Sony

Sony like attack possible

April 6th, 2015

According to the security researchers, many hackers across the globe can launch Sony like attack. Around 90% of the companies can suffer possibilities of hacking considering their current security standards.

There is no shortage of technically proficient people willing to launch such an attack, said Jon Miller, a former hacker who now serves as vice president of strategy at Cylance, an antivirus software maker.

“There are probably a couple thousand, three, four, five-thousand people that could do [the Sony] attack today,” Miller tells “60 Minutes”‘ Steve Croft in an interview airing Sunday evening on CBS television stations.

Complicating things for companies is the sheer number of computers that must be protected, usually from the employees operating them, said Kevin Mandia, chief operating officer of FireEye, the anti-malware company that worked with Sony to mitigate the effects of the hack.

“The advantage goes to the offense in cyber,” Mandia says. The defense must defend every computer, thousands in some cases, but “the offense side thinks, ‘I only need to break into one and I’m on the inside.’…Nation-state threat actors, or hackers, target human weakness, not system weakness.”

The Sony security breach was more serious that it was perceived. Hackers leaked the personal information which includes Social Security numbers of more than 47,000 celebrities, freelancers, and current and former Sony employees. They also leaked movies which were not released, as well as embarrassing emails between Sony Pictures executives, among other internal documents.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Security Breach due to stolen device

January 30th, 2015

Premier Home Health (Premier) may likely suffer data breach due to stolen laptop and cell phone from a nurse’s apartment. The incident puts PHI at risks for 2,700 patients.  Premier is an Senior Health Partners (SHP) business associate. According to SHP, laptop was password protected and encrypted.

An SHP press release mentioned that a laptop bag that contained both the laptop and the cellular device was stolen. The cell phone was not password protected or encrypted and  the encryption key for laptop was stolen with the laptop bag

According to the forensic expert hired by SHP, it was unclear if the laptop was inappropriately accessed. Affected information includes names, addresses, Social Security numbers, Medicaid ID numbers, dates of birth, phone numbers, type of medical services provided, diagnoses and health insurance claim numbers.

According to the statement:

 Senior Health Partners sincerely regrets that this incident occurred.  It takes the privacy and security of members’ health information very seriously and expects its vendors to do the same. SHP values the trust its members have placed in it as their health plan, and it is SHP’s priority to reassure its members that it is taking steps to ensure its members’ information is protected.

Although there is no report of any attempted or actual misuse of member information, SHP has retained AllClear ID to protect its members’ identities. SHP members who have been affected by this incident will receive access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist. SHP is reviewing and updating its policies and procedures, and those of its business associates, to prevent a similar incident from recurring. SHP has advised its members to contact the confidential assistance line or their Care Manager for more information.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Sony drops fine appeal; agrees to pay £250,000

July 12th, 2013

Sony is a Japanese multinational conglomerate corporation headquartered in Tokyo, Japan. Ranked 87th on the 2012 list of Fortune Global 500, it is one of the leading manufacturers of electronic products. Back in April 2011, Sony’s PlayStation Network and Qriocity online music and video service were compromised after an external intrusion into their network. The company was hit with £250,000 fine by the Information Commissioner’s Office (ICO) because of the data breach incident in 2011.

Sony has decided not to appeal the fine imposed by the ICO and agrees to pay £250,000 as a fine. Earlier when ICO had imposed the fine on the company, they had appealed for it explaining that the exposure of users’ data was the result of a “focused and determined criminal attack”.

The Japanese electronic giant further says that their decision to pay the fine was taken not because they agree with the ICO’s decision but because Sony fears that the appeal procedure will reveal information related to their security procedures. The ICO confirms that Sony will drop its appeal via Twitter.

“It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe” ICO deputy commissioner David Smith said when announcing the fine.

Sony spokesperson said “After careful consideration we are withdrawing our appeal. This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding. We continue to disagree with the decision on the merits”.

ICO welcomes Sony’s decision, saying “We welcome Sony Computer Entertainment Europe Limited’s decision not to appeal our penalty notice following a serious breach of the Data Protection Act.”

Flashback:

The Sony PlayStation Network and Qriocity online music and video service were compromised sometime between April 16 and April 19 in 2011 after an external intrusion into the network. Sony temporarily turned off both services to prevent any more attacks. Personal information belonging to 77 million account holders had been stolen. The information included names, addresses, log-in and password credentials, password security answers, email addresses, and birth dates. User purchase history and credit card information might had been compromised.

 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Hackers sentenced to time in prison

June 9th, 2013

LulzSec member Cody Kretsinger will spend one year in prison for his role in breaching the defenses of Sony Pictures Entertainment servers.

The hacker pleaded guilty in April 2012 to one count of conspiracy and one count of unauthorized impairment of a protected computer, according to Reuters.

Kretsinger — also known as “Recursion,” — is part of LulzSec, an offshoot group from hacktivist collective Anonymous. LulzSec first came to attention in 2011, after a number of pranks including hacking The Sun’s website to proclaim that Rupert Murdoch was dead entered the spotlight, as well as the group’s role in coming to the defense of whistleblower website WikiLeaks. However, these pranks later turned into Sony’s worst nightmare — as the group stole the credentials and information of over 70 million user accounts of both PlayStation Network and Sony Online members.

This security breach led to Sony closing down the network for a month. The Information Commissioner’s Office (ICO) in the U.K. later fined the firm £250,000 for what it considered a “serious breach of the Data Protection Act” for not keeping customer data adequately protected. Prosecutors say that the network breach cost Sony over $600,000 in damages.

The 25 year-old has been ordered by a U.S. district judge in Los Angeles to serve 12 months before performing 1,000 hours of community service upon release. Although prosecutors refused to say whether the hacker was co-operating with authorities in return for a softer sentence, a leading member of Anonymous, “Sabu,” in reality Hector Xavier Monsegur, has pleaded guilty to similar charges and offered the FBI information on other hackers.

Three other members of LulzSec — Ryan Ackroyd, Jake Davis, and Mustafa al-Bassam — all pleaded guilty to a computer hacking-related charge at Southwark Crown Court in London. Between them, the hackers admitted to trying to hack into various websites related to Nintendo and Sony, as well as plotting to take down law enforcement agency websites based in the U.S. and United Kingdom.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Sony fined $395K for 2011 PlayStation Network hack

January 13th, 2013

Sony Computer Entertainment Europe has been fined 250,000 pounds (US$395,775) by the Information Commissioner’s Office in the U.K., following the massive hacking of Sony’s PlayStation Network in 2011 that saw million of users’ personal data leaked.

The monetary penalty on Sony comes after the “serious breach of the Data Protection Act,” the ICO said in a statement today.

When the Sony PlayStation Network Platform was hacked in April 2011, it compromised the personal information of millions of customers, including names, addresses, e-mail addresses, dates of birth, and account passwords. Customers’ payment card details were also at risk, the ICO said.

“An ICO investigation found that the attack could have been prevented if the software had been up to date, while technical developments also meant passwords were not secure,” it added.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta