Archive for the ‘data encryption’ category

AI to Hunt Security Threat

August 25th, 2017

Versive which is based in Seattle recently raised  $12.7 million in a round of funding from Goldman Sachs, Formation 8, Madrona Venture Group and Vulcan Capital. Total investment till date is $54.7 million.

Versive Security Engine is the firm’s products which uses artificial intelligence (AI) technologies for critical threats involving networks and the data. As per the CEO Joseph Polverari, product is “an intelligent, automated threat-hunting solution, built on Versive’s award-winning, enterprise-scale artificial intelligence platform,”

“The Versive Security Engine was developed specifically to help cyber security practitioners effectively harness the power of AI to detect, identify, and mitigate advanced adversaries in ways not previously possible,” continued Polverari.

Versive has also announced a strategic partnership with big data and machine learning specialist Cloudera. Company plans to combine Versive’s AI technology and Cloudera’s analytics and machine learning capabilities.

“Using the Cloudera platform, Apache Spot’s open-data models, and the Versive Security Engine, enterprises can detect attackers that would be unseen with other approaches,” said Sam Heywood, director of Cloudera Cybersecurity Strategy.

Venture capital has increased participation in AI based Cybersecurity firms.

Bricata raised $8 million in a Series A round. It uses AI and machine learning technologies in its intrusion detection and prevention solution.

Darktrace announced that it had raised $75 million in a Series D round of funding.

“It marks another critical milestone for the company as we experience unprecedented growth in the U.S. market and are rapidly expanding across Latin America and Asia Pacific in particular, as organizations are increasingly turning to our AI approach to enhance their resilience to cyber-attackers.”Nicole Eagan, CEO at Darktrace said.

AI-enabled risk-detection solution, San Jose, Calif.-based Balbix mentioned that it got $8.6 million in investments.

Balbix is predictive risk analytics platform which shows results in a heat map.

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

New Phishing Attack

August 19th, 2017

Comodo researchers found a new ransomware campaign which targeted tens of thousands using simple email which contained only attachment and no text. The file name is E 2017-08-09 (xxx).xxx with the number in parentheses and different file extension with each email.

After the click on the attachment, a new Locky ransomware variant called IKARUSdilapidated is downloaded.

“Named for the appearances of ‘IKARUSdilapidated’ in the code string, it is clearly related to the ‘Locky’ Trojan and shares some of its characteristics,” the researchers note. “As a new malware variant, it is read as an ‘unknown file’ and is allowed entry by organizations not using a ‘default deny’ security posture (which denies entry to all unknown files until it is verified that they are ‘good’ files and are safe to have enter the IT infrastructure).”

The attachment is unreadable having the following phrase-

“Enable macro if data encoding is incorrect,” a social engineering technique which runs  run a binary file that downloads an encryption Trojan.

Comodo-protected endpoints found out more than 62,000 phishing emails on Aug 9,10 and 11. Eleven thousand IP address where used from one thirty-three different countries.

“This quantity of servers can only be used for a specific task if they are formed into a large bot network (or botnet), and have a sophisticated command and control server architecture,” the researchers note.

As per the Kaspersky, Locky and its variants were the most profitable form of ransomware.

“Ransomware is here to stay, and we will have to deal with it for a long time to come,” Google senior strategist Kylie McRoberts said.

Tripwire principal security researcher Travis Smith told that sending such email is a profitable method.

“For ransomware, the attacker just needs one low-level employee to click a link or open an attachment,” he said.

“That one click then allows them to immediately be paid hundreds, if not millions, of dollars in nearly anonymous cryptocurrency,” Smith added.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Keeping sensitive information from leaks

April 11th, 2017

Today companies needs to keep the data very secure due to need of protecting corporate data and  also regulations which require consumer data to be protected. EU General Data Protection Regulation (GDPR) are increasing the fines for non compliance. It is daunting task for companies to comply with regulations.

“I can see the difference from before GDPR and after GDPR,” he said of companies scrambling to shore up data leaks. “Even if I have a tiny office somewhere, I need to check for confidential data.” And automating this scrutiny is the only way to effectively manage it.” said Angel Serrano, senior manager of advanced risk and compliance analytics at PwC UK in London.

What is DLP?

ISACA mention it “data leak prevention”.

Gartner calls it “data loss protection” or “data loss prevention”.

It prevents unauthorized users from sending sensitive data.

“DLP is not one thing, like a tomato,” GBT Technologies co-founder Uzi Yair said, referring to GBT’s enterprise suite of products. In addition to more traditional practices such as scanning endpoints, network and storage as well as policy management and workflow tools, it includes an information rights management (IRM) policy server that applies file-level control over who has access to what, where – it might be solely on-premises – and when.

Recent reports on DLP has below highlights:

  • An average of 20 data loss incidents occur every day all around the world
  • Eighty three percent of organisations have security solutions but still thirty three percent suffer from data loss
  • DLP detects incidents and has regular expressions, dictionary-based rules, and unstructured data for breach detection.
  • Many facilities use DLP only for email instead of full business applications

DLP takes two forms:

  • Agent software for desktops and servers, physical and virtual appliances for monitoring networks and agents, or soft appliances for data discovery
  • Integrated DLP products that may offer more limited functionality

“All these web applications like Google Drive and Office 365 are integrating with other satellite applications,” said Krishna Narayanaswamy, founder and chief scientist at Netskope.” Salesforce uses Google Drive as a place to store files. DocuSign can put documents in Google Drive. You need to be at all the points where data is going into these applications. You need to be able to inspect that data at rest and determine who uploaded that data. Also inspect and apply policies to outgoing email.”

Many companies do not use new ways.

“The new generation considers email a dinosaur. They go to social media – Twitter, LinkedIn, Facebook – you have to cover those as well. More and more communication is coming via SSL, and that’s a big blank spot that many DLP vendors have not considered,” Narayanaswamy said.

“When you look at the web, there are many reasons for sending data from inside to the outside,” Narayanaswamy said. “Modern applications constantly post information about how users are using the application, response times, and so forth, to improve user experience. When you look at every post transaction, there’s a potential for many false positives,” which have been the bane of DLP.

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Data breach at UNC

March 31st, 2017

University of North Carolina Health Care recently suffered data breach. It is notifying patients of a potential data breach at two UNC Health Care obstetric clinics. The incident involved PHI of 1,300 prenatal patients. The data was transmitted to local county health departments inadvertently.

Data breach involved patients who completed Pregnancy Home Risk Screening Forms at their clinical visits between April 2014 and February 2017 at the Women’s Clinic at N.C. Women’s Hospital and UNC Maternal-Fetal Medicine at Rex.

“If you completed a Pregnancy Home Risk Screening Form, it may have included information about you, such as demographic information (like your name and address), your race and ethnicity, your Social Security number, information about your physical and mental health, sexually transmitted diseases, your HIV status, smoking, drug and alcohol use, and medical diagnosis information related to your pregnancy and any prior pregnancies,” UNC Health Care said in the notification letter.

UNC Health Care after the incident set up a call center. It has also changed/modified its process for submitting patient pregnancy forms. The new provision will ensure eligible patients forms for Medicaid are sent to county health departments. Staff is trained to handle new procedure.

UNC has also asked all county health departments to delete the electronic health information on non-Medicaid patients from their systems.

As per the statement:

“UNC Health Care is committed to providing its patients with superior health care services and takes very seriously its obligation to protect the privacy of patients’ medical information. While UNC Health Care does not believe that any of the patients will be at financial risk as a result of the release any of this information to county health departments, UNC Health Care included in the letters a number of options available to patients for monitoring and reviewing their credit reports and has offered fraud resolution services for any patient who suffers from identity theft as a result of this incident, free of charge.”

___________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Data breach due to computer virus

March 29th, 2017

Lane Community College (LCC) health clinic recently announced data breach when one of its technician  found a computer virus in the system. The incident has affected PHI of some patients.

As per the reports, virus was transmitting the names, addresses, phone numbers, diagnoses, and Social Security numbers to unidentified third party almost for a year. Facility has notified potentially impacted patients.

“We have no evidence that any of the information was transmitted (from LCC), but there’s the possibility,” LCC Vice President of College Services Brian Kelly said in a statement to the Register-Guard.

Facility conducted internal investigation. It checked 20 other computers at the health clinic. It concluded that only computer was infected with virus. The incident has affected 2,500 individuals.

LCC has advised patients to monitor their bank accounts. Suspicious activity or any threat should be reported to the police. The college health clinic also asked patients to report data breach to their banks, credit bureaus, and credit card companies.

July 2016 HIPPA Journal mentioned that, “Cyberattacks on healthcare organizations are now a fact of life.”

OCR breach portal do not include all the data breaches that are happening around. But the current breach reports gives us the idea of pattern –

48 data breaches were reported as unauthorized access

43 data breaches were attributed to hacking or network server incidents

37 breaches were caused by the loss or theft of devices used to store ePHI or the loss/theft of physical records

4 breaches were due to the improper disposal of records

Stolen records or exposed data includes pattern as below:

60% were due to hacking (2,703,961 records)

78% were due to loss/theft (1,342,125 records)

6% were the result of unauthorized access or disclosure (342,748 records)

63% were the result of improper disposal (118,594 records)

___________________________________________________________________________________

Alertsec provides a solid foundation on which organizations can build compliance program.

Data breach at JobLink

March 25th, 2017

America’s JobLink (AJL) recently suffered data breach due to hacking incident. It works with state governments to help job seekers with necessary information across the United States. As per the reports, hacker viewed the personal information of job seekers across 10 states.

Affected information includes the names, Social Security numbers and birthdates of job seekers in Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont. The incident has affected 4.8 million accounts.

After creating a new account hacker exploited a vulnerability  to access data. Company is working with law enforcement. It has also contracted a forensic firm to determine the extent of breach.

“The firm has verified that the method of the hacker’s attack has been remediated and is no longer a threat to the AJLA-TS system,” AJL mentioned.

Lisa Baergen, director of marketing at NuData Security said that whenever personally identifiable information (PII)  is involved, the stolen data can be cross-referenced with data from other breaches to present an even greater threat.

“As a society, we’ve reached the point where every organization entrusted with PII should be constantly testing and hardening its external and internal defenses, and embracing more proactive, effective levels of defense such as consumer behavior analytics solutions, which can constantly validate legitimate users — even when the stolen but accurate credentials are presented,” Baergen said. “That would be the best way to help prevent the sorts of deceitful transactions and identify theft that otherwise may lie ahead for these unfortunate JobLink victims.”

The recent surveys can be summarised as below. It shows the vulnerabilities present in the organizations:

  • Sixty nine percent of respondents mentioned that some of their organization’s existing security solutions are outdated
  • Ponemon Institute survey which was sponsored by Citrix mentioned that just 32 percent of respondents are confident that their employees’ devices are not providing criminals with access to their corporate networks and data
  • Forty eight percent of respondents said their organization has security policies
  • Thirty seven percent of respondents said their organization is highly effective in protecting sensitive data

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breaches due to unauthorized access

March 23rd, 2017

Virginia Commonwealth University (VCU) Health System recently announced data breach which affected over 2,700 patients. The incident occurred due to unauthorized access over a three-year period between January 3, 2014 and January 10, 2017.

Facility conducted investigation which found out that employees of community physician groups, and an employee of a contracted vendor had access to patient records without proper explanation. Concerned employees are terminated.

“As part of the health system’s partnership with community physicians, access is provided to their practices so they can view the medical records of their patients who are referred to the VCU Health System for care and treatment. Access also is provided to certain contracted vendors who provide medical equipment to patients for continuity of care at discharge from the hospital.”

Affected information included patient names, addresses, dates of birth, medical record numbers, health care providers, visit dates and Social Security numbers.

Facility is providing one year of free credit monitoring.

Second incident involves Tarleton Medical who announced data breach recently. Incident involves unauthorized access of a data server containing PHI from patient medical records.

Affected information included patient names, addresses, dates of birth, Social Security numbers, and healthcare claims information.

Facility did not mention number of individuals affected. As per the OCR reporting tool, incident affected 3,929 individuals.

“We have taken steps to enhance the security of TM patient information to prevent similar incidents from occurring in the future,” the healthcare organization explained in its notification letter.

Tarleton Medical contacted FBI. It is also offering patients free access to a credit monitoring service for one year.

As per the statement, it advised patients to follow below guidelines:

You can follow the recommendations on the following page to protect your personal information. You can also contact ID Experts with any questions Please note that the deadline to enroll is three months following the date of this letter. To receive the aforementioned services, you must be over the age of 18, have established credit in the U.S., have a Social Security number in your name, and have a U.S. residential address associated with your credit file. Your services start on the date that you enroll in the services and can be used at any time thereafter for 12 months following  enrollment.

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Verifone suffers data breach

March 17th, 2017

Payment solutions provider Verifone recently announced data breach which affected its internal network.

Verifone CIO and senior vice president Steve Horan sent an email to employees and contractors. They need to change the password within 24 hours. Also, they will be blocked from installing software on a computer till investigation completes. It came to know about the breach from Visa and MasterCard.

Verifone spokesman Andy Payment mentioned that breach didn’t affect payment services network. “We believe today that due to our immediate response, the potential for misuse of information is limited,” he said.

The attack has been traced to Russian hacking group.

As per the statement, “According to the forensic information to date, the cyber attempt was limited to controllers at approximately two dozen gas stations, and occurred over a short time-frame. We believe that no other merchants were targeted and the integrity of our networks and merchants’ payment terminals remain secure and fully operational.”

“The fact that Verifone asked employees and contractors to change their passwords and restricted their control over their desktops and laptops suggests that the attackers followed the usual path to gain access to critical systems such as payment terminals: exploit different vulnerabilities to take control over the devices and the accounts of people already inside the company,” Balabit product manager Peter Gyongyosi told eSecurity Planet by email.

“This once again underscores the importance of a multi-layer, defense-in-depth approach to security,” Gyongyosi added. “Keeping endpoint devices completely secure, especially in a large enterprise, is an impossible task and organizations must prepare for situations where an attacker would gain access to internal accounts. Fine-grained access control and detailed monitoring of activities — especially those related to critical systems — and advanced analytics such as behavior analysis can help security teams gain an edge over the attackers.”

Fortune 1000 Security Performance is declining. Verifone is a member of the Fortune 1000.

“It is possible Fortune 1000 companies exhibit a higher frequency of system compromises due to having a large attack surface,” the report states. “Fortune 1000 companies tend to have a high number of employees, which often corresponds to more networked devices and more IP addresses owned. Criminals also may have more motivation to target these prominent companies as they manage PII, PCI and intellectual property.”

___________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Health Facility suffers data breach due to improper shredding of paper documents

March 9th, 2017

Minnesota-based Allina Health recently suffered data breach due to paper documents, which were emptied into the trash insecurely. As per the reports, proper shredding of the documents was not done.

Documents belong to physician’s private office and was supposed to be shredded at the Minneapolis Heart Institute at Abbott Northwestern Hospital. After the incident, facility launched an investigation. Affected information included patient information including names, medical record numbers, addresses, and insurance information.

As per the OCR data breach reporting tool, incident affected 776 patients.  Facility mentioned that some patients use their Social Security numbers as identification numbers on insurance documents.  Hence there is possibility of Social Security numbers being exposed.

“Allina Health has undertaken a system wide awareness campaign to inform the workforce of the simplified “shred all paper” disposal process and reinforced its safeguards policy to re-emphasize the importance of proper disposal.”

Allina Health also added that there is no information or evidence of any misuse of the data. It is notifying affected patients. Also, one year of free credit monitoring and identity protection services are provided.

“Allina Health has simplified its systemwide process to require all paper and documents be placed into secured or locked shredding bins, whether or not the paper contains patient information,” the statement explained. “All paper is shredded and then recycled. The enhanced process also removes all desk-side recycling bins to prevent paper from being placed into recycling without being shredded first.”

Allina Health mentioned that it takes the confidentiality of patients’ information very seriously. Also, it will take steps to ensure that a similar incident does not occur in the future. Patients who believe they may have been impacted or patients who have other questions should call toll-free number.

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Unauthorized employee access at Vanderbilt University

March 6th, 2017

Vanderbilt University Medical Center (VUMC) recently suffered data breach when it came to know about the unauthorized employee access to patient medical records. As per the reports, concerned employee were working as patient transporters. Patients’ electronic medical records was accessed without necessary permissions.

As per the statement, “The breach prompted the medical center to change the way the patient transport staff gets information so that it no longer gives them access to electronic medical records. Staff in that department were also retrained about appropriate access to information. VUMC is in the process of migrating from its current electronic health record system to a new software system designed by Epic Systems.”

Facilty conducted an audit of electronic medical records (EHR) which was accessed by the employee.  As per the reports, two employees were involved in the breach who viewed adult and pediatric patient information, including patients’ names, dates of birth, and medical record numbers for internal use. One of them got access to patient Social Security numbers in a few instances.

VUMC mentioned that there is no information whether data was downloaded, transferred, or misused in any way. Affected patients received notification letter Facility has offered fraud or identity theft services. As per the report from The Tennessean, incident affected 3,247 medical records.

“We are committed to providing our patients the highest quality care and protecting the confidentiality of their personal information. To our knowledge, the information the employees viewed was not printed, forwarded or downloaded.  So far, we have no reason to believe that our patients’ personal information has been used or disclosed in other ways,” said VUMC Chief Communications Officer John Howser. “While we are not aware of any risk of financial harm to these patients, we are contacting each of them by letter to recommend that they vigilantly review account statements and their credit status.”

_____________________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.