Everything you wanted to know about Ransomware…but were afraid to ask

What is Ransomware? Ransomware is a type of malicious software that prevents users from accessing their computer system or files until a sum of money (ransom) is paid. In the malware landscape, ransomware has earned itself a well-deserved nasty reputation. There are two types of ransomware identified in this branch of the malware family tree; 1) locker ransomware and 2) crypto ransomware Locker ransomware effectively locks Windows access preventing the user from accessing their desktop or files. Typically designed to prevent access to one’s computer interface, Locker ransomware mostly leaves the underlying system and files unaltered.  A message would be [...]

By | 2018-12-07T16:14:54-05:00 May 18th, 2018|Data Breach, Encryption, Information Security, Malware, Privacy, Uncategorized, Viruses, Vulnerabilities|Comments Off on Everything you wanted to know about Ransomware…but were afraid to ask

Apple iOS and Email Attachment Encryption: A Question of Compliance

UPDATED: 7/1/2014 Apple has released iOS 7.1.2 which is supposed to resolve the issue where a user can access unencrypted mail attachments.  We recommended updating all Apple mobile devices as soon as possible. It was reported a few days ago by Andreas Kurtz, that since iOS 7.0.4  and including the most recent Apple iOS 7.1.1 email attachments using the native mail clients are not encrypted.  He was able to access these files even though the device's disk is encrypted.  What does this mean for compliance?  How many users are emailing patient information (HIPPA), finance data or other protected data thinking that their devices [...]

Leave no stone un-turned when patching Heartbleed

Most people are now up to speed about the existence of Heartbleed, but new information is coming out that the focus has only been on server side exploits.  Meldium, released a blog post titled Testing for "reverse" Heartbleed.  According to Meldium, "While patching our systems for the recent Heartbleed vulnerability, we found that some sites (including huge web properties), which had patched their servers were still vulnerable to a variant of the attack that we're calling "reverse heartbleed."  They have also released a tool to test this. What does this mean? Basically it means that OpenSSL patching can't stop just at servers [...]

Heartbleed: What You Need To Know

Summary Heartbleed is a serious vulnerability that can allow attackers to intercept secure communications.  Email, Websites, VPNs, and other trusted security technologies are at risk – passwords and encryption keys can be breached.  You most likely have something that is affected.  What to do Update anything using OpenSSL, see below for more information. Check to see if you are vulnerable. (Adrian Hayter, a consultant with CNS Hut3, revealed a proof of concept that many of the testing tools have bugs themselves) Check your public facing websites for the vulnerability.  Use one of these tools: SSLLabs Check internet facing equipment to see if it [...]

The Heartbleed Bug

The Heartbleed Bug is a recently discovered critical vulnerability found in widely used open-source implementations of the SSL/TLS protocols, OpenSSL .  SSL/TLS is used to provide security and privacy in many internet applications such as email, instant messaging, VPN, and secure web pages. The vulnerability was the result of an implementation problem (or a program mistake) in OpenSSL, which has left a large amount of private data exposed to the internet.  Most people are likely to be directly, or indirectly affected by this bug due to OpenSSL being the most popular cryptographic library and transport layer security currently in use [...]

Two Missing BCBS laptops may impact 800k people

Source: http://threatpost.com/two-missing-insurance-laptops-may-impact-800k-people/103202 Someone broke into the offices of Horizon Blue Cross Blue Shield of New Jersey and stole two laptops that contained the sensitive information of more than 800,000 members The medical insurance provider claims that the machines were locked to an employee workstation inside Horizon’s Newark headquarters The laptops are password protected but also admitted that they had failed to encrypt them Stolen machines may have contained member names, addresses, dates of birth, Horizon Blue Cross Blue Shield of New Jersey identification numbers, Social Security numbers, and clinical information Horizon Blue Cross Blue Shield of New Jersey claims that they have no [...]

Missing Thumb Drive Compromises User Data

Do you have policies in place to protect your client's data?  Do you verify that your employees are following those policies?  It was reported that nearly 19000 users were compromised because someone lost a thumb drive that was not encrypted, even though there was a policy in place saying it should have been.  Read More Do you need help creating or reviewing your policies?  Do your policies meet regulations? [av_button label='We can help' link='page,35' link_target='_blank' color='theme-color' custom_bg='#444444' custom_font='#ffffff' size='small' position='right' icon_select='no' icon='ue800' font='entypo-fontello']

MongoHQ Hacked

This goes to show that application dev is not necessarily the biggest risk.  Information Security isn't tied to any single domain of IT or business.  It's a complex relationship between every aspect. http://techcrunch.com/2013/10/29/hosting-service-mongohq-suffers-major-security-breach-that-explains-buffers-hack-over-the-weekend/ http://security.mongohq.com/notice