identity theft

Data Breach at Forever 21

November 17th, 2017

Retailer Forever 21 recently suffered data breach. Affected information includes credit and debit card information at some Forever 21 locations. Third party notified the company about the breach.

“We immediately began an investigation of our payment card systems and engaged a leading security and forensics firm to assist us,” the company mentioned.

Forever 21 has encryption and tokenization solutions. It mentioned that only some point of sale (PoS) devices where affected. The company do not  know the affected location.

Obsidian Security CTO Ben Johnson mentioned that the breach is a reminder that every retailer is a target. “Holiday shoppers should be diligent in monitoring their account activity, and should consider Apple Pay or cash if they are feeling less confident about the security of the retailers’ systems,” he said.

“Retailers should understand that any areas of weakness, such as those few systems without multi-factor authentication or encryption, will eventually find themselves victim of compromise,” Johnson added. “In some ways things are improving on the defensive side, but we cannot forget that the attackers often innovate faster.”

Recent survey by SiteLock shows that there is growing concern for online shopping. The findings are as below –

Twenty seven percent worry about the information being compromised

Sixty-five percent mentioned that they will not return to the website after it got hacked

Fifty two percent say a store  which provides a secure payment network makes them confident

Another survey conducted by Paysafe has below findings –

Fifty nine percent of U.S. consumers believe fraud is an inevitable part of shopping online

Fifty eight percent said that they are willing to accept any security measures needed to eradicate fraud

Thirty nine percent of US businesses believe their customers would prefer increased security

“For years, consumers have had to overcome the apprehension that businesses know too much about them — from shoe sizes to food preferences,” Paysafe CEO Todd Linden said in a statement. “But as the payment world evolves, it is this knowledge that will make individuals more secure.”

“The evolution of big data will make payments smarter and easier and help to redress the balance between security and convenience,” Linden added. “Big data will be the ultimate key to tightening up security at PoS, online and in brick and mortar environments.”

___________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

New Anti-Malware Engine by BullGuard

September 30th, 2017

London cybersecurity software provider BullGuard launched new anti-malware engine to detect and block advanced threats.

“The new engine is specifically designed to protect against zero-day threats or threats, such as polymorphic malware and file-less attacks, for which traditional signature-based engines are insufficient. The engine monitors a wide array of behaviours across the device and utilizes a comprehensive set of rules to discriminate bad behaviour from good,” explained Paul Lipman, CEO of BullGuard.

“The client-side engine is supported by a cloud-based machine learning system that continually learns from data across our customer base, and from our automated malware research systems, so the ruleset and engine functionality improve on an on-going basis,” continued Lipman.

The company is further branching out from its consumer antivirus roots with a real-time Home Network Scanner feature in BullGuard Premium Protection that continually scans a home’s Wi-Fi networks for internal threats. It also enlists the cloud to scan home networks using external vectors, a similar tactic to that used by security professionals to perform penetration testing.

Home Network Scanner finds cybersecurity problems. There is a rise in the attack on IoT devices.

“Earlier this year BullGuard released an IoT scanner that checks whether your home network is accessible from the open internet. We found that approximately five percent of people using our scanner had open ports that could potentially be compromised by attackers,” revealed Lipman.

“Consumer routers are notoriously hackable, as we’ve seen this year in multiple news stories (most notably the Wikileaks revelation about how the CIA has been pwning consumer routers for over a decade),” he added. “The new home network scanner offered in BullGuard Premium Protection takes this scanning to the next level, utilizing a deeper scan from multiple locations in the cloud, and coupling this with internal network scanning capabilities to ensure that our customers are immediately aware of potential vulnerabilities.”

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc.

Cybrary raises Series A Funding

September 22nd, 2017

Cybrary raised $3.5 million in a Series A round of funding led by Arthur Ventures. Tenable Network Security’s founder, Ron Gula also got involved in a new round.

The Greenbelt, Md. provider of cybersecurity training services is planning to use the funds for content catalogue and grow its online learning and testing technology platform. Millions of people till date has acquired knowledge of cyber security on the Cybrary.

The offerings include web application penetration testing, Metasploit penetration testing software and ethical hacking.

There is growing number of data breaches which is amplified due to lack of skilled security experts. Last week Equifax disclosed a data breach which affected names, addresses, driver’s license numbers, birthdates and social security numbers—valuable personal identifiable information that can facilitate identity theft.

“Beyond addressing core cybersecurity and IT skills, the material available on Cybrary focuses in on specialized areas that are lacking across industries such as incident response, technical project management, malware analysis, and penetration testing,” said Ralph Sita, co-Founder and CEO.

“Cybrary brings together people, companies, content, and technology to create an ever-growing catalogue of online courses and experiential learning tools that provide IT and cyber security learning opportunities to anyone, anytime, anywhere, continued Sita.

“With free video courses, the platform works to bridge the skills gap by providing access to tools professionals need to be competent and confident,” he said. “The open-source model fosters this ecosystem of information sharing in order to create a frictionless environment where those professionals can learn at their own pace and assess their skills while interacting with the community of over 1.2 million users.”

There is more to the offerings.

“Cybrary’s course catalogue will be the world’s largest portfolio of courses and tutorials covering unique products, industry best practices, skills-based certifications, career-based learning paths, and more. We’ve seen a huge demand for topics like data science, secure coding, enterprise risk assessment, and software development,” said Sita. “Be on the lookout for those additions in the near future.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Google Employee Data at Risk

July 13th, 2017

Google sent notification letters to a number of employees about the data breach. It mentioned that their names, contact information and payment card data may have been affected.

“This did not affect Google’s systems. However, this incident impacted one of the travel providers used by Googlers, Carlson Wagonlit Travel (CWT).” Statement reads.

CWT and Google were not breached. The report suggests that it was fourth party data breach. Google was working with third-party vendor CWT who was using Sabre’s SynXis CRS.

“CWT subsequently notified Google about the issue on June 16, 2017, and we have been working with CWT and Sabre to confirm which Google travellers were affected,” the company mentioned.

According to the reports, the attacker gained access to some of CWT’s hotel reservations made through Sabre’s SynXis CRS.

“However, because the SynXis CRS deletes reservation details 60 days after the hotel stay, we are not able to confirm the specific inforamtion associated with every affected reservation,” Google noted.

CyberGRX CEO Fred Kneip emailed eSecurity Planet that it is difficult to determine which vendors can cause a data breach.

“A company the size of Google, whose reputation depends in large part on its ability to keep data secure, has thousands of third parties in its digital ecosystem,” Kneip said. “Attackers are clearly focused on the weakest links within those ecosystems — third parties like HVAC vendors and travel agencies — in order to do real damage.”

A recent Bomgar survey of 608 IT professionals shows that an average of 181 vendors are provided access to a company network.

“Security professionals must balance the business needs of those accessing their systems — whether insiders or third parties — with security,” Bomgar CEO Matt Dircks said in a statement.

“As the vendor ecosystem grows, the function of managing privileged access for vendors will need to be better managed through technology and processes that provide visibility into who is accessing company networks, and when, without slowing down business processes,” Dircks added.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

AI Security Company Series D Round

July 10th, 2017

Darktrace U.K.-based startup which has offices in San Francisco has recently raised $75 million in a Series D round of funding.

Nicole Eagan, CEO at Darktrace, mentioned that Insight Venture Partners’ participation in the investment “is another strong validation of the fundamental and differentiated technology that the Enterprise Immune System represents,” in a statement. “It marks another critical milestone for the company as we experience unprecedented growth in the U.S. market and are rapidly expanding across Latin America and Asia Pacific in particular, as organizations are increasingly turning to our AI approach to enhance their resilience to cyber-attackers.”

Company uses artificial intelligence to tackle security threats. The Enterprise Immune System uses the algorithm in real time to stop the attack. It tracks normal behaviour and security threats. It also detects insider threats and zero-day attacks.

“Unlike more common forms of malware, which rely on human-mediated methods such as phishing to co-opt people into triggering the payload, this type of attack uses a worm to move from machine to machine without human intervention,” Andrew Tsonchev, director of Cyber Analysis at Darktrace, wrote in a blog post. “Fortunately, it is precisely this – a dramatic change in internal activity – which has allowed us to effectively fight back.”

Company mentioned that its contract value has now reached $200 million. Bookings are also increased in the US. The headcount in last year is doubled to 500. It has 450 partners. Most important the software has detected over 48,000 serious threats.

“Unlike more common forms of malware, which rely on human-mediated methods such as phishing to co-opt people into triggering the payload, this type of attack uses a worm to move from machine to machine without human intervention,” Andrew Tsonchev, director of Cyber Analysis at Darktrace, wrote in a blog post. “Fortunately, it is precisely this – a dramatic change in internal activity – which has allowed us to effectively fight back.”

Another AI based security company Attivo Networks has also raised $15 million.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers

IoT Threat Defense Platform of Cisco

May 22nd, 2017

Cisco has created new IoT Threat Defense Platform to tackle growing threats. It consists of integrated security technologies which protects enterprise IoT deployment from hackers. It uses the network segmentation capabilities. Its’ AnyConnect provides remote access functionality.

Marc Blackmer, product marketing manager of Industrial Solution at Cisco’s Security Business Group said that it’s best not to leave any stone unturned given the scale and complexity of IoT implementations.

“A characteristic of the IoT is that it opens a multitude of attack vectors,” Blackmer mentioned. “Now, organizations need to be aware of, not just what servers and workstations are online, but whether their HVAC system or connected lighting have been mistakenly connected to the Internet.”

Researchers at Dalhousie University in Canada and Weizmann Institute of Science in Israel conducted a test. It demonstrated a citywide bricking attack using smart bulbs. Companies are connecting their IoT devices to internet and hackers are looking for loopholes.

“A simple Shodan search can turn up medical devices and industrial equipment connected to the Internet, as well,” Blackmer said. “With this in mind, we selected the technologies in our portfolio that would, first, segment IoT devices, to protect them from external attacks, as well as protect the business should one of those devices be compromised, and then those that provide broad, complementary coverage across a range of attack vectors.”

Connecting virtual local area networks (VLANs) to the scale of the IoT can overwhelm even the most efficient IT teams. Cisco products and team is also helping companies to secure their networks from stealthier threats.

“We are inspecting the traffic throughout the organization (with Stealthwatch, Advanced Malware Protection, and our NGIPS [Next-Generation Intrusion Prevention System], which is included with our NGFW [Next-Generation Firewall]), as well as that attempting to exit the organization (with Umbrella and Cognitive Threat Analytics).”

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Hackers trying to gain access to US defence servers

April 27th, 2017

US Airforce is attacked by hackers. It was the continuation of bug bounty program which earlier allowed attacks on Pentagon and the Army. It is an effort to allow security researchers to attack a limited set of Pentagon IT assets. It is now widened to different branches of the armed forces.

The program plans to expand further and allow entities from the U.S and the United Kingdom, Canada, Australia and New Zealand.

“Hack the Air Force has the largest scope of participation yet,” Reina Staley, Chief of Staff at U.S Defense Digital Services.

Earlier the bug bounty program was limited only to US citizens.

“Since the success of Hack the Pentagon and the subsequent Hack the Army bounty, we’ve been working to continually expand the bounds for participation by everyone,” she said. “For this round with the Department of the Air Force, we’re excited to include the citizens of a few allied nations.”

This program is limited scope program where participants need to work on given scope. It’s not open invitation to hack anything. Unmanned Aerial Vehicles (UAVs), known as drones are not included in this program. Hack the Air Force is also limited period program.

“DDS: The Department of Defense launched a Vulnerability Disclosure Program (VDP) which allows security researchers across the globe to submit discovered vulnerabilities through the HackerOne platform for remediation by DoD security teams,” Staley said. “The VDP provides a safe and legal avenue for anyone to report these vulnerabilities at any time, even outside of a bug bounty program.”

“Our aim is for DoD organizations and all military Services to adopt this crowdsourced security tool,” Staley said. “It’s incredibly important for us to strengthen the assets that support services for our Service members, civilians, and their families around the world.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ransomeware attack at ABCD

April 8th, 2017

ABCD Pediatrics recently suffered ransomware attack. According to the statement, a virus was inserted to gain access to the healthcare organization’s servers. Patient data was encrypted in the process. Facility contacted IT personnel to take all servers offline. It is conducting detailed analysis.

Experts came to conclusion that this particular type of virus has likely not removed the information from the server.  Facility also mentioned that user accounts may have been accessed through it’s network. Affected information includes names, addresses, phone numbers, dates of birth, Social Security numbers, insurance billing information, medical records, and lab reports.

As per the OCR data breach reporting tool, approximately 55,447 patients may have been affected. ABCD has successfully removed the virus from the system. Corrupted data was also removed from its servers. Secure backup of the facility is not affected and thus used to restore all impacted data. It also mentioned that no PHI was lost or destroyed in the incident.

“Also, please note that ABCD never received any ransom demands or other communications from unknown persons,” ABCD stated. “However, ABCD remains concerned because it discovered user logs indicating that computer programs or persons may have been on the server for a limited period of time.”

Facility has upgraded it cyber security monitoring program to stop future incidents. Call centre is setup for the affected patients.

“Patients also can place a fraud alert on their credit files with the three major credit reporting agencies. A fraud alert is a consumer statement added to one’s credit report. The fraud alert signals creditors to take additional steps to verify one’s identity prior to granting credit. This service can make it more difficult for someone to get credit in one’s name, though it may also delay one’s ability to obtain credit while the agency verifies identity.”

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach trends in 2016

April 5th, 2017

As per the IBM report, data breach increased 566 percent in 2016 from 600 million to more than 4 billion. The report also mentioned that healthcare in no longer the most attacked sector. Most of the attack was carried out on financial services industry.

In 2016, 12 million records were affected in healthcare. In previous year, the breach was 100 million records which counts to eighty eight percent drop. IBM surveyed 8000 security clients in 100 countries.

IBM Security Vice President of Threat Intelligence Caleb Barlow mentioned that the cyber attacks was carried out with innovative techniques.

“While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment,” Barlow said in a statement. “The value of structured data to cyber-criminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways.”

IBM mentioned that for ransomware attacks, 70 percent of the companies paid more that $10,000 to regain the access to data. According to the FBI, cyber-criminals were paid $209 million in first three months of 2016.

Ransomware attacks are on the rise with 400 percent increase. In the coming time healthcare will do many reforms which includes increase in internet of things (IoT) technology. This will increase the attacks.

“Retail and financial services have battened down their hatches,” IDC Health Insights Research President Lynne Dunbrack told HealthITSecurity.com in a 2016 interview. “Now the cyber criminals might still be nipping at those heels, but they are looking at other targets, healthcare being one of them.”

CynergisTek Vice President Dan Berger mentioned that attacks against healthcare are carried out with sophistication.

“The dramatic increase in hacking attacks in 2016, coupled with the large number of patient records compromised in those incidents, points to a pressing need for providers to take a much more proactive and comprehensive approach to protecting their information assets in 2017 and beyond,” Berger stated.

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Insider security breach at KY

April 2nd, 2017

Kentucky-based Med Center Health mentioned that a former employee accessed certain patient billing information without permission. As per the reports, facility found out that on two instances the person “obtained certain billing information by creating the appearance that they needed the information to carry out their job duties for Med Center Health.”

“The evidence we have gathered to date suggests that the former employee intended to use these records to assist in the development of a computer-based tool for an outside business interest which had never been disclosed to Med Center Health officials,” Med Center Health explained in its letter, signed by CEO Connie Smith.

Person accessed the data and copied it on encrypted CD and encrypted USB drive. Facility mentioned that the data is not related to work responsibilities of the employee. Affected information included Social Security numbers, health insurance information, diagnoses and procedure codes, and charges for medical services. Patients medical records were not copied.

Patients who were treated at The Medical Center Bowling Green, The Medical Center Scottsville, The Medical Center Franklin, Commonwealth Regional Specialty Hospital, Cal Turner Rehab and Specialty Care and Medical Center EMS between 2011 and 2014 got impacted.

Law enforcement asked the facility to delay its data breach notification process.

“We sincerely apologize for any concern and inconvenience this incident may cause you,” the letter read. “We continue to review the incident and to take steps aimed at preventing similar actions in the future. Those actions include re-enforcing education with our staff regarding our strict policies and procedures in maintaining the confidentiality of patient information.”

Facility did not mention the number of individuals affected. It has established a dedicated call center to answer patients’ queries.

As per the statement, “We are offering credit monitoring and identity protection services to eligible patients and enrollment instructions are contained in the letters sent to the patients. We also recommend that you review the explanation of benefits that you receive from your health insurer. If you see services that you did not receive, please contact your health insurer immediately.”

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.