Archive for the ‘Malware’ category

Funding for bug bounty vendor

February 9th, 2017

As per the recent news, one can make money in the rewarding business of security researchers for finding security vulnerabilities. HackerOne published that they have raised a $40M Series C round of funding. Total funding received till date for the San Francisco based company is $74 Million.

Dragoneer Investment Group led new round of funding. It will be used to help HackerOne grow its business.

“HackerOne is at the forefront of the burgeoning bug bounty movement,” Marc Stad, Founder and Managing Partner of Dragoneer Investment Group, said in a statement. “It is borderline silly for a company not to utilize a bug bounty platform given the immediate reduction in security vulnerabilities and the relatively low price point compared to other security options.”

Rice, co-founder and CTO of HackerOne in the video interview mentioned the statistics of business growth. Also, discussed the bugs found by HackerOne’s community of researchers.

Hacking the pentagon program was one of the major successes of HackerOne. The results were positive. It has 1,400 security researchers participating in the program. It also discovered 138 serious vulnerabilities which were fixed quickly. Also, the U.S. Department of Defense also got involved in the program.

HackerOne faces competition from bug bounty vendor Bugcrowd. The rival has raised $24 million in funding to date which includes $15 million Series B round.

“When I started the company in 2013, I spent most of my time explaining what a bug bounty was to people,”Bugcrowd founder and CEO Casey Ellis said. “I don’t have to do that anymore.”

“How we do things today is we prove a concept manually first, apply human intelligence to the problem set and then take the repeatable learnings and codify that,” Ellis said.

The market of buy bounty is competitive but there is demand. Rice also mentioned that more bugs have been found by third party bug bounty companies as compared to vendors.

_____________________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach at Delaware

January 21st, 2017

Sixteen self-insured customers and nineteen thousand Highmark members were vulnerable due to a potential attack at Highmark Blue Cross Blue Shield in Delaware.The Delaware Department of Insurance released the information to the public after the incident.

Summit Reinsurance Services, Inc., in Indiana and BCS Financial in Illinois were the two subcontractors involved in the breach. Highmark didn’t specify the explicit nature of the breach. According to the reports, this incident is one of the several data breaches which is related to Summit Reinsurance Services, Inc. in 2016.

Early in November 2016, Summit reported a ransomware attack which impacted thousands of current and former Black Hawk College employees. Affected information contained PHI, including Social Security numbers and health insurance information.

There was also a potential data breach at Louisiana Health Cooperative, Inc. A ransomware compromised sensitive patient information including Social Security numbers.

Trinidad Navarro, the Delaware Insurance Commissioner mentioned that they are looking into the breach.

“I would like to ensure Delaware consumers that the Department of Insurance takes this matter seriously and is currently investigating how this occurred,” Navarro said. “I have directed my staff to closely monitor the situation as it develops. Many Delawareans have received mailed correspondence from Summit Reinsurance explaining the breach. Unfortunately, we fear that many may have misinterpreted or inadvertently discarded the latter as some form of sales ad.”

The Delaware Department of Insurance is helping affected patients by providing resources to answer any questions.

“The Commissioner has ordered an investigation into the reported breach. Highmark Blue Cross Blue Shield of Delaware is cooperating with the Delaware Department of Insurance to resolve the matter.”

“If consumers have received a letter from SummitRe regarding this situation and have questions, they may contact the Delaware Department of Insurance.”

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data breach due to virus

January 10th, 2017

Brandywine Pediatrics, P.A in Delaware recently suffered data breach exposing PHI for many patients. Brandone came to know about the incident when it discovered a file server which was locked due to virus.

Facility immediately recovered the files from backup tapes. Also, it started the investigation and took help of a forensic computer expert. This incident has affected certain PHI which includes name, address, and health insurance and medical information.

Brandwine mentioned that there is exposure of health information but it has not found any evidence which suggests that it was misused. It also included in statement that there is no chance of compromise of patients’ Social Security numbers or payment card information.

Affected individuals are notified about the incident and had asked to take steps to protect them. Facility has improved the security of its systems. Also, policies and procedures are reviewed.

Brandwine mentioned that the privacy and protection of the patients is a top priority.  It also deeply regret any inconvenience or concern this incident may cause. The number of affected individuals are not mentioned in the statement.

Types of attack to gain database access

Physical theft or loss of the device

Rogue employee or other insiders misusing privileges to gain financial or personal gains

Attacks on website and application by finding weaknesses in coding

Phishing to gain passwords and usernames. Legitimate-looking email are sent to employees

Installing malicious software which misdirects users to fraudulent websites

‘Dedicated Denial of Service’ attacks

Ransomware attacks

Point-of-sale intrusions

Remote attacks

Payment card skimmers

Viruses

Worms

Trojan Horses

 Data breaches also occur due to human errors which includes below –

Sending sensitive information to the wrong person by email or fax by mistake

Making information publicly available on a web server or website by mistake

Incorrect disposing of data which also includes paper data

Losing electronic device which contains sensitive data

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ransomware attack

December 30th, 2016

Summit Reinsurance Services recently suffered a potential cyber security threat. The incident may have affected thousands of current and former Black Hawk College employees. Summit works as reinsurance carrier for the Health Alliance, a third-party health insurance administrator for the college.

As per the website, “Summit Reinsurance provides a full-service managing general underwriter and reinsurance intermediary broker who focuses exclusively on managed care.”

Summit Re site also mentioned that it closely works with clients to completely understand risk profile. It also considers clients’ strategic vision and unique reinsurance needs. It believes that the traditional solutions don’t always provide the best experience. Customized solutions are needed considering clients’ requirements. It also provides medical management services to offer cost savings options.

After the attack, Summit informed Black Hawk. According to the reports, ransomware had infected a server containing information which includes names, Social Security numbers, health insurance information, and claim-focused medical records of current and former employees and their dependents.

As per the third-party forensic investigator, the incident occurred on March 12. Summit believes that there is no evidence for any personal information misuse. The investigation is currently ongoing. Also, potentially affected individuals are notified. They are informed about the steps which needs to be taken to improve security. Free access to one year of credit monitoring is provided.

Facility has set up call center to answer all the queries. Summit Reinsurance also suffered data breach earlier this month. That incident affected a server holding information including Social Security numbers and health insurance information.

“We are pleased that Summit Reinsurance Services is moving aggressively and taking the appropriate steps to notify the affected individuals and to minimize the impact this incident may have on them,” said Dr. Bettie Truitt, president of Black Hawk College.

 ___________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Ransomware attack

December 18th, 2016

Dr. Melissa D. Selke based in New Jersey recently announced a data breach. Facility website posted a data breach notification letter. The incident may have affected several thousand patients.

Selke found out that her system had been infected with a virus that prohibited access to patient files. The system was restored immediately. After investigation, the possibility of ransomware attack was analyzed. An unauthorized third party introduced the virus onto her system.

Melissa D. Selke, MD, has practiced privately in the area of Hillsborough and Somerset, New Jersey.  Her total experience of the practice is 15 years. She is board certified in Family Medicine.

Dr. Selke has following education qualification –

BA in behavioral biology with honors at the Johns Hopkins University in Baltimore, Maryland

MD at Baylor College of Medicine in Houston, Texas. After graduating

Residency in Family Medicine at Spartanburg Regional Medical Center in Spartanburg, South Carolina.

Affected information in this incident includes patients’ names, addresses, phone numbers, Social Security numbers, treatment and diagnosis information, driver’s license information, health insurance information, treating physician information, medical record number, and treatment date(s).

Dr. Melissa mentioned in her letter that the third-party “viewed or took patient information stored on the server.”

“We take this incident, and patient privacy, very seriously,” Selke said in a statement. “We are taking steps to help prevent another incident of this kind from happening, and continue to review our processes, policies, and procedures that address data privacy.”

As per the OCR data breach reporting tool, incident has affected approximately 4,200 individuals.

While no protection services were offered, Selke encouraged affected individuals “to remain vigilant against incidents of identity theft and fraud.” Individuals should regularly review their financial account statements, credit reports, and explanations of benefits for suspicious activity, the notification letter said.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Data breach at Vascular Surgical

December 7th, 2016

Vascular Surgical Associates based in Georgia recently suffered data breach after one of its computer servers was hacked. As per the statement, the attack occurred during the time of a software update. After an initial investigation by the facility, it found out that a compromised vendor password was used in this incident.

As per the FAQ section of Vascular Surgical, it had “hired vendors with national reputations and significant client bases to support the computer system infrastructure we use to maintain our medical records.” Furthermore, the ONC had certified the software.

“A password that was created by one of these vendors and controlled by that vendor was used to access our system inappropriately,” the FAQ read. “The perpetrators installed software on our system to prevent us from seeing the activity, but once that activity was identified by our internal IT staff, the system access was changed to prevent additional access using that password.”

As per the OCR data breach reporting tool, incident affected 36,496 individuals. As per the preliminary reports, it is likely that the hackers reside in other countries. Affected information included medical records and demographic information such as dates of birth and addresses. Social Security numbers and financial data were not present on the compromised server. Facility also mentioned that portal was not involved or affected. Patient care is carried as usual.

“Upon learning of the incident and verifying the unauthorized access through forensic evaluation, we immediately secured the server so that this type of attack could not occur again,” the statement explained. “We are confident that none of our staff had any involvement in this incident, as the compromised password that was used to access the information was only available to our vendors and their staffs.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ransomware attack at NJSC

October 28th, 2016

New Jersey Spine Centre announced data breach when its server suffered ransomware attack. Facility mentioned that all of the practice’s electronic medical record files were encrypted. 
eat

Affected information included Clinical information which includes procedures, office notes, reports, demographic information, personal information, and some financial information. Facility notified the FBI and local authorities regarding the incident.

“The malware was blocked by our virus protection software but unfortunately not before the damage had already been completed to our records,” New Jersey Spine Center explained. “The virus likely gained access by utilizing a list of stolen passwords by running an automated program, and demanded a ransom payment to obtain an encryption key to unlock the files.”

Facility did not mentioned whether ransom was paid but it did say that the practice obtained the key. As per the OCR data breach reporting tool states, total 28,000 individuals were affected by the incident.

Facility also mentioned that there is no information to suggest that any medical, personal of financial information was used or stolen by the individuals. Notifications are sent to the concerned individuals.

New Jersey Spine Center is the leading choice for spine care in eastern Pennsylvania and southern New York. It brings the cutting-edge and comprehensive spine care to the region. It also provide a comprehensive evaluation process permitting a thorough and complete evaluation of patients problem for appropriate decision making. A multi-disciplinary approach is provided which enables facility to provide the options available for care.

Two types ransomware in circulation 

First type is called Encrypting ransomware. It uses advanced encryption algorithms to block system files. Hackers demand payment to provide the victim with the key to unblock content.

Second type is called Locker ransomware. It locks the victim out of the operating system and the system. Attackers ask for money to unlock the system.

____________________________________________________________________________________________

Alertsec was established was that encryption should be simple, transparent and available for all.

Phishing Scam at Baystate Health

October 26th, 2016

Baystate Health which is based in Massachusetts recently suffered data breach when several of its employees had fallen victim to a phishing scam. The incident potentially impacted the information of approximately 13,000 patients. scam

Baystate Health is a not-for-profit integrated health care system. It is serving over 800,000 people in western New England. More than 140 years, Baystate Health has been providing skilled and compassionate health care in the region. More than 12,000 team members works for Baystate Health. It is one of western Massachusetts’ strongest economic engines.

On August 22, 2016, facility learned that five of its employees replied to a phishing email. As per the reports, the email was designed by hackers to look like an internal Baystate memo. Certain patient information was accessed by the hackers.

Social Security numbers and other financial information were not included in the emails. Affected information includes patient names, dates of birth, diagnoses, treatments received, medical record numbers and, in some instances, health insurance identification numbers.

Baystate believes that there is no indication that patient information was misused. Facility took steps to secure the email accounts and began an investigation. The incident is also reported to law enforcement.

“Baystate is committed to protecting private information and is taking this matter very seriously,” the statement read. “To help prevent a similar event from happening again, we are increasing our employee training about phishing emails.”

Baystate did not mention number of affected individuals. But as per the OCR data breach reporting tool, accurately 13,112 individuals were affected.

As per the Baystate, “We mailed letters to people who may have been affected. If you believe you may be affected and have not received a letter by November 5, 2016, or if you have any questions about this incident, please call.”

____________________________________________________________________________________________

Alertsec is the easiest way to ensure that any data stored on a laptop is encrypted at all times and kept secure even if the device is lost or stolen.

Ransomware attack affects 33K

October 23rd, 2016

Rainbow Children’s Clinic recently suffered a ransomware attack. According to the reports, the attack left the data encrypted which was stored on the facility’s system. Rainbow mentioned that it shut down the computer system immediately to prevent the information from being lost.

But a forensic investigation team found that the patient records has been irretrievably deleted. Affected information includes patient names, addresses, dates of birth, Social Security numbers, and medical information.

Ransomware is computer malware that installs on a victim’s computer. Hackers use the technique mostly for the purpose of extorting money. It encrypts data with certain passcode. A ransom payment is asked to decrypt it or not to publish it publicly. Simple ransomware may lock the system but the data can be recovered by a knowledgeable person. More advanced malware encryption makes data inaccessible.

Other information which got impacted in Rainbow Clinic incident involves personal information related to patients’ payment guarantors, including guarantors’ names, addresses, Social Security numbers, and medical payment information. Facility mentioned that the affected individuals will be offered complimentary identity monitoring and identity theft resolution services.

“Rainbow Children’s Clinic takes the security of its patients’ information very seriously and has taken steps to prevent a similar event from occurring in the future, including strengthening its security measures and ensuring that its networks and systems are now secure,” Rainbow said.

As per the OCR data breach reporting tool, total 33,698 records got affected. As per the statement:

Notification letters mailed today include information about the incident and steps potentially impacted individuals can take to monitor and protect their personal information. Rainbow Children’s Clinic has established a toll-free call center to answer patient questions about the incident and related concerns. Additional information and recommendations for protecting personal information can be found on the Rainbow Children’s Clinic website.

The privacy and protection of patient information is a top priority, and Rainbow Children’s Clinic deeply regrets any inconvenience or concern this incident may cause.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Cloud Security Survey

October 14th, 2016

A latest survey of 643 IT security professionals in the U.S. And Canada found that around forty eight percent of respondents do not scrutinize the cloud for malware. Another 12 percent are uncertain if they do or not.

The survey conducted by the Ponemon Institute and sponsored by Netskope, also found that while 49 percent of company applications are actually saved in the cloud, only 45 percent of these applications are known, approved or authorized by IT. Over 50% of respondents said that the  chance of a data breach is looming over the industry. Nearly 20 percent are not able to ascertain whether they have experienced a violation or not.

“These data confirm that while cloud adoption is very much on the rise, organizations still lack confidence in the cloud’s ability to protect sensitive information,” Netskope founder and CEO Sanjay Beri said in a statement.

“With the rise of cloud threats like accidental data exposure, malware and ransomware aimed at exfiltrating data and extracting financial gain from sensitive data, IT teams need more robust intelligence, protection, and remediation to protect their data from breach or loss,” Beri added.

Many said the violation happened when information was shown to a user from the cloud-based service, either unintentionally or deliberately. Respondents concerns about cloud protection threats are loss or theft of intellectual property, loss of control over the security of information and end user activities, and compliance breaches.

A different Blancco Technology Group study in the U.S., Canada, Mexico, U.K., Germany, France, India, Japan and China found that 26 percent of participants are not confident or fairly comfortable with the security cloud services offers.

“Whenever storing data offsite with a cloud provider, organizations must be diligent in knowing where their data is being stored, how it’s being protected and when it needs to be removed (in the case of migrating data to a new vendor or consolidating data centers, for example),” Blancco Technology Group chief strategy officer Richard Stiennon said in a statement.

 ___________________________________________________________________________________

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.