data breach

Oracle CEO Promises Autonomous Security Technology

October 2nd, 2017

Oracle’s founder Larry Ellison mentioned Equifax mistakes while mentioning that new Oracle technology would help to prevent Oracle customers from the data breach.

Due to vulnerability in the Apache Struts framework, there was data breach which exposed personally identifiable information on 143 million Americans.

“The biggest threat by far in cybersecurity is data theft,” Ellison said. “Preventing data theft is all about securing your data.”

As per the Oracle CEO, Oracle database is the safest database. Its new Oracle 18c database has autonomous capabilities. It has auto-tuning as well as automatic patching capabilities.

Ellison plans on announcing a new cyber-security service.

“You have to know when you’re being attacked and as they come in and you better detect that during reconnaissance phase,” Ellison said. “The attacker’s goal is to take your data and send it someplace else.”

The new system will automatically detect threats when they first appear. It will immediate defend and remediate against the detected problem.

He also mentioned that automated patching is key to the cyber defense.

“We have to automate our cyber-defences and you have to be able to defend yourself without taking your systems offline or shutting down your database,” Ellison said.

The new system makes use of machine learning and has the same underlying technology foundation as the Oracle 18c database.

“No human error means no opportunities for human malicious behaviour,” Ellison said.

“After your database’s been notified by your security system it has to be able to patch itself immediately while running,” he explained.

“There was a patch available for Equifax [but] somebody didn’t apply it. It’s a clean sweep; directors aren’t safe, nobody’s safe when something like that happens. People are going to get better at stealing data and we have to get a lot better at protecting it.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra.

Deloitte Firm Data Breach

September 26th, 2017

Deloitte firm suffered data breach when it was hit last year by a cyber attack. The incident affected confidential emails and plans of at least six of its clients. Firm mentioned that attack was privileged, unrestricted ‘access to all areas.

Affected information also included usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

As per the statement “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte.”

“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators,” the company added.

As per the source, the exact duration was not known to the company.

“I think it’s unfortunate how we have handled this and swept it under the rug,” the source told Krebs. “It wasn’t a few emails like reported. They accessed the entire email database and all admin accounts. But we never notified our advisory clients or our cyber Intel clients.”

Raytheon chief strategy officer for cyber services Josh Douglas mentioned that data was not protected properly. “Two-factor authentication … is a basic part of cyber hygiene, and while it might not have prevented the intrusion altogether, it would have at least slowed the attackers and forced them to use more sophisticated methods,” he said.

He added that 2FA alone isn’t enough. “Organizations need to hunt threats to their network proactively and adopt an incident response plan that prevents or limits the exfiltration of sensitive data,” he said. “Comprehensive cybersecurity is especially important in the era of cloud computing, where companies are storing sensitive data remotely. As we tell our clients, cloud computing puts your information on someone else’s computer — so it’s vital to protect the cloud exactly as you would your own servers.”

“Some key elements to such a strategy are an optimally deployed and tuned SIEM platform leveraging machine learning, a combination of internal and external expertise actively engaged in analysis, and the use of deception technology to identify active attackers and suspicious behavior,” Netsurion CISO John Christly said.

VASCO Data Security CMO John Gunn mentioned growing trends among hacker to attack other confidential. ”This was first evidenced by the successful attack on newswire services that yielded hackers more than $100 million of insider trading profits, and more recently with the successful breach of the SEC for confidential information on publicly traded companies,” he said.

“Firms such as Deloitte that have troves of sensitive, non-public information that could be used for illegal trading activity will find themselves increasingly in the cross-hairs of sophisticated hacking organizations,” Gunn added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Superfish Privacy Claims Settled by Lenovo

September 24th, 2017

PC vendor Lenovo admitted that adware is known as ‘Superfish’ was pre-installed on their system. These PCs were sold in the U.S. Now, Lenovo and the U.S. Federal Trade Commission (FTC) and a coalition of 32 state attorneys have settled the case. The FTC claimed that Superfish Adware was violating consumer privacy and filed the legal complaint in 2014.

“Lenovo compromised consumers’ privacy when it pre-loaded software that could access consumers’ sensitive information without adequate notice or consent to its use,” Acting FTC Chairman Maureen K. Ohlhausen said in a statement. “This conduct is even more serious because the software compromised online security protections that consumers rely on.”

Earlier Lenovo denied the claim and added that there is no evidence to say that systems have security concerns. In early 2015, company changing it stance admitted that the adware has security risks.

The main issue with Superfish is that it installed a security certificate which allowed – ‘it work as a man-in-the-middle (MiTM) and intercept traffic between the user and the intended location’.

“To date, we are not aware of any actual instances of a third-party exploiting the vulnerabilities to gain access to a user’s communications,” Lenovo stated. “Subsequent to this incident, Lenovo introduced both a policy to limit the amount of pre-installed software it loads on its PCs and comprehensive security and privacy review processes, actions which are largely consistent with the actions we agreed to take in the settlements announced today. “

As per the settlement between two parties, Lenovo mentioned that it will stop misrepresenting preloaded software. It also agreed to implement a comprehensive security program for next 20 years. The program is subject to third-party audit.

Lenovo has agreed to security risks but remains firm that there is no violation of privacy of customers.

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection. 

Cloud Security Error Affects Half a Million Voters

September 16th, 2017

Kromtech researchers recently found a misconfigured CouchDB database which affected information of 593,328 Alaskan voters.

“When the database was configured, administrators bypassed important security settings that were set to ‘public’ instead of ‘private,’ allowing anyone with an Internet connection to gain access [to] the repository,” Kromtech chief security communications officer Bob Diachenko wrote in a blog post analyzing the breach.

TargetSmart CEO Tom Bonier mentioned that the breach was due to the third party. “We’ve learned that Equals3, an AI software company based in Minnesota, appears to have failed to secure some of their data and some data they license from TargetSmart, and that a database approximately 593,000 Alaska voters appears to have been inadvertently exposed, but not accessed by anyone other than the security researchers on our team and the team that identified the exposure,” he said.

Kromtech vice president of strategic alliances Alex Kernishniuk said that system needs to be updated”This is yet another wakeup call for companies, governments, and political organizations to audit their networks, servers and storage devices and ensure they take the proper security precautions,” he said.

Kromtech also discovered another breach where it affected 3,065,805 WWE fans’ personal information and 48,000 Indian citizens’ personal data.

Dome9 co-founder and CEO Zohar Alon told eSecurity Planet by email that it’s more important than ever for companies to define strict controls and practices for the handling of sensitive data.

“Attackers are looking for two things: repositories with data of value to organizations, and weak security practices,” he said.

“As more data makes its way to the public cloud and security practices around CouchDB become more standardized and robust, attackers will shift their attention to other low-hanging fruit, and exploit commonly known security gaps such as misconfigurations,” Alon added.

“With 2017 having already set new records in terms of the magnitude of cyber attacks, boards should be aware that it’s only a matter of time until their organization will be breached since most still lack efficient security shields,” Bitdefender Senior eThreat Analyst Bogdan Botezatu said in a statement.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Attack on Critical Infrastructure

September 2nd, 2017

Symantec researchers recently investigated and published findings of new cyber attacks which targeted the energy sector in Europe and North America. Attack group is known as Dragonfly which is involved in such activities since 2011.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so,” the Symantec researchers wrote in a blog post.

Symantec cyber security researcher Eric Chien mentioned Reuters that many of companies have been targeted which few based in U.S.

“As it did in its prior campaign between 2011 and 2014, Dragonfly 2.0 uses a variety of infection vectors in an effort to gain access to a victim’s network, including malicious emails, watering hole attacks, and Trojanized software,” the researchers mentioned.

Attackers were trying to gain remote access to the system.

“Trojan.Heriplor is a backdoor that appears to be exclusively used by Dragonfly, and is one of the strongest indications that the group that targeted the western energy sector between 2011 and 2014 is the same group that is behind the more recent attacks,” the researchers wrote. “This custom malware is not available on the black market, and has not been observed being used by any other known attack groups.”

RiskVision CEO Joe Fantuzzi mentioned that there is a rise in the attack on the energy sector. “Critical infrastructure is clearly becoming more of a target for hackers as it provides access not only to sensitive information but the ability to dramatically impact and/or harm large numbers of people,” he said.

Fantuzzi added that energy sector company should do risk analysis. “Unfortunately, security defenses protecting these systems have often been neglected or routinely deprioritized, and as a result, are substandard or completely outdated, thus giving cyber criminals an easy entry into these networks,” he said.

 ___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Data Breach at Tewksbury Hospital

August 23rd, 2017

Tewksbury Hospital which is based in Massachusetts recently found out that there was unauthorized EHR access. The incident may have potentially led to a data breach.

As per the statement by a former Tewksbury Hospital patient, the electronic medical record was accessed inappropriately by an unauthorized individual.  After the investigation, a hospital found out that an employee may have accessed the data without proper justification.

It also found out that 1,000 other current and former patients information was accessed. Affected information included patient names, addresses, phone numbers, dates of birth, gender, diagnoses, and other information regarding medical treatment.

The employee has been terminated by the facility. The person no longer has access to the hospital’s HER system. Tewksbury Hospital also mentioned that there is no evidence of information misuse.

Patients are notified of the current incident. The Massachusetts Attorney General’s Office, the Massachusetts Office for Consumer Affairs and Business Regulation, and OCR are also notified.

“To reduce the chance of future incidents like this occurring, we are reviewing our policies regarding access to the electronic medical records system,” read a statement on the Massachusetts Health and Human Services website. “We are also reassessing how we review our workforce members’ use of the electronic medical records system, and we will be reviewing the training we provide to all workforce members regarding the privacy and security of confidential information.”

Affected individuals are encouraged to call toll free number for any further information about the incident. They can also take following steps –

  • Request initial fraud alert
  • Order a Credit Report and review the account (look for inquiries listed on the credit report from businesses that accessed your credit without a request)
  • Request a security freeze

If you are affected by the data breach you have the right to file a police report and obtain a copy of it. Massachusetts law gives you right to obtain any police report filed in regards to the incident.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. 

Data Breach at Anthem Vendor

August 21st, 2017

An Anthem vendor recently suffered a data breach that could affect 18,580 Medicare members. The company known as LaunchPoint Ventures, LLC (LaunchPoint) is a Medicare insurance coordination services vendor. It came to know that one of its employees “was likely involved in identity theft related activities.”

LaunchPoint also found out that “some other non-Anthem data may have been misused by the employee”. The person emailed file containing PHI. The investigation about the emails is going on.

Affected information included Medicare ID numbers (which includes a Social Security number), health plan ID numbers, Medicare contract numbers, dates of enrollment, and limited numbers of last names and dates of birth. 

“LaunchPoint terminated the employee, hired a forensic expert to investigate, and is working with law enforcement,” read Anthem’s online statement. “The employee is in prison and is under investigation by law enforcement for matters unrelated to the e-mailed Anthem file.”

Two years of credit monitoring and identity theft restoration services will be provided to the affected individuals.

The data breach is second largest for Anthem in the last two years. Previous breach involves hackers infiltrating an Anthem data base which affected names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses.

Anthem CEO Joseph Swedish mentioned that it was sophisticated attack.

A California Department of Insurance report found out the attack originated from outside country.

“This was one of the largest cyber hacks of an insurance company’s customer data,” Insurance Commissioner Dave Jones said in a statement. “Insurers have an obligation to make sure consumers’ health and financial information is protected. Insurance commissioners required Anthem to take a series of steps to improve its cybersecurity and provide credit protection for consumers affected by the breach.”

Anthem took efforts to secure the data.

“Opening the email permitted the download of malicious files to the user’s computer and allowed hackers to gain remote access to that computer and at least 90 other systems within the Anthem enterprise, including Anthem’s data warehouse,” the Department stated.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Complex Malware Installed by Simple Phishing Attacks

August 9th, 2017

A new JScript back door called Bateleur distributed by the FIN7 (a.k.a Carbanak) hacker group through phishing emails targeting U.S.-based restaurant chains has been identified by Proofpoint researchers.

The modus operands is simple. The receiver gets the email containing document which contains macro. The message of the email is “here is the check as discussed.”

The executed macro creates a scheduled task to run Bateleur which then sleeps for three seconds and then again executes Bateleur and then sleeps for 10 seconds. Finally, it deletes the scheduled task.

“The combined effect of these commands is to run Bateleur on the infected system in a roundabout manner in an attempt to evade detection,” the researchers note.

The JScript macro contains anti-sandbox and anti-analysis functionality.

“We continue to see regular changes to the tactics and tools used by FIN7 in their attempt to infect more targets and evade detection,” the researchers state. “The Bateleur JScript back door and new macro-laden documents appear to be the latest in the group’s expanding toolset, providing new means of infection, additional ways of hiding their activity, and growing capabilities for stealing information and executing commands directly on victim machines.”

Simon Taylor, vice president of products at Glasswall, mentioned that though the software is complex, a method of installing it is very straight forward through phishing email.

“Phishing is a tried and true method for attackers — largely because it is predictably and repeatedly successful,” he said.

“Historically, the security industry has attempted to change employee behaviour,” Taylor added. “But while education helps, cyber criminals are continuously adjusting their techniques and the authenticity of their messages in order to stay several steps ahead of their victims.”

“Humans are and always will be the weakest link in an organization, and going forward, defense and detection strategies must change to address these inevitable challenges,” Taylor said.

Cyber Resilience

____________________________________________________________________________________________

Alertsec is based on the 256-bit AES encryption algorithm and has the highest security certifications.

Qualys CEO mentions that WannaCry a “Godsend” for his Business

August 5th, 2017

Security vendor Qualys CEO Philippe Courtot mentioned that the WannaCry ransomware and the planned General Data Protection Regulations (GDPR) are “godsends” that will help the company to grow further. He said this during company’s second quarter fiscal 2017 earnings call.

Qualys revenue saw 14% increase compared to previous year. This year revenue is $55.3 million.  Company is now estimating growth of 17 to 18%.

“Recent attacks like WannaCry and Petya have made it clear that the days of scanning the network perimeter and a few critical servers are over,” Courtot said during his company’s earnings call. “Enterprises now require scalability, accuracy and speed in order to identify assets that are vulnerable and ensure they are rapidly and properly remediated, which is something traditional enterprise IT and IT security solutions cannot deliver effectively and at which Qualys excels.”

Qualys’ cloud platform consists of a host of expanding capabilities that help enterprises with vulnerability and security management tasks. It has also announced new SSL/TLS certificate and cloud visibility technologies which will further augment the cloud security platform.

Upcoming GDPR regulation is also the main contributing factor for the company growth. It will come into effect in May 2018 across the European Union (EU). GDPR makes it compulsory to take all possible efforts for the companies to ensure the security and the privacy of customer data.

“We see that GDPR is in fact a godsend for Qualys and we see the effect of that because specifically, it is now accelerating the digital transformation of many of the large European companies,” Courtot said.

The recent breaches due to WannaCry has boosted Qualys business prospect.

“WannaCry has been also a godsend for Qualys,” Courtot said. “People finally realize that instead of having to buy solutions that supposedly protect them, that in fact they better try to identify all of their assets and also identify the vulnerabilities on those assets because this is what WannaCry and then NotPetya absolutely demonstrated.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Breach at Italy’s Biggest Bank

July 29th, 2017

The leading bank in Italy, UniCredit mentioned that approximately 400,000 of its customers’ data were affected after third party provider was hacked. The name of the third party is withheld. It is one of the major attack on Italy’s financial institution as per the Reuters.

The bank mentioned that data was stolen in two different breaches.

“UniCredit has launched an audit and has informed all the relevant authorities,” the bank said in a statement. “In the morning, UniCredit will also file a claim with the Milan Prosecutor’s office. The bank has also taken immediate remedial action to close this breach.”

Paul Norris, senior systems engineer for EMEA at Tripwire mentioned that these two breaches occurred in a year.

“Basic security hygiene needs to be adopted by all enterprises, not just financial institutions, and this includes secure configurations and vulnerability management, as well as performing specific threat assessment and countermeasures, which will reduce the overall risk of future attacks,” Norris said.

Evident.io CEO Tim Prendergast mentioned that customers expect that their information should be secured. “Enterprises, therefore, must demand that their partners operate according to the same security rules and protocols they abide by when it comes to customer data,” he said.

“It should be a requirement that all partners use continuous security monitoring of their cloud environments, and adhere to rigorous security protocols if they want to work with a vendor,” Prendergast added.

Matt Walmsley, EMEA director at Vectra Networks, mentioned that the breach reminds companies to take extra care to handle sensitive data.

“In an effort to save costs, businesses often outsource functions to third-party providers and external contractors,” he said. “However, businesses have a duty of care to protect personal information regardless of whether they manage it in-house or out-of-house.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.