Archive for the ‘Computer news’ category

Breach at Italy’s Biggest Bank

July 29th, 2017

The leading bank in Italy, UniCredit mentioned that approximately 400,000 of its customers’ data were affected after third party provider was hacked. The name of the third party is withheld. It is one of the major attack on Italy’s financial institution as per the Reuters.

The bank mentioned that data was stolen in two different breaches.

“UniCredit has launched an audit and has informed all the relevant authorities,” the bank said in a statement. “In the morning, UniCredit will also file a claim with the Milan Prosecutor’s office. The bank has also taken immediate remedial action to close this breach.”

Paul Norris, senior systems engineer for EMEA at Tripwire mentioned that these two breaches occurred in a year.

“Basic security hygiene needs to be adopted by all enterprises, not just financial institutions, and this includes secure configurations and vulnerability management, as well as performing specific threat assessment and countermeasures, which will reduce the overall risk of future attacks,” Norris said.

Evident.io CEO Tim Prendergast mentioned that customers expect that their information should be secured. “Enterprises, therefore, must demand that their partners operate according to the same security rules and protocols they abide by when it comes to customer data,” he said.

“It should be a requirement that all partners use continuous security monitoring of their cloud environments, and adhere to rigorous security protocols if they want to work with a vendor,” Prendergast added.

Matt Walmsley, EMEA director at Vectra Networks, mentioned that the breach reminds companies to take extra care to handle sensitive data.

“In an effort to save costs, businesses often outsource functions to third-party providers and external contractors,” he said. “However, businesses have a duty of care to protect personal information regardless of whether they manage it in-house or out-of-house.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Corelight Rises Series A Funding

July 21st, 2017

A San Francisco-based technology startup Corelight had raised $9.2 million in a Series A round of funding led by Accel Partners. Other participants include Osage University Partners and Dr Steve McCanne, co-founder of Riverbed Technology.

Corelight Sensor is the company product which uses Bro, an open-source network analysis framework to check even the most advanced or stealthy network attacks. Dr Vern Paxson, a professor of computer science at UC Berkeley, who co-founded the company and serves as its chief scientist.

Corelight mentioned that it uses specialized hardware to provide four times the data processing output. It also features high-performance network interface card to quickly generate results.

“Since all data, no matter what the threat vector, travel over networks, the Corelight Sensor is a powerful tool to understand threats” Alan Saldich, CMO of Corelight, told e-security Planet. Those threats include malware infections port scanning, denial of service attacks, unauthorized access, misconfigurations, abuse, exfiltration of data, insider threats, advanced persistent threats, phishing or other email-based attacks, he said.

“While Bro-Corelight is not always the tool that detects incidents–in many cases, it is end users who detect unusual emails or behaviour, or report ransomware–it is the fastest way to resolve them and get clarity about exactly what happened and why to get to the root cause,” continued Saldich.

Corelight Sensor provides output in easy to understand manner.

“Understanding those alerts is a laborious and time-consuming job because there are many systems involved, each with different data, logs, user interfaces, formats and they are not necessarily correlated or organized in a way that is useful to [incident responders],” said Saldich.

“That means that advanced persistent threats can linger undetected or unresolved for hours, days or weeks because dealing with them is so challenging.”

Corelight present the security threat data in a format so that security personals take the action.

“Corelight helps companies resolve cyber security incidents much faster than they can today. We do that by providing clarity and detailed information about all network traffic, summarized and structured specifically for cybersecurity pros and incident responders,” added Saldich.

____________________________________________________________________________________________

Alertsec encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Kaspersky Lab Defends Allegations

July 18th, 2017

Kaspersky Lab is accused of deep connections with Russia-based hacking efforts. The U.S. government has removed the firm from its vendor list which can be used for federal government. The step was taken after U.S. officials, including Adm. Mike Rogers, director of the National Security Agency and Cyber Command leader, testified before a Senate committee mentioning potential risks from Kaspersky Lab software.

Kaspersky Lab has denied the accusations.

“Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government,” the company stated. “The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime.”

Allegations were also made against Kaspersky Lab that it took active participation in raids with Russian law enforcement officials and ‘hacked back’ against organizations.

“Hacking back is illegal, and Kaspersky Lab has never been involved in such activities,” the company stated. “Instead we are actively participating in joint shut-down of botnets led by law enforcements of several countries where the company provides technical knowledge.”


Kaspersky Lab mentioned that it only provides technical expertise throughout the investigation to help catch cybercriminals.

“Concerning raids and physically catching cybercriminals, Kaspersky Lab might ride along to examine any digital evidence found, but that is the extent of our participation, as we do not track hackers’ locations,” the company stated.

“I want to reassure you, our valued partner – there is no evidence because no such inappropriate ties exist,” he wrote in reference to the Russian government allegations. “While Kaspersky Lab regularly works with governments and law enforcement agencies around the world to fight cybercrime, the company has never helped nor will help, any government in the world with its cyberespionage efforts.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Series B funding for Trusona

June 17th, 2017

Before four months, Ariz.-based Trusona has Series A funding of $8 million. Now, they have got additional funding of $10 million in a Series B round. This new round was led by Microsoft Ventures along with existing investor Kleiner Perkins.

“Trusona offers businesses the ability to replace a static username and password combination (which can always be lost, stolen or compromised) with a more dynamic way to prove authentication online,” explained Ori Eisen, CEO and founder of Trusona. “With the Trusona app, users can log in with a single tap without typing any username or passwords.”

Trusona is expert in authentication and federated identity technologies for companies. TruToken is the patented technology of the company. It analyzes the physical magnetic signature of a card and the way of swiping the card by the user to determine fraud. It also offers two-step authentication process which involves TruVerify for logins and TruFidelity, which helps combat attacks during online transactions.

Cloud Security Alliance survey which was sponsored by Centrify mentioned that 22 percent of breaches in last year was caused due to stolen user and password. Other survey conducted by SailPoint Market Pulse mentioned that the stolen passwords are also sold.

“All you need is to register with the free Trusona app and the relying party (such as banks, healthcare providers, WordPress, streaming media, Salesforce, a company’s network, etc.) sends you a prompt,” added Eisen.

Trusona continuously tries to look for fraud transactions.

“What sets Trusona apart is its patented technology that uses the unique nature of each authentication to assure the transmission is authentic and not a session replay,” Eisen said. “Trusona’s patented anti-replay technology, infused in every solution, protects from malware that can replay static usernames and passwords to compromise any online account. This assures the right person is behind every digital interaction.”

Microsofts is impressed with this new technology.

“Identity management is a critically important and growing space,” said Nagraj Kashyap, corporate vice president of Microsoft Ventures, in prepared remarks. “Helping businesses and consumers move toward a safer and more secure digital world is a priority for Microsoft. We believe in the work Trusona is doing to give their enterprise clients peace of mind when it comes to data protection.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Half of the third party softwares are outdated

June 13th, 2017

Synopsys conducted a study of 128,782 software applications which shows that almost fifty percent are old.

“Over time, vulnerabilities in third-party components are discovered and disclosed, leaving a previously secure software package open to exploits,” Synopsys Software Integrity Group general manager Andreas Kuehlmann said in a statement. “The message to the software industry should not be whether to use open source software, but whether you are vigilant about keeping it updated to prevent attacks.”

The survey also showed that some of the vulnerability dates back to 1999.

“Coming on the heels of last month’s WannaCry outbreak, the insights in the report serve as a wake-up call that not everyone is using the most secure version of the available software,” Synopsys security strategist Robert Vamosi said. “The update process does not end at the time of software release, and an ongoing pattern of software updates must be implemented throughout the product lifecycle.”

“As new CVEs are disclosed against open source software components, developers need to know whether their products are affected, and organizations need to prevent the exploit of vulnerabilities with the latest versions when they become available,” Vamosi added.

Vanson Bourne survey mentioned that companies are not up to date considering patches and new versions. Half of the user mentioned that they have to bring a team for patches or to deal with a security issue.

“We can see with the recent WannaCry outbreak — where an emergency patch was issued to stop the spread of the worm — that enterprises are still having to paper over the cracks in order to secure their systems,” Bromium CTO and co-founder Simon Crosby said in a statement. “The fact that these patches have to be issued right away can be hugely disruptive to security teams, and often very costly to businesses, but not doing so can have dire consequences.”

“WannaCry has certainly shined a spotlight on a problem that has plagued enterprises for years,” Crosby added. “It is simply impractical to expect enterprise organizations to continually upgrade — even when they have licenses, the actual deployment creates huge disruption, or in some instances would require an entire hardware refresh and result in huge upfront capital costs.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. 

Security Patch at Twitter

May 24th, 2017

One can send message to anyone using ‘@‘ from any given account in Twitter platform. But this arrangement is challenged by a security bug. Security researcher who goes by alias ‘Kedrisch’ reported this bug to the twitter through Twitter’s bug bounty program run by Hackerone.

“The reporter discovered a flaw in the handling of Twitter Ads Studio requests which allowed an attacker to tweet as any user,” the Hackerone bug report states. “By sharing media with a victim user and then modifying the post request with the victim’s account ID, the media in question would be posted from the victim’s account.”

Kedrisch also provided detailed writeup on the flaw and the steps to discover the vulnerability. The process involves intercepting the owner_id and user_id parameters and using it as a part of the GET and POST actions.

The bug allowed hackers to publish post through any user. Twitter mentioned that the vulnerability was not exploited.

“As former appsec tech lead for twitter, I’ll just say I’m not shocked this was in code from the ads team,” security researcher Charlie Miller wrote in a Twitter message.

Miller has won the famous Pwn2own hacking competition. He is also one who hacked iPhone first time.

Miller responded to one of his team mate, “if a team is responsible for the vast majority of security issues, maybe they should feel not awesome?”

Twitter awarded Kedrisch with $7,560 for the disclosure of the bug. Kedrisch has also disclosed the bug in the twitter platform in December 2016. He got $1,120 for a low severity bug. The ethical hacker also got $1,260 in Oct 2016 for reporting disclosure flaw in the publish.twitter.com. This particular bug was rated as medium security issue.

Kedrisch received three other bounties totaling $1,540 which was not publicly disclosed.

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc.

Stolen laptop leads to data breach

May 2nd, 2017

Lifespan Corporation recently suffered a possible data breach due to stolen laptop. The device belongs to Lifespan employee. An individual broke into employee’s car and stole laptop along with other items. The employee immediately reported the incident to law enforcement & Lifespan.

As per the website, “Lifespan, Rhode Island’s first health system, was founded in 1994 by Rhode Island Hospital and The Miriam Hospital. A comprehensive, integrated, academic health system affiliated with The Warren Alpert Medical School of Brown University, Lifespan’s present partners also include Rhode Island Hospital’s paediatric division, Hasbro Children’s Hospital; Bradley Hospital; Newport Hospital; and Gateway Healthcare. “

To reduce unauthorized access to the laptop, Rhode Island health organization changed the login credentials for accessing Lifespan system information. Facility found out the stolen MacBook was not encrypted. Password protection was also not present on the system.

The laptop included information of 20,431 patients. Affected information included emails containing patient names, medical record numbers, and demographic information. Lifespan has started notifying the affected patients. Call centre is also established to answer the queries.

Facility mentioned that there is no suggestion or information of data misuse. Also, patient medical records or Social Security numbers were not included in the breach.

Facility is retraining the employees to avoid such incidents in future.

“Lifespan is committed to protecting the security and confidentiality of our patients’ information, and we deeply regret this incident occurred.”

How can you protect data when the laptop is stolen?

Encryption

 Encryption can play a major role in securing your data in case of stolen laptop.

Authentication

Biometrics and two-factor authentication (2FA) increases the security level of your device.

Email security

Your email contains a lot of sensitive information. Emails are auto-opened in the system due to stored password. Remember password or use alternative methods to open email accounts.
Find My Device

Activate Find My Device software on your laptop. It will help you to track the laptop.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Keeping sensitive information from leaks

April 11th, 2017

Today companies needs to keep the data very secure due to need of protecting corporate data and  also regulations which require consumer data to be protected. EU General Data Protection Regulation (GDPR) are increasing the fines for non compliance. It is daunting task for companies to comply with regulations.

“I can see the difference from before GDPR and after GDPR,” he said of companies scrambling to shore up data leaks. “Even if I have a tiny office somewhere, I need to check for confidential data.” And automating this scrutiny is the only way to effectively manage it.” said Angel Serrano, senior manager of advanced risk and compliance analytics at PwC UK in London.

What is DLP?

ISACA mention it “data leak prevention”.

Gartner calls it “data loss protection” or “data loss prevention”.

It prevents unauthorized users from sending sensitive data.

“DLP is not one thing, like a tomato,” GBT Technologies co-founder Uzi Yair said, referring to GBT’s enterprise suite of products. In addition to more traditional practices such as scanning endpoints, network and storage as well as policy management and workflow tools, it includes an information rights management (IRM) policy server that applies file-level control over who has access to what, where – it might be solely on-premises – and when.

Recent reports on DLP has below highlights:

  • An average of 20 data loss incidents occur every day all around the world
  • Eighty three percent of organisations have security solutions but still thirty three percent suffer from data loss
  • DLP detects incidents and has regular expressions, dictionary-based rules, and unstructured data for breach detection.
  • Many facilities use DLP only for email instead of full business applications

DLP takes two forms:

  • Agent software for desktops and servers, physical and virtual appliances for monitoring networks and agents, or soft appliances for data discovery
  • Integrated DLP products that may offer more limited functionality

“All these web applications like Google Drive and Office 365 are integrating with other satellite applications,” said Krishna Narayanaswamy, founder and chief scientist at Netskope.” Salesforce uses Google Drive as a place to store files. DocuSign can put documents in Google Drive. You need to be at all the points where data is going into these applications. You need to be able to inspect that data at rest and determine who uploaded that data. Also inspect and apply policies to outgoing email.”

Many companies do not use new ways.

“The new generation considers email a dinosaur. They go to social media – Twitter, LinkedIn, Facebook – you have to cover those as well. More and more communication is coming via SSL, and that’s a big blank spot that many DLP vendors have not considered,” Narayanaswamy said.

“When you look at the web, there are many reasons for sending data from inside to the outside,” Narayanaswamy said. “Modern applications constantly post information about how users are using the application, response times, and so forth, to improve user experience. When you look at every post transaction, there’s a potential for many false positives,” which have been the bane of DLP.

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Ransomeware attack at ABCD

April 8th, 2017

ABCD Pediatrics recently suffered ransomware attack. According to the statement, a virus was inserted to gain access to the healthcare organization’s servers. Patient data was encrypted in the process. Facility contacted IT personnel to take all servers offline. It is conducting detailed analysis.

Experts came to conclusion that this particular type of virus has likely not removed the information from the server.  Facility also mentioned that user accounts may have been accessed through it’s network. Affected information includes names, addresses, phone numbers, dates of birth, Social Security numbers, insurance billing information, medical records, and lab reports.

As per the OCR data breach reporting tool, approximately 55,447 patients may have been affected. ABCD has successfully removed the virus from the system. Corrupted data was also removed from its servers. Secure backup of the facility is not affected and thus used to restore all impacted data. It also mentioned that no PHI was lost or destroyed in the incident.

“Also, please note that ABCD never received any ransom demands or other communications from unknown persons,” ABCD stated. “However, ABCD remains concerned because it discovered user logs indicating that computer programs or persons may have been on the server for a limited period of time.”

Facility has upgraded it cyber security monitoring program to stop future incidents. Call centre is setup for the affected patients.

“Patients also can place a fraud alert on their credit files with the three major credit reporting agencies. A fraud alert is a consumer statement added to one’s credit report. The fraud alert signals creditors to take additional steps to verify one’s identity prior to granting credit. This service can make it more difficult for someone to get credit in one’s name, though it may also delay one’s ability to obtain credit while the agency verifies identity.”

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach due to computer virus

March 29th, 2017

Lane Community College (LCC) health clinic recently announced data breach when one of its technician  found a computer virus in the system. The incident has affected PHI of some patients.

As per the reports, virus was transmitting the names, addresses, phone numbers, diagnoses, and Social Security numbers to unidentified third party almost for a year. Facility has notified potentially impacted patients.

“We have no evidence that any of the information was transmitted (from LCC), but there’s the possibility,” LCC Vice President of College Services Brian Kelly said in a statement to the Register-Guard.

Facility conducted internal investigation. It checked 20 other computers at the health clinic. It concluded that only computer was infected with virus. The incident has affected 2,500 individuals.

LCC has advised patients to monitor their bank accounts. Suspicious activity or any threat should be reported to the police. The college health clinic also asked patients to report data breach to their banks, credit bureaus, and credit card companies.

July 2016 HIPPA Journal mentioned that, “Cyberattacks on healthcare organizations are now a fact of life.”

OCR breach portal do not include all the data breaches that are happening around. But the current breach reports gives us the idea of pattern –

48 data breaches were reported as unauthorized access

43 data breaches were attributed to hacking or network server incidents

37 breaches were caused by the loss or theft of devices used to store ePHI or the loss/theft of physical records

4 breaches were due to the improper disposal of records

Stolen records or exposed data includes pattern as below:

60% were due to hacking (2,703,961 records)

78% were due to loss/theft (1,342,125 records)

6% were the result of unauthorized access or disclosure (342,748 records)

63% were the result of improper disposal (118,594 records)

___________________________________________________________________________________

Alertsec provides a solid foundation on which organizations can build compliance program.