Password

OCR sent out warning emails

November 28th, 2016

OCR sent out an email stating that employees of HIPAA covered entities and their business associates should know of an alleged phishing scam which uses Department of Health and Human Services (HHS) letterhead. As per the reports, the email is using a mock HHS department letterhead and OCR Director Jocelyn Samuels’ signature. Efforts are made by the scammers to make phishing emails look like official OCR Audit communication.

“The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program,” OCR warned. “The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services.”

OCR also mentioned that the entity sending the email is not associated with the agency or with HHS.

“We take the unauthorized use of this material by this firm very seriously,” the email read. “In the event that you or your organization has a question as to whether it has received an official communication from our agency regarding a HIPAA audit, please contact us.”

Phishing Scam

Phishing scams involves emails, messages, phone calls, websites to obtain sensitive information such as usernames, passwords, and credit card details. It is done mostly posing as trustworthy entity.

Recent Wombat survey on phishing as below assessment :

Thirteen percent of respondents from healthcare industry clicked on simulated phishing emails

In Manufacturing and energy sector,  nine percent clicked on simulated phishing emails

Clearly, phishing is a focus area across the industry, but the efforts can’t stop there,” Wombat President and CEO Joe Ferrara said in a statement. “To reduce cyber risk in organizations, security education programs must teach and assess end users across many topic areas, like oversharing on social media and proper data handling. Many of these risky behaviors exacerbate the phishing problem.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Protect Personally Identifiable Information

May 20th, 2014

Modern security systems rely on users’ personal information, also known as PII, or personally identifiable information, but a data breach can potentially lead to monetary as well as trust loss. So it is very important to protect information from falling into wrong hands.

PII data stands floating around internet, details can easily be cross-correlated, helping wrong doers to quickly put together accurate identity profiles to gain advantage out of information. With just few important aspects of information thieves can cause huge losses to companies or individuals.

Types of PII – static and dynamic

Dynamic PII data includes details like credit card and bank account numbers, email addresses and passwords

Fixed PII data, such as date and place of birth or a national ID number such as a U.S. Social Security number, is far more valuable.

Hacking causes nightmare to both service providers and users. It causes huge losses which stands around  at least $60 million (before insurance) in direct expenses. End users may also  suffer an increased risk of being hacked elsewhere.

Protect your PII –

Passwords:  Properly encode password hashes which should be extremely expensive to decrypt when a breach occurs.

Users: Shifting security data from the service provider to the end user can benefit everyone. Example is of security question where user can creates his or her own question.

Transparency – Increasing user activity transparency – such as providing the time and location of last login – gives extra tools to the user to detect intrusions.

Encryption – Install tools to fight hacking. Install encryption software on laptops and computers.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

RacingPost.com website – customer data theft

December 2nd, 2013

The betting and news site said the amount of customer data exposed by the breach will depend on how much information they handed over at the time of registration and will vary from user to user.

The data lost in this data breach incident might include usernames, first and last names, encrypted passwords, email addresses, home addresses and users’ date of birth information.

As information such as customer’s credit and debit card details are not stored on the site, the company was quick to inform that such information was not accessed during the breach.

A post on the website reads “As a consequence, customers have been advised by email that they should take the precaution of changing their password on other sites if it is the same one they use for RacingPost.com”.

Although the passwords are encrypted, RacingPost.com said it is still advising users to change their login credentials because there is a risk the hackers will be able to decrypt them.

Bruce Millington, the editor of RacingPost.com, apologized to site users for any inconvenience caused, and revealed the attack on the site could be linked to others.

“Security is an area we take extremely seriously and our website has not been compromised previously. As soon as we were aware of the situation, we did everything in our power to halt the breach. As part of our efforts to resolve the issue, we have turned off the ability to register/log on to RacingPost.com. We are extremely sorry this unfortunate incident has occurred. We believe it may be part of a wider attack on a number of companies. We thank you for your patience and understanding,” Millington concluded.

Lloyd Brough, director of cyber incident responses at NCC Group, suspects the breach was caused by the exploitation of a web application vulnerability.

Brough said “While it is positive they have been quick to disclose the breach, providing further technical details on what type of ‘encryption‘ was used for the passwords would helped further inform technical users”.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Facebook alert its users following Adobe data breach

November 19th, 2013

Back in October, approximately 150,000,000 Adobe customer’s user information was compromised in a stupendous data breach. After such a massive damage to Adobe during security breach, Facebook users who use the same credentials as that of Adobe were asked by Facebook to take precaution so as to protect their information. Facebook’s security team is mining the data leaked from the Adobe breach to find users who are currently using the same password that they used for Adobe.

Facebook has locked the accounts of these users and the only way to unlock their account is by answering a few security questions and changing the compromised password. Facebook is telling such users that for their own sake, “No one can see you on Facebook until you finish.”

You may be wondering how Facebook is able to pinpoint which users are committing the security mistake of reusing passwords. The researchers at the social media website pass an Adobe

user’s recovered password through their hashing function, allowing them to see if the result matches what they have on record for that user. These actions show how the website is being proactive and responsible when it comes to users’ security and privacy.

This alertness by Facebook perfectly illustrates the importance of having multiple passwords and not reusing passwords on different sites, especially those which may have been compromised or leaked in the past. It is also critical to create strong and unique passwords that hackers will not be able to guess easily. Following these quick and easy password precautions will ensure your security and privacy on all of your favorite websites.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

UK estate agency Foxtons hacked

August 23rd, 2013

Famous UK estate agency Foxtons had to reset passwords of all its customers as a precaution, as it appeared hackers lifted thousands of clients’ usernames and passwords from the systems.

Hackers claimed to have leaked online user names, email addresses and passwords of nearly 10,000 Foxtons’ customers, resulting in a big data breach incident.

All the details were quickly leaked but assumptions were that the copies were made before this happened. The hackers failed to pull out credit card or bank details but they still gathered enough information of customers.

Writing to the affected customers, Foxtons said it was investigating the purported hack. In the meantime it had reset user passwords as a precaution.

Foxtons have been able to download the list of usernames and passwords that were posted and are currently running checks to determine its accuracy. They also assured all its customers that any sensitive information that they may have provided in relation to payments made through Foxtons is completely secure with the external payment providers.

However, immediate precautions had been taken to safeguard the accounts and an investigation was in progress. The affected customers will be contacted directly contacted by Foxtons’ team.

Foxton had also asked its customers to create new password once they login.

When Foxtons’ representative was asked whether the company salted stored passwords, a basic security practice, they declined to comment on any aspects of the incident and said that it may decide to issue a statement at some point.

“Tighter regulation might be needed to stem the growing list of data breaches. The recent spate of high-profile data breaches, such as this alleged attack on Foxtons, is evidence that organisations are either not taking cyber security seriously or are bewildered by the problem. Regulation in this case is a necessity to alter corporate behaviour.” said Ross Parsell, director of cyber security at Thales UK.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

League of Legends suffers security breach

August 20th, 2013

League of Legends players were warned of a security breach, which was expected to result in the theft of some user data. Affected payers were sent notifications depending on how they were affected. This security breach led to the promotion of implementation of some new security features that are now in development.

According to the company, the data breach resulted in compromise of some usernames, email addresses, names and passwords. As the passwords were encrypted, the hacker will not be able to use them to access accounts, but could use the other information stolen to breach accounts.

About 120,000 transaction records dated in 2011 were accessed in this breach. These transaction records contained credit card numbers, and were part of a system that it says has not been used since 2011, when the records were produced.

Players located in North America were only affected in this breach incident, all of whom were asked to change their password within 24 hours and the new ones should be more complex and hard to guess. The requirement will follow an automatic prompt that appears when a player tries to log in, but gamers can get a jump on this by changing the password on their own now.

As a result of this breach, new security measures have spawned, two of which are currently being developed: email verification and two-factor authentication. The email verification will require registration and account changes to be made by verifying a valid email address, while two-factor authentication will need to be verified using a text message or email.

“We’re sincerely sorry about this situation,” Riot Games’ Marc Merrill and Brandon Beck said in a statement. “We apologize for the inconvenience and will continue to focus on account security going forward.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Evernote Hacked

June 1st, 2013

Evernote makes it easy to remember things big and small from your everyday life using your computer, phone, tablet and the web. But what happens when Evernote is hacked? Data security breached!

Thankfully the passwords are salted hashes, so it’s unlikely they’ll get brute forced any time soon. As a precaution, Evernote forced a password reset on its entire user base.

Evernote has joined the growing list of companies, whose cloud-based services have suffered a serious security breach, announcing over the weekend that it had implemented a service-wide password reset after attackers accessed user information.

Happily, the company’s announcement notes, the passwords accessed were salted hashes, which should mean they last longer than the passwords lifted from the Australian Broadcasting Corporation recently.

The user information accessed by the attackers also included user Ids and e-mail addresses.

Evernote joins the ranks of numerous other large companies which have been hacked recently (including Apple, Facebook & others compromised by the Java exploit).

All Evernote users were required to reset their passwords in case the attackers are able to recover passwords from the salted hashed list. The password reset will apply not only to Evernote logins, but to all apps that users have given access to their Evernote accounts.

Other major names to be hit in recent attacks include Apple, Facebook, Twitter and Microsoft, with a Java zero-day behind most of the vulnerabilities.

The company says the attack “appears to have been a coordinated attempt to access secure areas of the Evernote Service”.

The usual suggestion, that users choose strong passwords that they don’t re-use, will no doubt be ignored by a small-but-significant number of Evernote’s customers.

Evernote suggests that no user data was leaked, which is good as people tend to store pretty important information in the app (Bank account details, passport scans etc).

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Passwords under threat at Linode

April 20th, 2013

One of the leading VPS hosting company Linode came under a vicious hack attack, that posed serious threats to its customers. Luckily for them, Linode had been proactive in safeguarding its customers’ credit card information. They had been successful in thwarting the attack. According to a blog post that was published soon after the incident, the company’s officials identified and blocked all suspicious activities on the networks.

“Credit card numbers in our database are stored in encrypted format, using public and private key encryption,” Read one of the blog posts on the company’s website. Linode maintains that a group named Hack The Planet (HTP) claimed   responsibility for accessing   Linode Manager web servers, by exploiting an obscure vulnerability in Adobe’s ColdFusion application server. These vulnerabilities tended to in Adobe’s APSB13-10 hotfix (CVE-2013-1387 and CVE-2013-1388) which was belted out last week.

This is not the first time hackers have tried to get inside Linode .A year ago, sometime in the March of ’12 servers it hosted were hacked and the hackers got their bank balances full with bitcoins.

The susceptibility resulted in the group getting exposure to a web server, parts of Linod’s source code and finally its database. The company is reported to have been bending over backwards to safeguard critical information of its customers.

A customary investigation done by the company revealed that HTP did not get access to any other section of the company.

However, HTP has asserted it has access to those keys, however, as it was stored on the same server it compromised

The company also divulged a little information on how they function. Their database contains credit card numbers in an encoded format, using both public and private encoding. Since the private key is protected and the complex password is not stored on the network, it becomes next to impossible for hackers to get all the information

The private key is itself encrypted with passphrase encryption and the complex passphrase is not stored electronically.

“There were occurrences of Lish passwords in clear text in our database. We have corrected this issue and have invalidated all affected Lish passwords effective immediately. If you need access to the Lish console, you can reset a new Lish password under the Remote Access sub-tab of your Linode,” one of the officials maintained.

It is advisable for the customers of Linode to change their passwords in case they have used their Linode passwords on any service other than Linode.

How Alertsec can be of help to customers in such murky waters

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Enhanced by Zemanta