Archive for the ‘computer security software’ category

Data Breach at Swedish Citizens’ Data Points

July 27th, 2017

Unscreened third-party IT workers were provided full access to the information of vehicles including police and military by the Swedish Transport Agency. Management of the operations were outsourced to IBM administrators without security checks in 2015.

According to the reports, as the data is handled in time pressure for this activity, there was no option to transfer bypassing standard security protocols.

Affected information included vehicle registration data for every Swedish citizen, data on all government and military vehicles, weight capacity of all roads and bridges — and the names, photos, and home addresses of air force pilots, police suspects, elite military operatives, and people under witness protection.

As per the Swedish Pirate Party founder Rick Falkvinge the breach is the “worst known governmental leak ever,” noting, “Sweden’s Transport Agency moved all of its data to ‘the cloud,’ apparently unaware that there is no cloud, only somebody else’s computer.”

“Many governments have had partial leaks in terms of method (Snowden) or relations (Manning) lately, but this is the first time I’m aware that the full treasure chest of every single top-secret governmental individual with photo, name, and home address has leaked,” Falkvinge wrote.

The entire register was sent to marketers which also included people in the witness protection program.

When that happened, Falkvinge wrote, “the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these:e records themselves. This took place in open clear text email.”

RiskVision CEO Joe Fantuzzi mentioned the risk of third party vendors.

While understanding your own risk environment is an important step in improving your risk posture, Fantuzzi said, it’s far from the only step.

“Organizations that fail to assess third party vulnerabilities will be left with gaping blind spots that will leave them susceptible to breaches and cyber attacks down the road,” Fantuzzi said.

“Ultimately, organizations need to truly consider third party environments as an extension of their own, and treat them as such from a security and risk perspective.”

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

New additions to Qualys

July 25th, 2017

As per the new announcement, Qualys is upgrading its Software-as-a-Service cloud platform. It now provides customers with new cloud security and SSL/TLS certificate security abilities.

“CloudView a is an entirely new module built on the Qualys Cloud Platform,” Hari Srinivasan, Director of Product Management, Qualys, told eSecurityPlanet.

“CloudView is a new app framework in the Qualys Cloud Platform for a comprehensive and continuous protection of cloud infrastructure.”

Srinivasan mentioned that Cloudview has multiple apps which includes Cloud Inventory and Cloud Security Assessment, Cloud Inventory (CI) and Cloud Security Assessment (CSA).

CI and CSA provides a continuous security of public cloud infrastructure.

“These two apps allow teams to gain critical insights into these cloud resources and their security posture across them,” Srinivasan said.

The company provides insight into SSL/TLS certificate status and deployment.

“SSL Labs does not however store this data for later use,” Asif Karel, Director of Product Management at Qualys, told eSecurityPlanet. “CertView is a commercial offering intended for enterprise customers who will not only benefit from similar assessments of their public as well as internal servers and services, they will also be able to create and maintain an inventory of the certificates deployed in all of their environments and critical infrastructure.”

Karel also mentioned that the customers will be able to find the flaws in the certificate and related dangers

“The grading calculation highlights the support, or lack of support, for mechanisms such as HSTS that prevent protocol downgrade attacks as well as other TLS related vulnerabilities,” Karel said.

HTTP Strict Transport Security (HSTS) is a configuration on a webserver that only allows pages to be served over SSL/TLS as HTTPS.

The market is changed due to the arrival of free Let’s Encrypt. But it has a drawback which karel mentioned.

“Unsuspecting users might think they are communicating with trustworthy sites because the identity of the site has been validated by a CA (Certificate Authority), without realizing that these are just domain validated certificates with no assurance about the identity of the organization that owns the site, Karel said.

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc.

Series A round for Security Startup

July 23rd, 2017

The San Francisco-based cyber security startup Insight Engines recently raised $15.8 million in a Series A round of financing for its threat intelligence gathering tool Splunk also known as called Cyber Security Investigator.

August Capital led the funding round which was backed by Real Ventures, Data Collective, Splunk and its co-founder, Erik Swan. Simon Crosby, co-founder and CTO of Bromium, is also part of an investor group.

Company makes big data easy to explore and work with natural-language processing technologies. Cyber Security Investigator can detect and understand cyber threats by asking questions.

“In today’s day and age, advisories are always changing their patterns of attack, making static alerts ineffective defense,” Grant Wernick, co-founder and CEO of Insight Engines, told e-security Planet. “CSI [Cyber Security Investigator] levels the playing field, allowing the good guys to be dynamic in ways they never imagined possible.”

This technology can help fill the IT companies with the workforce gap.

“CSI helps bridge the hiring chasm between the need for talented individuals and the work force available,” said Wernick. “CSI is a force multiplier for the most advanced security teams who can now achieve more effective results in a fraction of the time. With CSI we have been able to transform physical security staff to augment cyber security operations, which has resulted in both significant cost savings and fresh perspectives for the enterprise.”

It also reduces time to zero in on cyber security issues.

“CSI empowers analysts to escape search fatigue by helping them analyze more of their data and spend less time searching,” he said. They can “spend more time focused on mitigating real threats and significantly less time focused on crafting esoteric queries. Using CSI, analysts no longer need to be big data specialists and can focus back on defending against an ever-increasing threat landscape.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers. 

Breach at Hotel Chains

July 16th, 2017

The Trump, Four Seasons, Loews and Hard Rock hotel chains notified customer due to massive breach of Sabre’s SynXis reservations system. Earlier, Google also notified its employees that their personal information may have been breached due to same reservations system.

Trump Hotel

“This incident occurred on the systems of Sabre Hospitality Solutions, a service provider used by Trump Hotels,” the company noted. “It did not affect Trump Hotels’ systems.”

As per the Sabre’s investigation, the hacking was done on Trump Hotels reservation data. Affected information included cardholder names, payment card numbers, card expiration dates and some security codes, as well as some guest names, email addresses, phone numbers and mailing addresses.

Affected Trump properties includes: Trump Central Park, Trump Chicago, Trump Doonbeg, Trump Doral, Trump Las Vegas, Trump Panama, Trump Soho, Trump Toronto, Trump Turnberry, Trump Vancouver, Trump Waikiki, Trump DC, Trump Rio De Janeiro, and Albermarle Estate.

Four Seasons

Sabre’s investigation also determined that Four Seasons payment card and other reservation information was accessed.

”It is important to note that reservations made on Fourseasons.com, with Four Seasons Worldwide Reservations Office, or made directly with any of Four Seasons 10 hotels or resorts were not compromised by this incident,” the company mentioned.

Hard Rock Hotels

Affected Hard Rock properties includes: the Hard Rock Hotel & Casino Biloxi, Hard Rock Hotel Cancun, Hard Rock Hotel Chicago, Hard Rock Hotel Goa, Hard Rock Hotel & Casino Las Vegas, Hard Rock Hotel Palm Springs, Hard Rock Hotel Panama Megapolis, Hard Rock Hotel & Casino Punta Cana, Hard Rock Hotel Rivera Maya, Hard Rock Hotel San Diego and Hard Rock Hotel Vallarta.

Loews Hotels

“Following an investigation, Sabre notified us on June 6, 2017 that an unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some Loews Hotels’ hotel reservations processed through Sabre’s CRS,” the Loews Hotels said.

“Every organization entrusted with PII — both the direct-to-consumer providers such as the hospitality chains and the third parties such as Sabre — should constantly be testing and hardening their defenses, and embracing more proactive and effective levels of security such as consumer behavior analytics solutions to help prevent identity thefts,” Lisa Baergen, director of marketing at NuData Security.

“As cybercriminals continue to evolve their methods and capabilities, the challenge facing cyber security professionals will only grow,” Guidance Software president and CEO Patrick Dennis said in a statement. “We see this reflected in the data on the frequency of attacks, costs of a breach and more. Enterprises are beginning to realize that compromise is inevitable, so they need to ensure that they have a complete strategy that includes costs for prevention and deep detection and response tools.”RiskVision CEO Joe Fantuzzi said.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

AI Security Company Series D Round

July 10th, 2017

Darktrace U.K.-based startup which has offices in San Francisco has recently raised $75 million in a Series D round of funding.

Nicole Eagan, CEO at Darktrace, mentioned that Insight Venture Partners’ participation in the investment “is another strong validation of the fundamental and differentiated technology that the Enterprise Immune System represents,” in a statement. “It marks another critical milestone for the company as we experience unprecedented growth in the U.S. market and are rapidly expanding across Latin America and Asia Pacific in particular, as organizations are increasingly turning to our AI approach to enhance their resilience to cyber-attackers.”

Company uses artificial intelligence to tackle security threats. The Enterprise Immune System uses the algorithm in real time to stop the attack. It tracks normal behaviour and security threats. It also detects insider threats and zero-day attacks.

“Unlike more common forms of malware, which rely on human-mediated methods such as phishing to co-opt people into triggering the payload, this type of attack uses a worm to move from machine to machine without human intervention,” Andrew Tsonchev, director of Cyber Analysis at Darktrace, wrote in a blog post. “Fortunately, it is precisely this – a dramatic change in internal activity – which has allowed us to effectively fight back.”

Company mentioned that its contract value has now reached $200 million. Bookings are also increased in the US. The headcount in last year is doubled to 500. It has 450 partners. Most important the software has detected over 48,000 serious threats.

“Unlike more common forms of malware, which rely on human-mediated methods such as phishing to co-opt people into triggering the payload, this type of attack uses a worm to move from machine to machine without human intervention,” Andrew Tsonchev, director of Cyber Analysis at Darktrace, wrote in a blog post. “Fortunately, it is precisely this – a dramatic change in internal activity – which has allowed us to effectively fight back.”

Another AI based security company Attivo Networks has also raised $15 million.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers

IoT Security

July 5th, 2017

The Internet of Things (IoT) is seeing the rapid rise but it seems to repeat the history of technology evolution. The pace of growth is not matched with security requirements. IoT helps automation as well as real-time synchronization of business processes. The implementation helps for precise response in real time.

 “IoT devices assist businesses in real-time responses to supply-and-demand market effects, they empower patients and healthcare professionals to continuously monitor conditions, and they enable electric grid operators to adjust the production, flow, and cost of electricity according to real-time market demands to ensure the most efficient, resilient, and cost-effective solution,” says James Scott, senior fellow at the Institute for Critical Infrastructure Technology, a Washington DC-based cybersecurity think tank.

Hundreds of companies now provide IoT solutions. But security aspect is lagging behind.

 “As was shown in the Dyn attack, we appear doomed to repeat the mistakes we made with PCs and mobile devices in IoT,” says Tom Byrnes, founder and CTO of ThreatSTOP. “Once again, cost reduction has made security an afterthought, if a consideration at all, with predictably disastrous consequences.”

 It is different than other systems as threat involved is higher due to many connection points. As per the Intel, 200 billion IoT devices will be online by 2020.

 “Most IoT devices and sensors lack any form of security or security-by-design,” says Scott.

 “Without layered security of the IoT microcosms, hacktivists can disrupt business operations, cyber-criminals can compromise and ransom pacemakers, and cyber-jihadists or nation-state sponsored threats can compromise and control the grid,” to name just a few of the potential IoT security attack scenarios.

“Every IoT device has inherent vulnerabilities and exploitable weaknesses resulting from a culture that sacrifices security in the design process in favor of meager savings and in the rush to market,” says Scott. “The overwhelming preponderance of insecure IoT devices in the future will render security an impossibility in the future.”

 Most of IoT devices do not have computational power or battery life to have security applications.

 “We need to develop cost-effective IoT devices that incorporate security-by-design rather than cheaper and less secure alternatives,” says Scott. “While that may save a few dollars in the short-term, it puts the public and critical infrastructure at risk of losing millions of dollars and valuable data in the long-term.”

 Also, there is lack of platform standards.

 “With old devices lasting longer than ever before, there are many devices currently in use that do not support new standards,” says Sam Rehman, Chief Technology Officer of Arxan. “Hackers will always see legacy devices as a prime choice of entry.”

 ___________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Content to Prevent Data Breach

July 3rd, 2017

Egnyte a Calif. based content collaboration and governance specialist has launched a new cloud-based solution which looks after insider threat. The product focus on IT security professionals. Nowadays distributed workspace needs shared information system which uses on-premises collaboration platforms or cloud-based services which may cause data breach.

“As users and organizations are more global and interdependent they need to share more content with each other and then need to do it in a secure way using EFSS [enterprise file synchronization and sharing] solutions not email attachments for instance,” Isabelle Guis, chief strategy officer at Egnyte mentioned.

“But as you hire contractors and have many places where your content resides (on-premises, cloud, cloud apps, etc.) it is very difficult to enforce the security policies at the repository level or even train all your users and new hires to properly handle their content.”

Data leaks can occur due to various loopholes.

“For example, a merger and acquisition folder could be shared via a public link and one of the intended recipients forwards the link to someone who should not see that data,” Guis said. “Or, a very common example – a disgruntled employee downloads all of ‘their’ work, which is actually the company’s IP [intellectual property], right before leaving your company and going to a competitor,” a situation allegedly at the center of the high-stakes Google-Uber lawsuit.

Egnyte product looks for sensitive content in the database.

Then it “provides real–time analysis of all the content within an organization and presents actionable insights to help administrators prevent these types of aforementioned data breaches,” Guis said.

“Egnyte Protect continuously analyzes an organization’s entire content environment and classifies the most sensitive information, such as credit card numbers, social security numbers, sensitive IP, HIPAA information, and much more,” she added. “Then, in real–time, Egnyte Protect identifies vulnerabilities, alerts administrators, and offers actions that can immediately fix any issue that is found across all of the organization’s content repositories.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Kmart Attacked by Hackers Again

July 2nd, 2017

Kmart suffered another data breach when its server was attacked by hackers.

 “Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls,” a Kmart FAQ on the data breach states. “Once aware of the new malicious code, we quickly removed it and contained the event.”

 Sears Holdings owns Kmart. It has not mentioned the number of affected card holder in the statement. Also, the location impact is also not disclosed. But it mentioned that only card information got breached.

 “All Kmart stores were EMV ‘Chip and Pin’ technology enabled during the time that the breach had occurred and we believe the exposure to cardholder data that can be used to create counterfeit cards is limited,” the company stated. “There is no evidence that kmart.com or Sears customers were impacted nor that debit PIN numbers were compromised.”

 This is the second breach in three years. Security of the card is crucial and online shops are finding it difficult to secure.

 “Consumers should monitor the transactions on any account linked to credit or debit cards they have used in a Kmart store and report any fraudulent transactions to their bank as soon as they are identified,” Capps said. “Given the brisk migration to a chip-and-pin system, we are unlikely to see the stolen credentials used for in-person payments, but they can be used for online transactions. “

 In 2014, Kmart was affected by malware.

 “We will likely find that this attack started with a stolen credential, used to inject the malware into Kmart’s networks,” Nir Polak, CEO of security vendor Exabeam mentioned. “In this modern operating environment, better behavioral analysis — focused on both use of credentials and on the system processes that are spawned from malware — is the best way to detect and shut down these attacks.”

____________________________________________________________________________________________

 Alertsec encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Massive New Ransomware Attack

June 29th, 2017

Recently world suffered a massive WannaCry attack. Now new ransomware attack was launched using same Windows vulnerability. Ukraine is the most affected country affecting government, transport systems, banks and power utilities and companies like WPP, pharma giant Merck, manufacturing company Saint-Gobain, and Russian steel and oil giants Evraz and Rosneft.

One WPP subsidiary has asked staff to turn off and disconnect all Windows machines as it was a victim of “massive global malware attack, affecting all Windows servers, PCs and laptops.”

Shipping company Maersk tweeted, “We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack. We continue to assess the situation. The safety of our employees, our operations and customers’ business is our top priority.”

Merck tweeted “We can confirm our company’s computer network was compromised today as part of the global hack. Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more.”

Kaspersky Lab researchers mentioned that it is entirely new threat and named it as NotPetya.

“Organizations in Russia and the Ukraine are the most affected, and we have also registered hits in Poland, Italy, the UK, Germany, France, the U.S. and several other countries,” the researchers mentioned. ”This appears to be a complex attack which involves several attack vectors. We can confirm that a modified EternalBlue exploit is used for propagation at least within the corporate network.”

Jake Kouns, CISO at Risk Based Security mentioned that the attack by WannaCry should have been taken seriously. “Unfortunately, the fast spread of Petya makes it pretty clear that regardless of the reasons for not updating systems, whether they were valid or not, many companies were unable to properly address things the first time around,” he said.

He added that unpatched software is at risk.

“It is critical that all organizations which are able to apply patches for these known vulnerabilities,” he said. “If there is some legit reason for this not being possible, it is imperative to take other precautions and implement compensating controls to protect their systems and mitigate the risk.”

“Companies need to rapidly adopt a much more continuous strategy around patching and security testing, along with a robust disaster recovery plan that gets tested frequently.”Cybric CTO Mike Kail mentioned.

Netskope co-founder and CEO Sanjay Beri said the implications could be massive. “The Petya ransomware attack should serve as an urgent warning for the U.S. — we need a plan in place and the administration has to stop dragging its feet on hiring a Federal CISO,” he said.

“Worse than the recent WannaCry attack, the Petya ransomware campaign is targeting critical infrastructure which, according to an MIT report, is essentially defenseless against cyber criminals,” Beri added. “If this attack reaches us — and given the rate and manner with which it’s spreading it’s only a matter of time — the country’s critical infrastructure is at enormous risk of shutting down.”

“The extortion model is here to stay,” the report states. “More stable growth, which is at a higher level on average, could indicate an alarming trend: a shift from chaotic and sporadic actors’ attempts to gain foothold in [the] threat landscape to steadier and higher volumes.”

___________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc. 

WannaCry ransomware attacked Honda

June 28th, 2017

Honda recently stopped its production at its Sayama, Japan plant due WannaCry ransomware.

The production facility manufactures 1,000 vehicles per day. The plant was started next day.

Along with Honda, Nissan and Renault also halted production at plants in Japan, Britain, France, Romania and India.

“We recommend that you revisit your security patches immediately and ensure that all of your networked computers can connect to kill switches.”Webroot senior threat research analyst Tyler Moffitt said.

Tripwire senior systems engineer Paul Norris mentioned that companies need to take steps to protect themselves.”Effective measures in defeating these sorts of attacks include implementing an effective email filtering solution that is capable of scanning content on emails, hazardous attachments and general content for untrusted URLs,” he said. “Another option would be to better educate the workforce on how to recognize a suspicious email from unknown senders, knowing not to click an untrusted URL, as well as not opening an unexpected attachment.”

RiskVision CEO Joe Fantuzzi mentioned that the Honda plant shutdown shows growing risks in the manufacturing industry. “While manufacturing hasn’t experienced the same attention as other sectors in regards to emerging ransomware trends, it’s now clear that WannaCry and other advanced threats pose severe and crippling risks to this sector, which among other things can halt production, expose blueprints and intellectual property, aid competitors and decimate profit margins, while taking weeks or months to be fully remediated,” he said.

“What’s more, manufacturing isn’t beholden to the same security and compliance standards as healthcare, financial services and other market verticals, making enforcement of consistent security standards even more difficult,” Fantuzzi added. “Consequently, it’s imperative that manufacturers categorize assets in terms of business criticality to see where their most important vulnerabilities reside because taking the initiative to find and prioritize critical vulnerabilities is a small investment in comparison to the long-term damage that could result if these vulnerabilities are ever found by cyber criminals and exploited.”

“Warding off cyber threats, including cyber espionage, is a top corporate priority across industries, but manufacturers and distributors need to do much more to protect their patents, designs and formulas, as well as their private company and employee information,” Jim Wagner, partner-in-charge of Sikich’s manufacturing and distribution practice, said in a statement.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.