done to alert for any such incidents in future.

Customers are advised to place a credit fraud alert. Also, a toll-free number is provided to assist the users.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

U.S Election Systems Attacked by Russian Hackers

June 22nd, 2017

Thirty-nine states were hit by Russian hackers prior to the 2016 U.S. election. In Illinois, hackers got access to the database and tried to delete or alter voters data. A software was also accessed which was used by poll workers on Election Day.

“Last year, as we detected intrusions into websites managed by election officials around the country, the administration worked relentlessly to protect our election infrastructure,” Eric Schultz, spokesman for former President Barack Obama, told Bloomberg.

“Given that our election systems are so decentralized, that effort meant working with Democratic and Republican election administrators from all across the country to bolster their cyber defenses.”

A former senior U.S official mentioned that Russians now possess knowledge of U.S. election systems prior to the next presidential election.

“The U.S. must start putting precautions in place today that assures voter data and election systems are protected, or else history is bound to repeat itself.”Seclore CEO Vishal Gupta said.

Federal agents found traces of hacking into the database. Many states refused to cooperate with the agency.

“It’s laughable how systems we thought were immune to attack were so woefully under-secured.” Venafi chief security strategist Kevin Bocek said.

“We’ve seen this with ATMs and POS systems,” Bocek added. “The finance and retail industries have effectively responded to their own deep vulnerabilities, and now state, local and federal governments need to respond in the same way to protect voting systems.”

“Without a record of who is accessing, changing or deleting data, it’s virtually impossible to detect the compromise,” he said. “It’s not hard to imagine a scenario where voter data has been compromised but has gone undetected due to lack of auditing or evidence of a breach.”Varonis vice president of field engineering Ken Spinner said

“It’s more important than ever to monitor file activity and user behaviour, so that if an outside party is attempting to manipulate or delete information — as happened in Illinois — that activity is able to be flagged and investigated right away,” Spinner added.

“Whether you’re a small company or a national government, the best risk reduction is to limit access to those who need it the most, keeping sensitive data locked down, and to monitor data access so that when something suspicious happens, you can catch it before it turns into global headlines,” Spinner said.

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc. Perhaps, most importantly, your login credentials to cloud applications are protected. 

New SiteLock Application to Protect WordPress

June 19th, 2017

WordPress open-source publishing is the popular platform for companies. It has also attracted cyber criminals. Sites face attacks frequently. SiteLock, a Scottsdale, Ariz. website security vendor has started private beta of its new SMART Database (SMART/DB) solution. This application scans detects and automatically removes spam and malware from WordPress databases.

 SiteLock was formed in 2008. President Neill Feather mentioned that company specializes in helping small and midsized businesses (SMBs) mount a defence against cyber attackers. It also provides easy-to-deploy web application firewall (WAF) and distributed denial-of-service (DDoS) mitigation capabilities. SMBs to strengthen their WordPress deployments are also implemented.

 Operating a website is a risky affair in the current cybersecurity landscape.

“On average, websites face over 8,000 attacks per year from cyber criminals trying to steal valuable resources such as website bandwidth, traffic, and customer data. Popular, well-recognized websites that utilize e-commerce or a large number of interactive features or plugins can be obvious targets for cyber attacks and are often reported in mainstream media,” Feather said.

 “According to SiteLock data, websites using 10 to 20 plugins are two times more likely to be compromised than the average website, and websites linking to Twitter, Facebook and LinkedIn accounts are 2.5 times more likely to be compromised than the average website.”

 Many small business owners do not pay much attention towards cyber security but the trend of attacks is increasing.

 “In fact, 43 percent of all cyber attacks targeted small businesses in 2016,” Feather informed. “Given that the majority of small businesses manage or maintain their own websites, they typically aren’t aware of the time or resources required to ensure adequate protection against ever-evolving security threats such as malware and other vulnerabilities.”

 “It’s important to understand that any website, regardless of the number of features or amount of traffic, is constantly at risk,” he added.

 Many WordPress websites face attack today.

 “As most WordPress websites include customer engagement features such as blog comments, blog contributors, and content aggregation, this emerging malware monitoring technology keeps comments and posts clean from spam, ensuring site content is search engine friendly and is most valuable for visitors,” Feather said. “SMART/DB also mitigates other database malware like malicious redirects and backdoors, ultimately keeping website visitors safe.”

____________________________________________________________________________________________

 Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Series B funding for Trusona

June 17th, 2017

Before four months, Ariz.-based Trusona has Series A funding of $8 million. Now, they have got additional funding of $10 million in a Series B round. This new round was led by Microsoft Ventures along with existing investor Kleiner Perkins.

“Trusona offers businesses the ability to replace a static username and password combination (which can always be lost, stolen or compromised) with a more dynamic way to prove authentication online,” explained Ori Eisen, CEO and founder of Trusona. “With the Trusona app, users can log in with a single tap without typing any username or passwords.”

Trusona is expert in authentication and federated identity technologies for companies. TruToken is the patented technology of the company. It analyzes the physical magnetic signature of a card and the way of swiping the card by the user to determine fraud. It also offers two-step authentication process which involves TruVerify for logins and TruFidelity, which helps combat attacks during online transactions.

Cloud Security Alliance survey which was sponsored by Centrify mentioned that 22 percent of breaches in last year was caused due to stolen user and password. Other survey conducted by SailPoint Market Pulse mentioned that the stolen passwords are also sold.

“All you need is to register with the free Trusona app and the relying party (such as banks, healthcare providers, WordPress, streaming media, Salesforce, a company’s network, etc.) sends you a prompt,” added Eisen.

Trusona continuously tries to look for fraud transactions.

“What sets Trusona apart is its patented technology that uses the unique nature of each authentication to assure the transmission is authentic and not a session replay,” Eisen said. “Trusona’s patented anti-replay technology, infused in every solution, protects from malware that can replay static usernames and passwords to compromise any online account. This assures the right person is behind every digital interaction.”

Microsofts is impressed with this new technology.

“Identity management is a critically important and growing space,” said Nagraj Kashyap, corporate vice president of Microsoft Ventures, in prepared remarks. “Helping businesses and consumers move toward a safer and more secure digital world is a priority for Microsoft. We believe in the work Trusona is doing to give their enterprise clients peace of mind when it comes to data protection.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Security of the end point devices

June 15th, 2017

A Recent survey conducted by Ponemon Institute shows that Sixty-three percent of participants are not able to monitor endpoint devices after they leave the corporate network. Fifty-five percent of endpoint devices contain sensitive data.

Absolute sponsored the survey which also contains below findings –

Fifty-six percent of participants don’t have a cohesive compliance strategy

Seventy percent mentioned that they have a below average ability to limit endpoint failure damages

Twenty-eight percent use automated analysis and inspection for determining compliance.

“It’s clear that enterprises face real visibility and control challenges when it comes to protecting the data on corporate endpoints, ensuring compliance and keeping up with threats,” Ponemon Institute chairman and founder Dr Larry Ponemon said.

The number of malware-infected endpoints devices has increased in the past one year. Also, forty-eight percent are not happy with their endpoint security solution.

“The trends that drove the extraordinary activity in 2016 are continuing unabated in 2017,” Risk-Based Security executive vice president Inga Goddijn said in a statement. “We have seen the return of widespread phishing for W-2 details, large datasets continue to be offered for sale, and misconfigured databases remain a thorny problem for IT administrators.”

Another survey by SACA shows that fifty-three percent reported an increase in cyber attacks. There is a general rise in data breaches.

“There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner,” ISACA board chair Christos Dimitriadis said in a statement. “Cyber security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared.”

Many believe there should be a rise in the budget for the security.

“The rise of CISOs in organizations demonstrates a growing leadership commitment to securing the enterprise, which is an encouraging sign,” Dimitriadis said. “But that’s not a cure-all. With the number of malicious attacks increasing, organizations can’t afford a resource slowdown. Yet with so many respondents showing a lack of confidence in their teams’ ability to address complex issues, we know there is more that must be done to address the urgent cybersecurity challenges faced by all enterprises.”

___________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Half of the third party softwares are outdated

June 13th, 2017

Synopsys conducted a study of 128,782 software applications which shows that almost fifty percent are old.

“Over time, vulnerabilities in third-party components are discovered and disclosed, leaving a previously secure software package open to exploits,” Synopsys Software Integrity Group general manager Andreas Kuehlmann said in a statement. “The message to the software industry should not be whether to use open source software, but whether you are vigilant about keeping it updated to prevent attacks.”

The survey also showed that some of the vulnerability dates back to 1999.

“Coming on the heels of last month’s WannaCry outbreak, the insights in the report serve as a wake-up call that not everyone is using the most secure version of the available software,” Synopsys security strategist Robert Vamosi said. “The update process does not end at the time of software release, and an ongoing pattern of software updates must be implemented throughout the product lifecycle.”

“As new CVEs are disclosed against open source software components, developers need to know whether their products are affected, and organizations need to prevent the exploit of vulnerabilities with the latest versions when they become available,” Vamosi added.

Vanson Bourne survey mentioned that companies are not up to date considering patches and new versions. Half of the user mentioned that they have to bring a team for patches or to deal with a security issue.

“We can see with the recent WannaCry outbreak — where an emergency patch was issued to stop the spread of the worm — that enterprises are still having to paper over the cracks in order to secure their systems,” Bromium CTO and co-founder Simon Crosby said in a statement. “The fact that these patches have to be issued right away can be hugely disruptive to security teams, and often very costly to businesses, but not doing so can have dire consequences.”

“WannaCry has certainly shined a spotlight on a problem that has plagued enterprises for years,” Crosby added. “It is simply impractical to expect enterprise organizations to continually upgrade — even when they have licenses, the actual deployment creates huge disruption, or in some instances would require an entire hardware refresh and result in huge upfront capital costs.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.