Log in

Posts Tagged ‘data theft prevention’

Personal data compromised at Washington Post

July 8th, 2011

Hackers hit Washington Post

Hacking seems to be getting a profession these days and that too an exciting and lucrative one !

Security experts have been warning all organizations that they are vulnerable to cyber-attack. These attacks are not only limited to small companies but also big companies like Sony, NASA etc.

Definition of hacking

According to Wikipedia Hacking may refer to:

Computer hacking, including the following types of activity:
- Hacker (programmer subculture), activity within the computer programmer subculture
- Hacker (hobbyist), to heavily modify the software or hardware of one’s own computer system
- Hacker (computer security), to access computer networks, legally or otherwise
- Computer crime

Latest vicitm of hacking

The Washington Post Jobs site has been hacked ! Hackers accessed its employment Website and stole 1.27 million userIDs and e-mail addresses of its registered job-hunters.

According to the newspaper publisher’s July 6 report hackers hit the Washington Post’s job board twice, once on June 27 and again on June 28. They stole roughly 1.27 million user IDs and e-mail addresses. Fortunately passwords to the actual Jobs account and other personal information such as resumes and personal addresses were not compromised.

“We quickly identified the attack and took action to shut it down,” the Washington Post said.

Users may receive spam as a result of the breach and should avoid opening suspicious or unsolicited e-mails or responding to the messages, according to the Post. The problem is even more serious than that, according to Josh Shaul, CTO of Application Security.

This breach has affected the registered users big time. The people registered on the site are job-seekers who fall for spear phishing. “It’s impossible to resist looking into legit looking e-mails that come in offering you the opportunity to work,” said Shaul.

Washington Post has confirmed that additional security measures to prevent similar attacks have been implemented, and is “conducting a thorough audit of the security of the Jobs site.”

Michael Sutton, vice president of security research at Zscaler Labs, in an e-mail said “From the attacker’s perspective however, harvesting 1.27 million active email addresses constitutes a successful attack. When e-mail addresses can be sold in the underground market or used to send spam, there’s little doubt that the data breach will be leveraged for profit.”

Is hacker group Anonymous behind the attack?

This attack could be the work of Anonymous or any of the other members of the AntiSec campaign. Anonymous has been very active in recent weeks, breaking into the Arizona Police Department, among other targets.

AntiSec has typically targeted large governmental and media giants. But so far no one has admitted their role in this attack.

Cyber-security with Alertsec

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption, identity theft

Apple’s systems hacked, internal passwords stolen

July 6th, 2011

User names stolen from Apple server

Hacking groups

Hacking attacks are on the rise. Hacker groups such as LulzSec have been successfully breaking into networks of big companies like Fox, Sony, AT&T, PBS, Citigroup and even the CIA. LulzSec, an anonymous group of hackers, have claimed responsibility for hacking into several major company websites.

The latest in the line is Apple’s website. It appears that hackers have broken into Apple’s systems before posting a list of names and password hashes online. The names were not linked to the more than 200m customer credit cards stored on the iTunes online store.

The complete story

Hacking group Anonymous broke into an Apple server, collecting 26 administrative user names and passwords. The group announced the breach through its Twitter where it shared a link to the data posted on text-sharing website Pastebin. “Apple could be target, too,” the group tweeted. “But don’t worry, we are busy elsewhere.”

LulzSec group has been very active in the hacking field and recently announced it was ending its hacking operation and asked its users to support Anonymous. Their movement is called “AntiSec.” Both Anonymous and LulzSec have always targeted big companies disclosing their political motives.

What does Apple have to say?

Apple declined to comment declined to comment and has not confirmed the breach as yet. Fortunately the data that was hacked has little value to the culprits.

Why is this happening?

“Part of the problem is that companies don’t have an incentive to disclose when a breach occurs unless it’s required by law,” said Ronald Deibert, director of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. “But the volume [of attacks] suggests something is going on.”

Hacking operations by groups like Anonymous and LulzSec started with Sony who is still having a hard time getting its systems back on track since its breach in April.

One of the reasons for these successful hacking attempts is the very nature of most major corporations’ digital data. Up till now, large companies had an Internet website for public information and an “intranet” for internal use. But the picture has drastically changed today. A company’s public online presence includes websites, YouTube channels, Facebook pages and Twitter accounts – all very vulnerable for getting compromised!

Add to this the high-profile nature of such services. Even though Social networking platforms like Twitter or Facebook offer very less business value, they can be used to quickly and publicly embarrass a company – the latest in the news – Fox News Twitter account which displayed fake Obama tweets! Stay tuned..

Time for giant Corp orates to tighten their security – AlertSec’s security services

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: AlertSec Xpress anonymous Antisec Movement Apple breach notification breach notification laws Data Breaches data encryption data theft prevention desktop encryption software Hacker iTunes Ronald Deibert Twitter YouTube

PhyData LLC reports laptop containing data of 1500 patients stolen

July 4th, 2011

Laptop stolen from car containing patient data

Laptop theft

The most prevailing fear among most computer users is that of Laptop theft. No matter how much care you take, thieves manage to get away with such thefts.

Corporate America looses over USD 5.4 billion each year in cases of laptop theft. That means 12,000 laptops disappear every week from U.S. airports alone, and a laptop is stolen every 53 seconds. As employees get more and more mobile, this problem becomes more serious. If you add to this healthcare privacy laws, then asset security can impact your business significantly.

The recent news of laptop being stolen from an employee’s car in Goodlettsville, Tenn. got security experts thinking if enough was being done in the field of data security.

The report

According to the report, PhyData LLC, a medical billing and management company reported a laptop stolen from an employee’s car on May 7 at the RiverGate Mall. The laptop contained more than 1,500 patient names and their personal information including names, Social Security numbers, dates of birth and medical ID numbers.

These people were patients with Advanced Diagnostic Imaging , Premier Radiology and Anesthesia Services Associates between Jan. 2009 and Dec. 2010

PhyData spokeswoman Joy Sweeney said in a statement that no evidence was found that any of the information had been accessed or misused. She further stated that the company had set up a toll-free help line with Kroll Inc., and is offering identity-theft protection services to affected patients. The company’s laptops are also now all encrypted and password protected

What Tennessean’s had to say

“Stolen from the trunk. That alone sounds strange when detailing where the thief stole it and wasn’t drawing any attention, from busting in the trunk. When the true story comes forward we will see the employee left it inattentive”

“Taken from the trunk? Was there signage on the auto? Why would someone open a trunk with so many other cars around and possible property in view? This IS NOT the whole story on this one”

“There is no conspiracy. Usually, when the trunk gets busted it’s because the driver parked and then placed valuable items in the trunk, thinking that it’d be safer. Someone in the parking lot — possibly thieves looking to catch people placing stuff in their trunks — watches the driver from the moment he enters the garage and, once they’re sure the driver won’t be back, go to work. After all, if an item weren’t valuable, why would anyone go through the effort of putting it in the trunk.”

What AlertSec has to say?

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide information security in a cost-effective & easy way

By using encryption software, you greatly enhance the laptop security as there is no way that the information is compromised if lost or stolen. A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. A small price to pay compared to what can happen if you lose confidential or sensitive data. Our industry news provides a few examples of this.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30 day trial.

No comments »

Posted in Computer security, Encryption, Identity and Information loss, computer security software, identity theft, laptop encryption, laptop theft

Tags: alertsec computer encryption software Computer security data security data theft prevention Encryption Hardware Kroll Inc laptop laptop theft Notebooks and Laptops security Theft

NATO could be the next victim of a data breach

June 27th, 2011

NATO's e-Bookshop attacked

Data breach and its definition

Data breach incidents range from planned attacks of organized crime on a national government website to carelessly selling of used computer equipment or data storage media. Definition “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.”

What do data breaches include?

Data breaches include financial information such as credit card or bank details, personal health information (PHI), personally identifiable information (PII), trade secrets of corporations or intellectual property

What happened at NATO?

NATO was recently notified of a possible data breach from a NATO-related website run by an external company

The North Atlantic Treaty Organization (NATO) has issued a statement

“Police dealing with digital crimes have notified NATO of a probable data breach from a NATO-related website operated by an external company. NATO’s e-Bookshop is a separate service for the public for the release of NATO information and does not contain any classified data. Access to the site has been blocked and subscribers have been notified.”

In detail

The e-Bookshop site offers free access for the general public to NATO publications and multimedia products in both electronic and print format s and does not contain classified documents.

The site has been closed down and users have been informed. The virtual bookstore is reachable though, through the NATO web address.

NATO has not disclosed as to what data was lost or how the attackers hit the server. It has just informed about a data breach and confirmed that no confidential data was compromised.

Speculation about the attack being related to NATO’s recent clash with the online group Anonymous is very high. The global organization had warned member nations about the rising threat of “hacktivism,” or carrying out cyberattacks for political purposes.

But “Anonymous” has completely defended this crime saying “NATO fears the group not because it’s a “threat to society,” but because it’s a “threat to the established hierarchy.” It further added “This is no longer your world. It is our world – the people’s world.
”
NATO’s strategy

NATO’s Strategic Concept, identifies cyber defence as one of the critical tasks to be carried out develop to prevent, detect, defend against and recover from cyber-attacks. NATO defence ministers agreed this month on a cyber defence action plan to limit these attacks. This action plan is already being implemented.

LulzSec group attacks at the same time

The LulzSec hacker group has broken into official computers used by the State of Arizona. The accessed data which includes personal emails, names, addresses and passwords of officials, along with confidential document has been made public online.

The number 1 laptop encryption service – Alertsec

3 easy steps to encrypt your data

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption

No comments »

Posted in Data Protection, data breach, data encryption

Tags: alertsec Arizona Bookselling breach notification Check Point computer encryption software Computer security Credit card data breach data theft prevention disk encryption full disk encryption NATO Personally identifiable information

A spear phishing attack on IMF

June 15th, 2011

IMF Headquarters - Image via Wikipedia

Hackers are not only getting into gaming sites; they are eyeing the monetary world as well. It is the International Monetary Fund (IMF) this time. This happened just after a day Citibank faced cyber attack and names, account numbers and email addresses of more than 200,000 North Americans Citibank account holders were compromised.

Before we move ahead and discuss the story in detail, let us try to understand the difference between phishing and spear phishing. While phishing floods millions of email inboxes and relies on mass attack, spear phishing is more about selectively targeting individuals who have been identified previously. That means spear phishing can potentially attack a small bunch of people working in the same organization.

It appears that some foreign government was behind the data breach. According to IMF spokesman David Hawley the incident was under investigation and the fund was completely functional. Fox News reported that the IMF’s computers had been hacked into similar to the latest incident in November 2008 via malicious software.

The World Bank deactivated a cyberlink it has with the IMF as one of IMF’s desktop was compromised and large quantity of data was obtained. The hackers had deliberately infected a computer at the IMF with malware trained to steal information. This is a new kind of malware, one that gave hackers broad access toIMF’s systems – helping to gain ‘hot market’ information. Email warnings about “increased phishing activity”were received on June 1 and employees were warned against opening emails from unknown senders, access suspicious video links or click on attachments . IMF had sent an internal memo on June 8 about the actual cyber-attacks to its board members and employees.

Political foes, especially China, could be behind the attack as data related to monetary policies is of utmost value. The IMF studies the economic stability of its 187 members and analyzes each nation’s financial risk. It supervises the global financial system and recently played a major role in the economic bailout of Greece, Ireland and Portugal. This came as a rude shock when the country was just grappling with IMF chief Dominique Strauss-Kahn’s sexual asasult scandal.

Unless the IMF reveals more information about what data was compromised and how it happened, it is difficult to figure out who was behind the attack and the extent of the loss. The Federal Bureau of Investigation is in charge of this investigation.

Contact Alertsec for your data security needs

It is clear that the security of world’s large corporations is at risk. In the absence of full disk encryption, valuable files can be accessed. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. Data loss prevention systems can also reduce the loss of information. Investing $13/month gives an organization peace of mind. A very small price to pay compared to losing high-quality or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial