Category : Security

Millions of stolen health records up for sale….

healthcare_record

The seller of these ten million health records goes by ‘thedarkoverlord’ and began listing the data last weekend. The seller claims the data to reveal over 9.2 million health insurance records from US patients and is on sale for 750 bitcoins. A rate of $486,000 when released Monday. The data also supposedly entails addresses, names, emails, phone numbers, date of birth, and most unnerving, social security numbers.

A little bit of research by ZDNet reports that the seller’s ad could not be authenticated because the seller did not have any points assigned to his name on the site in which he is selling the $486,000 worth of data. This means that this seller has just popped on the scene, most certainly new to the website. Another site, Motherboard, has contacted some of the users who were able to confirm that the data in a received sample was in fact theirs. The hacker revealed how the data was uncovered, attributing exploitation of a disclosed zero-day flaw in the remote desktop protocol (RDP) as the means for stealing the information. This flaw allows a user to remotely view another user’s desktop, which opens a host of security problems, as you can see, most likely due to poor configuration of remote desktop software. The hacker even said in one of his listings that the data was stored on an “accessible internal network”, in plaintext, which if this is true, would be a direct violation of federal healthcare privacy rules. Healthcare providers and hospitals have been repeatedly the target of attack this year, so it is no surprise that the influx of data up for sale by hackers is patient data.

 


 

If you would like to learn more about the information presented in this post, please visit : www.zdnet.com

 

 

Can entering a password be as easy as taking a selfie?

Most of us have heard of two-factor authentication, but photo login? This is an entirely new concept. Cloud-based security solution, LogMeOnce, has released PasswordLess PhotoLogin which allows users to sign into any website, just like one would expect from any password manager, but with a photo!

Two-factor authentication is a preferred extra layer of security that uses a password and username in combination with something that only the user has on them such as a a piece of information only the user knows or a physical token. With PhotoLogin, this second piece of information is a photo, taken on the desktop and then approved or denied via a trusted mobile device to gain access. So rather than a code being sent to your mobile device, the photo serves as the code.

When you click the PhotoLogin icon on the LogMeOnce home screen, you are prompted to snap a picture of yourself, or really anything you would like, even a stapler or your dog. The photo is then automatically sent to your linked mobile device where you can verify the image. The true protectors can swipe left and see data such as IP address, GPS location, and time stamp. Photos expire in 60 seconds and will self destruct after the first use, which ensures that you photo password is always unique. The LogMeOnce PhotoLogin update is free and available on Chrome, Firefox, Safari, as well as iOS and Android.

507574-logmeonce-photologin

 


 

If you would like to learn more about the material presented in this blog post, please visit: LogMeOnce Password Manager Adds Photo Login

 

 

7 most common IT security mistakes made by startups

1. Personal and professional borders.

Convenience often compromises security. A recent trend is having employees bring their own devices rather than providing company laptops and phones. However easy this may sound, it creates a large window of opportunity for company data to get in the wrong hands. Furthermore, when an employee leaves the organization it makes it increasingly hard to ensure that no sensitive corporate data has been stored on the device.

2. Ignoring two-step authentication.

Two-step authentication is a sure fire way to add an extra layer of security and its easy too. Some are as simple as having a code sent to your iphone while others allow you to confirm your identity with the tap of a finger. Password breaching is becoming more and more common, it is wise to beef up password security up front rather than pay the consequences later on.

3. Insufficient exit protocols.

Companies that depend on part time and freelance employees are often less established in their exit procedures once an employee has left the organization. It is important to have a set of protocols in line so a uniform method is in order. When sensitive data is left on personal employee devices, data loss, account access and information sharing is most certainly in the future. Don’t let this be you! It may not even be the malicious intent of the employee, perhaps they aren’t the data has left with them. Either way, data loss has occurred and sensitive data is out there unprotected, and unmanaged. Make policies known, and if you don’t have data policies and security guidelines in place consider adding this to your organization.

4. Forgoing SSL from the beginning.

SSL (Secure Sockets Layer) is easily implementable from day one.  It should be enabled by default in every website. It reassures your users, while upgrading the security level of your communications.

5. Failing to prioritize security.

Security is often something that startups think can be left untouched until a later date or when the company has reached success. Security should be implemented from day one not only to protect your organization but to protect client information. Security is not a gray area, it should be just as important as payroll, HR, financing, etc. Don’t ignore security best practices, and make sure to stay current on the latest security software and updates to protect your organization from attack.

6. No internal policies and infrastructure.

If you think about it, startups have a great position regarding data security because they have the opportunity to apply the most current and best industry practices from the start. No outdated systems or struggle to get employees on board with new internal policies. One mistake often made by startups is not giving enough attention to internal policies. Invest adequate resources in the infrastructure of your organization, what equipment for you need? How will you manage IT security? Software? Think about proactive responses rather than ignoring the obvious.

7. No suspicious activity notifications.

What will you do if your organization is attacked and all your data is either encrypted or lost entirely? How will this affect you financially? One breach can take you from quick stardom to barely making it by. Don’t let this be you! Stay on top of information security.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: 10 Data Security Mistakes Startups Can’t Afford to Make

best practices of the most secure companies

Companies are threatened by malware, human adversaries, corporate hackers, hacktivists, and can be hacked in the most unsuspecting ways such as over copper wire. Because of this, we have complied a list of best practices used by highly secure companies. Tailor these to fit the needs of your organization and keep your data safe!

Know what you have: Most companies have no idea what they really have going on in the security department. To ensure the security of your organization, establish an accurate inventory of your organization’s systems, software, data, and devices. To be secure you have to know what to protect. The most secure companies have strict control over what runs where, because each platform is another opportunity for vulnerability.

Remove, then secure: Unneeded programs present unneeded risks. The most secure companies look over IT inventory and remove what they don’t need. More often than not, companies have large numbers of patches and other unnecessary junk piled up that no one really knows about…if your company isn’t IT savy…bring in an establish IT company to handle this task for you. They know what needs to be fixed, patched, updated, deleted, etc.

Run the latest versions: Updates have purpose. The latest software and hardware will have the latest built-ins and security features. It is the responsibility of the owner of the product licenses to keep updates current. Older versions look like a big fat glass of water on a hot day for hackers. Don’t give them the opportunity!

Patch with speed: Patch all critical vulnerabilities within a week of the vendor’s patch release. If your company takes longer than a week to patch, the risk of compromise is increasingly high. Basically, if you think about it most of your competitors will patch on time because they are smart or they have a great IT team in their hear. So if they are all secure and your organization is unpatched, hows that going to look to hackers? Like an invitation that’s how. Now, that being said people will still tell me they like to wait to patch in case of glitches that could lead to operational issues. The most secure companies more often than not, experience little to no disturbance because of patch glitches. The odds are more in the favor of being hacked, so patch away!

Education: As with anything that requires a team effort, it is best to educate all users about the threats the company is currently facing or most likely will face. Education that is led by professionals, and involves the entire team, is the most effective. Not everyone will be on the same page when it comes to the inner workings of the IT world, but at least inform employees on the best practices, how to identify suspicious activity, what to do in the event of a security crisis. Yes it is extremely crippling when the vulnerability comes from the mistake of an employee, but the worst thing that can be done in this event is not informing the right people to fix the problem.

2015-12-08-1449558163-8356450-cybers

 

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit:Effective IT security habits of highly secure companies

5 Ways to Spy a Hacker in Your Network

download

1. Search for the telltale signs of a breach. 

Port Scans? Excessive failed log-ins? When a hacker infiltrates an unfamiliar network they need to learn the topology of the network, looking for vulnerable points of access in servers. From this point they can pinpoint administrative users and data stores.

2. Look for a “normal” user performing administrative tasks. 

By using native tools on computers and servers, hackers can stay under the radar for much longer than if they were to use known attack tools. Anti-virus software should pick up on malware and attack tools, but not normal administrative tools. Determining who the admins with the organization are can significantly lessen the worry. Active Directory aids in establishing user roles and privileges with which you can then use to see the applications and devices used by administrators or that are managed by administrators. Awareness about what the administrators within the organization are using, should make it easier to spot when an attacker is looming in the background.  If a hacker takes control of a administrator machine and begins performing tasks, you’ll be able to identify if this is normal or suspect activity.

3. Look for a device using multiple accounts and credentials to access network resources. 

Hackers, both internally and externally, generally steal user account information or generate fake accounts in order to gain access to the network. In order to spy indicative markers of of attack activity, analyze credential usage. Make sure to monitor network traffic and analyze log from the authentication and authorization infrastructure in your network. Extract data and look carefully to see how many systems each user interacts with, and monitor abnormalities.

4. Look for an attacker trying to find valuable data in file servers. 

By figuring out what Windows file shares are accessible, attackers hunt for important data such as intellectual property and banking information, or once they find important data they will encrypt it and the rest is history. A valuable signal would be to spot abnormalities in file share access. This is a preventative measure for spotting both hackers and employees considering insider theft.

5. Look for the command and control activity or persistent access mechanisms. 

Keep an eye on outbound communication. Attackers need to be able to communicate between the Internet and endpoints they control within your network. There could be malware and Remote Access Trojans in your network, so be mindful of indications of malicious software phoning home.

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit:Five signs an attacker is already in your network

DDoS Attacks Increase by 137.5 Percent

b66b95478fThe content delivery network,  Akamai, recently released it’s  Q1 2016 State of the Internet – Security Report, where the company found somewhat terrifying increases in DDoS attacks. There has been a 125 percent increase in distributed denial of service, aka DDoS attacks year over year but there has been a 35 percent increase in the average attack duration. But why is this? Comparing this years first quarter to that of 2015, in 2015 the average attack lasted around 15 hours, now that has increased to 16 hours. In addition, the type of attack has changed. Massive DDoS attacks that are 100 Gigabits per second are now increasingly common, with 19 of these attacks in the first quarter of 2016. This is nearly triple the number of massive attacks in 2015. An 137.5 percent increase to be exact.

In total, Akamai witnessed 4,523 DDoS attacks in 2016’s first quarter. Major Ugh. Furthermore in the first quarter of 2015, there was an average of 15 attack events per targeted customer, now that average has jumped to 29 attacks per targeted customer. By repeating attacks on the same customers rather than going after more targets, the amount of attacks per target dramatically increased.

In previous years, we saw hackers shying away from protected networks. Now hackers continue to try to infiltrate networks no matter if they are protected or not, hoping that eventually one of the defenses in place will fail. In addition to this, repeat attacks have increased due to the DDoS platforms becoming less expensive and easier to use. No hacking or networking skills are required anymore for DDoS attacks. Furthermore, DDoS for hire sites are now in place that enable anyone with Bitcoin to launch multiple simultaneous attacks from an easy-to-use interface with a menu of attacks.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: DDoS attacks increase over 125 percent year over year

Bank Accounts Targeted by Silent Malware

hybrid-banking-trojan-goznym-steals-4m-showcase_image-2-a-9049

 

Another level of sophisticated malware has hit the online banking platform in the form of a virus called “GozNym”. GozNym has already helped hackers steal over $4 million from banks in the United States, Canada, and Europe, according to IBM Security’s executive adviser Etay Maor, who also led forces in discovering the malicious software.

GozNym is a high alert and extremely dangerous malware due to a few contributing factors. One of which being the combination malware. Initial malware infects the machine, installing itself and a second form of malware onto the device. This second form waits in the background until the user decides to visit the web interface of a financial institution, storing the user’s username and password. The encryption level of the malware in this case has been doubled, making it even more difficult to analyze and research. The process is time consuming and often presents little answers as to how to alleviate the machine from the infection.

In addition, GozNym has been shown to be especially more difficult for anti-virus software to detect. Most well informed people aware of the sensitivity of their data, or simply value the life and protection of their computer, already have a noteworthy anti-virus software installed on their machine. Heeding to the advice of information technology professionals. However, if the anti-virus cannot detect the malware then your machine is basically waving it’s hands in the air, asking for trouble. An infection could arise without the user ever being aware of the installation, and all it takes is one visit to their bank’s web portal and the rest is history.

“There might be a million malware strains, but there are only a few families that are active and dangerous and those principal malware families are owned by organized crime, so this could cause very heavy losses in online banking fraud.”

 Don’t use the same password for everything. If hackers can silently get the password to one of your bank accounts without you knowing it, don’t give them more to work with by making that same password the golden key to all of your logins. Password managers are becoming increasingly popular due to the need for multiple passwords for everything. Although this method cannot be called bulletproof, it is a significantly better way to stay safe. The GozNym malware is sophisticated enough to show full bank account balances even after criminals have drained accounts. Try to stay conscious of how you are accessing your banking information. Paper statements for the time being, might be the best practice until a solution is found.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: Dangerous New Malware Targets Online Bank Accounts

What to do if you suspect Malware? We have the answers

Most often one does not know that they are infected with Malware until it is indefinitely too late. A few signs can lead you too believe you might be infected, such as incredibly slow PC performance, browser pop-ups when no browser is open, and security warnings from security programs that have never been installed on your computer, can make you feel uneasy about your machine. Try these tools to kick Malware in the butt. malware-microsoft

Update Antivirus

The software IDs within antivirus software identify existing malware based on what has come before and the latest updates available. Make sure your antivirus software is current, with all of the latest installs. Having software that is even one day out of date leaves your machine at risk for encryption. Antivirus vendors offer updates based on viruses they encounter both in the lab and in the field.

Find Safe Mode

Most malware, when designed correctly, is ready to evade System Restore points set in Windows. Perhaps this might be enough to fix the problem, but say that its not, as it most likely won’t be, try running a program designed to kill any known malware process in progress, such as RKill. The other option in this case is to boot Windows in a way that will not allow malware to get started, aka Safe Mode. By first restarting your PC (Windows 8 or 10), hold down the shift key during the boot sequence, and choose Safe Mode within the troubleshooting options.

Delete Hiding Places

You should then delete all temp files that could hide malware. To delete temp files, open the Start menu, type Disk Cleanup into the search bar and it will check the C:drive for all temp files that can be safely deleted. The software IDs within antivirus software identify existing malware based on what has come before and the latest updates available. Make sure your antivirus software is current, with all of the latest installs. Having software that is even one day out of date leaves your machine at risk for encryption. Antivirus vendors offer updates based on viruses they encounter both in the lab and in the field. After this process it is advised that you run an antivirus on-demand scanner, such as Malwarebytes Anti-Malware. This program is a great line of second defense against malware because it often comes to the rescue if your initial antivirus fails.

No Connection

A RAT, means that someone is remotely accessing your PC. Your first step in this case is to get off the internet. Turn off the Wi-Fi, remove the Ethernet cable, turn off the router, whatever needs to be done in order to detach from the internet. Now, being disconnected from the internet ensures that you are no longer able to be controlled, but it makes it a great deal harder to receive the latest antivirus without access to the internet. The latest software will need to be retrieved from a third party PC, at a different location preferably, then transferred to the RAT PC via USB flash drive. Another option would be to reboot the computer with a CD. Running a full anti-malware utility, these CDs are sometimes called “rescue CD” and can be used without internet connection. Of course, in order to use this option, a CD player will be necessary.

Portable Help

If all other options have failed, it may be the Operating System that has already been infected, making it impossible to even download the newest antivirus software. In order avoid the OS and let the antivirus do its job, you will need to utilize portable apps through a USB flash drive. These portable apps do not require a direct installation. Apps like this consist of Microsoft Safety Scanner, CLamWin, McAfee Stinger, or Kaspersky Security Scan. You can also try a mix of many portable apps since they will not conflict as you have to run each scan individually. There are also other software options such as Spybot and Symantec’s Norton Power Eraser that specifically target a type of malware called crimeware, that run scams. Although this is measure is aggressive, and often times deletes files that might not be malware, all in the effort of safety of course.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: How to Remove Malware From Your PC

Easy and Free- 5 security apps for Windows 10

These 5 free security apps allow for safe browsing while protecting your computer against viruses, and even remembers all your passwords for you. Sounds great to us. apps.31776.9007199266248614.e32fdc94-77ee-4dac-af90-52ca48b6eb41

Password Padlock –  Password Padlock manages all your passwords securely by first having you select a single master password. This master password is used to encrypt all the other passwords in your collection using AES-256 encryption. You can rest well knowing that your master password is never stored. Encrypted passwords are easily backed up to OneDrive, and you can backup on one device and restore to another with ease.

LastPass- LastPass remembers all your passwords for you so you can spend time working on more important things. Creating strong passwords for every account you have, LastPass keeps such passwords locked up in the easy to navigate LastPass password manager. Automatic sync across every browser and device ensures you are never left scratching your head for your password. LastPass will sign into all your online accounts for you. Similar to Password Padlock, Last Pass also gives the option to create one secure password for ultimate protection. 

Super Password Generator – The Super Password Generator uses Cryptographic Random Number Generator to make sure the password generated with the given characters are unique and never gets duplicated. This generator can also generate QR code so you can scan it with any device that supports QR Code decoding such as a Windows Phone.

Avast Antivirus Download Center- The Avast Antivirus Download Center App allows for easy access to downloads of PC security products from Avast product portfolio. It also streams the latest security news from Avast Blog directly into your windows 10 PC.

Touch VPN- Unable to access some websites or apps? Worried about unprotected Wi-Fi hotspots? Want to be anonymous and protected from surveillance and hackers? Touch VPN – the Secure VPN Proxy– is the best solution for you!


If you would like to educate yourself in more detail about the information presented in this blog post please visit: 5 top-rated free security apps

5 New Tech Tested Products for Your Business

Ever wondered what the best in tech products are at this very moment? The experts at Network World weigh in and give us a little glimpse of the newest innovations on the market.

Vidder PrecisionAccess – By rendering applications invisible to unauthorized users PrecisionAccess does a fantastic job at preventing application hacking. Even with stolen credentials hackers can’t access protected applications with unauthorized devices.precision-vpn_clip_image002

VeloCloud SD-WAN – VeloCloud provides a hybrid WAN solution that works with MPLS private links as well as ATT-U-Verse with cable or any broadband DSL links. One tech pro reported an increase from almost zero network visibility to nearly 100% network visibility. A great tool for IT management across multiple locations without staff needing to be onsite at all times. Facilitates communication and network visibility.  velocloudlogo

Cisco Identity Services Engine (ISE) – With so many features that help with managing user-facing ports and devices, whats not to love about Cisco ISE. One huge factor reported by tech pros is the integration of TACACS within Cisco ISE, making it easy to run Cisco ISE as a Radius server or TACACS server for network devices. In addition to this, Cisco ISE significantly improves management of devices especially restricting machines from devices and sites they are not permitted to visit.Cisco_ISE

 

 

 

 

 

 

 

 

Intermedia SecuriSync – For backup and file sharing SecuriSync is the way to go. As a two-in-one tool for consolidated file backup and management of continuous file backups, Intermedia SecuriSync makes relevant files easier to access as they are all stored in a secured shared folder. If you have team members spread across different locations, this tool is very helpful in making sure the data is always backed up and kept secure. One platform with a master source keeps project collaboration as safe as it can be.securisync-logo-247x300

OpenSpan Transformation Platform – OpenSpan collects all employee desktop activities both productive and nonproductive, including time away from the computer. This platform allows businesses to evaluate from employee activities how employees work best and what can be improved upon in order to drive down operational costs and maximize revenue. Providing data about employee activities takes away the need for manual employee logs. Lack of employee logs that need to be analyzed by supervisors for key performance indicators (KPIs), such as call volumes, proves to be a huge time saver. OpenSpan Transformation Platform takes working smarter to a higher level.

yKVWo9CQ_400x400


If you would like to educate yourself in more detail about the information presented in this blog post please visit: Fave Raves: 29 tech pros share their favorite IT products