Computer security

Uber Breach

November 27th, 2017

Uber mentioned that it had covered up a massive data breach of 57 million customers’ and 600,000 drivers’ information in late 2016 by shelling out the hackers a $100,000 ransom.

Uber CEO Dara Khosrowshahi mentioned that two hackers “inappropriately accessed user data stored on a third-party cloud-based service that we use.”

Affected information includes 600,000 U.S. drivers’ names and driver’s license numbers, and 57 million global users’ names, email addresses and mobile phone numbers.

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said. “We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage account.”

Uber paid the hackers a $100,000 ransom not to publish the data.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said.

“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

“Breach disclosure is critical to get right, because it can have long lasting effects on the organization and its customers,” SecureAuth chief security architect Stephen Cox said by email.

“To the organization, every breached customer has a financial impact, and long term viability comes into question because of damage to the brand.”

AsTech chief security strategist Nathan Wenzler said the decisions made by Uber’s CISO is shocking after the incident.

“Quite simply, legitimate security professionals know better than this, and the community at large is built upon integrity in all matters,” Wenzler said. “When you act as the front line of defense for an organization, it is imperative that your security team operates in the most honest and forthright manner possible.”

 ___________________________________________________________________________________

AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

Russian Cyber Security Threat

November 25th, 2017

Ciaran Martin, CEO of the U.K.’s National Cyber Security Centre (NCSC) mentioned that hostile states present a significant cyber threat to the country’s critical infrastructure security.

“I can confirm that Russian interference, seen by the National Cyber Security Centre, has included attacks on the U.K. media, telecommunications and energy sector,” Martin mentioned.

“That is clearly a cause for concern — Russia is seeking to undermine the international system,” he added.

As per the survey by Tripwire, forty seven percent said that water, electricity and gas utilities are the most likely entities to be attacked.

“Before the Internet brought almost universal connectivity, industrial security was very different from what it is today,” Tripwire chief research officer David Meltzer said in a statement. “Traditional industrial and critical infrastructure organizations had no Internet as we know it today. Perimeter defense typically meant physical security — gates, fences, barriers and guards. Nowadays, these systems are Internet-connected, more virtualized in many cases, and more remotely accessible than ever before.”

“There is no dispute that connectivity provides many business advantages, such as centralized management and control, remote engineering access and resource consolidation,” Meltzer added. “However, it’s important to remember that it also brings with it a large number of additional risks, mainly increased attack vectors, exposure of inherently insecure and sometimes obsolete IT systems, and the opportunity for attackers to exploit vulnerabilities that have not been patched.”

Survey conducted by a Ponemon Institute of 377 U.S. professionals shows that there is cyber security issue for oil and gas operations. Only thirty five percent believe that their companies are well equipped.

“The fact that nearly 70 percent of oil and gas companies were hacked in the past year must serve as a call to action,” Siemens USA CEO Judy Marks said in a statement. “As oil and gas producers use digitalization to become safer and more efficient, there is a clear need to bulk up defenses for operational technology, which is even more vulnerable to attacks than the IT environment.”

Nozomi Networks founder and chief product officer Andrea Carcano mentioned that energy sector companies are prone to attack 24/7. “It is essential that critical infrastructure operators take steps to increase the visibility into their ICS networks and deploy new innovations that enable early detection of advanced persistent threats, whoever is making them,” he said.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen.

Ransomware Attack and Phony Websites

November 23rd, 2017

ECKAAA

East Central Kansas Area Agency on Aging (ECKAAA) mentioned that they were affected by the ransomware attack.The incident left files encrypted and inaccessible to the company. Cybersecurity company is hired to investigate.

“The ransomware only affected portions of ECKAAA’s server; not every file stored on the server was encrypted,” the statement read. “Although not every file was encrypted, the ransomware perpetrators would have had access to every file stored on the attacked server. Based on its investigation, the company does not believe any data was removed from ECKAAA’s servers.”

Affected information includes names, addresses, and telephone numbers. They also may have contained names, addresses, telephone numbers, dates of birth, Social Security numbers and/or Medicaid numbers.

Facility mentioned that they have backups and the services are not hampered. As per the OCR data breach reporting tool, total 8,750 individuals possibly got affected by this incident.

“ECKAAA has also provided education to its workforce regarding ransomware, including, but not limited to, the importance of using robust passwords,” ECKAAA continued. “All passwords were changed following the ransomware incident. ECKAAA also intends to update its cybersecurity policies and procedures as necessary to prevent similar incidents in the future. As of October 30, 2017, no malicious activity has been detected.”

PHONY WEBSITES

The Recovery Institute of the South East, P.A. (RISE Therapeutic Services) mentioned that it was victim of cyber attack.

Organization said that certain individuals may have been contacted by websites that were claiming to be connected to RISE

“As of now we know that it was used to redirect any contact through the website, email, and also the phone number,” RISE stated. “Through Psychology Today it was confirmed that approximately 200 plus calls and 75 plus emails through their site were rerouted to an unauthorized individual who has yet to be identified.”

 ___________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Device Theft Incidents

November 20th, 2017

Brevard Physician Associates

Brevard Physician Associates mentioned that it was burglarized which possibly affected health data for 7,976 patients. The incident came to notice when the company saw tripped security alarm. An employee of the company found that three computers were missing.

Affected information included patient names, the names of patients’ insurance providers, the amount charged for the services provided, and the CPT codes of the services provided. However, patient addresses, dates of birth, telephone numbers, Social Security numbers, insurance ID numbers, and financial information were not included.

“We believe that the information contained on the stolen computers presents a minimal risk of future identity theft or financial fraud,” Brevard stated. “All three computers were password protected with strong passwords. Additionally, all of the data from all three computers will be automatically deleted upon their connection to the internet.”

Brevard also mentioned that it has “enhanced the security” at its office. Additional policies are in place to ensure it is “appropriately secured in the future.”

Martinsville Henry County

Martinsville Henry County (MHC) Coalition for Health and Wellness recently suffered data breach at Bassett Family Practice. The incident involved stolen laptop from the Bassett employee’s car.

Facility believe that the thief was after the laptop and not the information. As per the OCR data breach reporting tool, total 5,806 individuals may have been impacted.

Affected information includes patient names, dates of birth, account numbers, identity of providers, and/or details about patient visits with the practice. There is currently no indication that Social Security numbers or financial information was on the device.

“We are currently upgrading our IT security policies, procedures and related equipment to prevent future information from being stored on a laptop in an unencrypted manner,” Bassett said. “Please understand we value our relationship with you and take the security of your personal information very seriously. We have taken immediate steps and we will continue to evaluate our technology, policies and procedures in our efforts to prevent another occurrence such as this from happening in the future.”

 ___________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

Ransomware Attack and Phony Websites

November 17th, 2017

ECKAAA

East Central Kansas Area Agency on Aging (ECKAAA) mentioned that they were affected by the ransomware attack.The incident left files encrypted and inaccessible to the company. Cybersecurity company is hired to investigate.

“The ransomware only affected portions of ECKAAA’s server; not every file stored on the server was encrypted,” the statement read. “Although not every file was encrypted, the ransomware perpetrators would have had access to every file stored on the attacked server. Based on its investigation, the company does not believe any data was removed from ECKAAA’s servers.”

Affected information includes names, addresses, and telephone numbers. They also may have contained names, addresses, telephone numbers, dates of birth, Social Security numbers and/or Medicaid numbers.

Facility mentioned that they have backups and the services are not hampered. As per the OCR data breach reporting tool, total 8,750 individuals possibly got affected by this incident.

“ECKAAA has also provided education to its workforce regarding ransomware, including, but not limited to, the importance of using robust passwords,” ECKAAA continued. “All passwords were changed following the ransomware incident. ECKAAA also intends to update its cybersecurity policies and procedures as necessary to prevent similar incidents in the future. As of October 30, 2017, no malicious activity has been detected.”

PHONY WEBSITES

The Recovery Institute of the South East, P.A. (RISE Therapeutic Services) mentioned that it was victim of cyber attack.

Organization said that certain individuals may have been contacted by websites that were claiming to be connected to RISE

“As of now we know that it was used to redirect any contact through the website, email, and also the phone number,” RISE stated. “Through Psychology Today it was confirmed that approximately 200 plus calls and 75 plus emails through their site were rerouted to an unauthorized individual who has yet to be identified.”

 ___________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Data Breach at Forever 21

November 12th, 2017

Retailer Forever 21 recently suffered data breach. Affected information includes credit and debit card information at some Forever 21 locations. Third party notified the company about the breach.

“We immediately began an investigation of our payment card systems and engaged a leading security and forensics firm to assist us,” the company mentioned.

Forever 21 has encryption and tokenization solutions. It mentioned that only some point of sale (PoS) devices where affected. The company do not  know the affected location.

Obsidian Security CTO Ben Johnson mentioned that the breach is a reminder that every retailer is a target. “Holiday shoppers should be diligent in monitoring their account activity, and should consider Apple Pay or cash if they are feeling less confident about the security of the retailers’ systems,” he said.

“Retailers should understand that any areas of weakness, such as those few systems without multi-factor authentication or encryption, will eventually find themselves victim of compromise,” Johnson added. “In some ways things are improving on the defensive side, but we cannot forget that the attackers often innovate faster.”

Recent survey by SiteLock shows that there is growing concern for online shopping. The findings are as below –

Twenty seven percent worry about the information being compromised

Sixty-five percent mentioned that they will not return to the website after it got hacked

Fifty two percent say a store  which provides a secure payment network makes them confident

Another survey conducted by Paysafe has below findings –

Fifty nine percent of U.S. consumers believe fraud is an inevitable part of shopping online

Fifty eight percent said that they are willing to accept any security measures needed to eradicate fraud

Thirty nine percent of US businesses believe their customers would prefer increased security

“For years, consumers have had to overcome the apprehension that businesses know too much about them — from shoe sizes to food preferences,” Paysafe CEO Todd Linden said in a statement. “But as the payment world evolves, it is this knowledge that will make individuals more secure.”

“The evolution of big data will make payments smarter and easier and help to redress the balance between security and convenience,” Linden added. “Big data will be the ultimate key to tightening up security at PoS, online and in brick and mortar environments.”

 ___________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Managing Privileged Passwords

November 11th, 2017

Recent survey conducted by One Identity of 913 IT security pros shows that 86 percent of IT security professionals face challenges managing privileged passwords.

As per the One Identity website – “We believe that security is much more than the practice of denial and restriction. That’s why One Identity’s design and integration philosophy is that our solutions must add agility and efficiency to an organization – regardless of size or market – as well as secure its digital assets.”

Other findings of the survey include –

Eighteen percent use a paper logbook for privileged password management

Thirty six percent manage passwords in Excel or another spreadsheet

Twenty two percent are not able to monitor or record activity performed with admin credentials

Forty percent do not change the default admin password

“Over and over again, breaches from hacked privileged accounts have resulted in astronomical mitigation costs, as well as data theft and tarnished brands,” One Identity president and general manager John Milburn said in a statement. “These survey results indicate that there are an alarmingly high percentage of companies that don’t have proper procedures in place.”

LastPass research survey shows that the average security employee is managing 191 passwords.

Twenty six and half percent of businesses has multi-factor authentication to protect their password vaults.

“While we’re seeing that a significant portion of businesses are investing in multi-factor authentication, it is not yet adopted widely enough to compensate for the shortcomings of passwords,” the report states.

Duo Labs conducted survey of 443 individuals has below findings –

Twenty eight percent of respondents use two-factor authentication (2FA)

Fifty six percent of respondents had never heard of it

Forty-five percent of those who use 2FA said they do so on all services that offer it

“This survey underscores the reality that we as a security community still have a long way to go when it comes to educating the everyday person about proper security behaviors in general and 2FA in particular,” the researchers wrote.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

GDPR

November 8th, 2017

HyTrust conducted survey of 323 attendees at the VMworld 2017 conference in Las Vegas, Nevada. It found that only 21 percent are concerned about GDPR compliance regulations and plan to implement it. Twenty seven percent are concerned but have no plan to implement.

“If you think GDPR desn’t apply to your organization, think again,” HyTrust president and founder Eric Chiu mentioned in a statement.

“Most organizations today are very aware of their security risks, but are not as far along with technology and processes to meet the GDPR compliance requirements, despite a May 2018 deadline that has significant fines for failure to comply,” Chiu added.

Another survey conducted by Carbon Black survey of 120 business decision makers has below findings –

Eighty six percent of respondents mentioned that they are confident in their ability to comply with GDPR requirements

Fifty eight percent are not using effective risk management tools

Survey conducted by Computing Magazine stated that only ten percent have their toolsets for classifying critical data and prioritizing risk to data.

“In order to effectively identify and neutralize data breaches, it’s essential to know what constitutes normal network behaviors versus what is suspicious,” Carbon Black senior director for compliance and governance programs Chris Strand said in a statement.

“Failing to align the right data protection toolsets with people and processes, many organizations are at risk of non-compliance with the GDPR and, more importantly, putting their customers’ information in jeopardy,” Strand added.

Survey conducted by IAPP-EY survey of 548 privacy professionals worldwide shows that fully 95 percent ( 75 percent of whom are located outside the EU) say the GDPR applies to their organization.

“Even though the EU’s GDPR has yet to take effect, organizations the world over are spending money on hiring and promoting privacy staff, training employees on privacy, purchasing technology to help with GDPR compliance, and pushing privacy awareness into every corner of the firm,” the report states.

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Ghostwriter AWS Issue

November 2nd, 2017

Skyhigh Networks researchers is warning about “GhostWriter,”. This entity misconfigures Amazon S3 buckets to allow public write access for a malicious third party to launch man-in-the-middle (MiTM) attacks.

“GhostWriter underlines the fact that security is just not the responsibility of the cloud service providers, but also the customer, and often it is a customer misconfiguration that exposes their data to threat,” Skyhigh chief scientist Sekhar Sarukkai wrote in blog.

According to Skyhigh, more than 1,600 S3 buckets get accessed from the enterprise network. Four percent are exposed to GhostWriter. “Skyhigh has identified thousands of such buckets being accessed from enterprise networks and has shared these affected buckets with AWS for remediation,” Sarukkai wrote.

Affected entities are major news sites, leading retailers, popular cloud services and ad networks.

“Bucket owners who store JavaScript or other code should pay particular attention to this issue to ensure that third parties don’t silently overwrite their code for drive-by attacks, Bitcoin mining or other exploits,” Sarukkai added.

This kind of misconfiguration is creating high profile data breaches which includes expose of 4 million Verizon customers’ data and 3 million WWE fans’ contact details.

Another survey conducted by AlgoSec of 450 senior security and network professionals showed that thirty percent of the participants plan to increase public cloud usage.  Forty four percent said that they faced challenges after migrating to public cloud.

AlgoSec director of communications Joanne Godfrey mentioned that it’s essential for organizations to maintain complete visibility”This enables them to better protect the business and fulfill compliance demands, while taking full advantage of the cost savings and agility offered by the hybrid cloud model,” she said.

“Companies of all sizes are adopting increasingly more complex technical solutions as the market democratizes what was previously reserved for software giants,” Threat Stack CSO Sam Bisbee said in a statement. “This has created an opening for internal and external threats as security teams catch up on cloud, containers, and more.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Deception Technology

October 31st, 2017

Symantec’s endpoint security product suite has latest update which uses deception technology to keep devices secured. Deception technology is first step towards this efforts in the industry.

It unveiled Endpoint Security for the Cloud Generation along with this new technology. It is used by the companies to trick hackers which makes them believe that they had gained access to the systems.

“Deception technology is a direct result of Symantec’s innovation strategy paired with more than 15 years of endpoint security expertise,” Sri Sundaralingam, head of product marketing for Enterprise Security Products at Symantec.

The technique makes hackers to waste their efforts, time and energy breaking into fake servers.

“With deception on the endpoint, customers can now utilize the threat intelligence and deception capabilities of the largest security company in the world to expose stealthy attack tactics, delay attackers, and determine attacker intent beyond what’s available through purely network-based deception technologies – all at a scale like no other in the market,” continued Sundaralingam.

SEP 14.1 also had a new add-on entity which is called Hardening. It isolates suspicious activity at applications.  It also provides behavioral analysis and machine learning to identify malware.

Symantec Advanced Threat Protection (ATP): Endpoint 3.0 employs SEP’s endpoint detection and response features combined with threat intelligence and machine learning to stop attacks.

Company also launched Skycure’s AI-enabled mobile threat defense software. Skycure was acquired by Symantec for an undisclosed amount.

“One of the most dangerous assumptions in today’s world is that iOS and other mobile devices that employees bring into the office are safe, but the apps and data on these devices are under increasing attack,” stated Symantec CEO Greg Clark at the time. “We believe that tomorrow’s workforce will be completely mobile and will demand a cyber defense solution that travels with them.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen