Privacy

Everything you wanted to know about Ransomware…but were afraid to ask

What is Ransomware? Ransomware is a type of malicious software that prevents users from accessing their computer system or files until a sum of money (ransom) is paid. In the malware landscape, ransomware has earned itself a well-deserved nasty reputation. There are two types of ransomware identified in this branch of the malware family tree; 1) locker ransomware and 2) crypto ransomware Locker ransomware effectively locks Windows access preventing the user from accessing their desktop or files. Typically designed to prevent access to one’s computer interface, Locker ransomware mostly leaves the underlying system and files unaltered.  A message would be [...]

By | 2018-12-07T16:14:54+00:00 May 18th, 2018|Data Breach, Encryption, Information Security, Malware, Privacy, Uncategorized, Viruses, Vulnerabilities|Comments Off on Everything you wanted to know about Ransomware…but were afraid to ask

Android Security Flaw: Stagefright – What You Need to Know

Update: As of Thursday, August 6th, 2015, Google and some phone carriers are pushing out a security fix to address this vulnerability. Source: http://www.zdnet.com/article/after-stagefright-samsung-and-lg-join-google-with-monthly-android-patches/ What is StageFright? Stagefright is a remotely exploitable software bug in Android that can allow an attacker to perform arbitrary operations on the affected device through remote code execution and privilege escalation.  This flaw currently affects versions 2.2 and newer of the Android operating system. Source: http://arstechnica.com/security/2015/07/950-million-android-phones-can-be-hijacked-by-malicious-text-messages/ How Can This Affect Me? An attacker can send specially crafted MMS (multimedia) text messages to the victim device, which require no end-user actions upon receipt, for the vulnerability to succeed.  The [...]

By | 2015-08-06T14:42:18+00:00 July 28th, 2015|Android, Compliance, Computer & Network Security, Privacy|Comments Off on Android Security Flaw: Stagefright – What You Need to Know

Phishing and FIFA

I have some friends staying with me right now from Brazil.  They arrived a few days ago, and said that, due to the world cup, the level of excitement in Brazil is very high, and that there are many foreigners that have arrived in the country to see the games.  The World Cup is all over everything in the country right now.  Apparel, food, merchandise, etc. is all branded with the World Cup (similar to how the U.S. advertises items for the World Series or the Super Bowl).  The World Cup is one of the largest sporting events in the [...]

Apple iOS and Email Attachment Encryption: A Question of Compliance

UPDATED: 7/1/2014 Apple has released iOS 7.1.2 which is supposed to resolve the issue where a user can access unencrypted mail attachments.  We recommended updating all Apple mobile devices as soon as possible. It was reported a few days ago by Andreas Kurtz, that since iOS 7.0.4  and including the most recent Apple iOS 7.1.1 email attachments using the native mail clients are not encrypted.  He was able to access these files even though the device's disk is encrypted.  What does this mean for compliance?  How many users are emailing patient information (HIPPA), finance data or other protected data thinking that their devices [...]

Apple iOS and OS X Critical Vulnerability

Recently Apple released updates that contain a critical security patches that address flaws with SSL encryption which could allow attackers to intercept email and other communications that are meant to be encrypted in iPhone, iPad and Mac computers. Apple released a “security advisory” in which they provide vague statements regarding said security issues:  ‘For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.‘ Apple did not say when or how it learned of the vulnerability, but the bug appears to exist in some [...]

By | 2014-05-09T15:06:18+00:00 February 24th, 2014|Compliance, Privacy|0 Comments

NBC Sochi Hack Report Fraudulent

UPDATED: Kyle Wilhoit, Senior Trend Micro Researcher, further confirmed that NBC misrepresented the 'hacks' in their video in his blog posts here and here and his whitepaper.  Wilhoit is quoted in his blog as saying, "First, all the attacks required some kind of user interaction....Second, these attacks could happen anywhere. They would not just happen in Moscow, nor did it require us to be in Moscow....Third, the infections occurred on newly unboxed hardware. Had basic security precautions such as updating the operating system or not opening emails from unrecognized sources been done, these attacks could have been prevented." UPDATED: We originally [...]

Breach Alert! Yahoo user data stolen

As evidence to why users should not use the same usernames and passwords across sites, it appears that data collected from recent breaches was used to massively hack into user email accounts at Yahoo.  Yahoo recognized the attack and has taken steps to reset passwords.  Their Security Update was posted on Tumblr today. According to Yahoo they are taking steps to protect users: We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an [...]

Scammers take advantage of Target Breach victims

Can you recognize a phishing email?  Target recently sent out an email to those affected by the data breach with information about the breach and steps to take if your information was involved.  That email can be viewed on Target's website. Scammers are also taking advantage of the situation and sending their own Target breach notification emails.  Can you spot the differences in a real and fake email? Honestly, I am surprised that Target sent their email the way they did.  One of the first ways to identify a suspicious email is whether or not you recognize the sender.  In [...]

Top 25 Passwords from 2013: 123456 reigns supreme

2013 crowned a new champion of the #1 password based on passwords collected from data breaches.  The top password for 2012 was 'password,' but 2013 announces that '123456,' reigns supreme. SplashData, a security firm, releases their findings each year of the top passwords discovered from breaches.  This year, due to the size of the Adobe breach, you'll see some Adobe passwords make the list. 123456 (+1) password (-1) 12345678 (0) qwerty (+1) abc123 (-1) 123456789 111111 (+2) 1234567 (+5) iloveyou (+2) adobe123 123123 (+5) admin 1234567890 letmein (-7) photoshop 1234 monkey (-11) shadow sunshine (-5) 12345 password1 (+4) princess azerty [...]

By | 2014-10-14T09:36:06+00:00 January 21st, 2014|Compliance, PCI, Privacy|1 Comment

Target Breach now affects 110 million users

Joshua Carter, public relations manager at Target, said, “This theft is not a new breach; these are two distinct thefts as part of the same breach and this development was uncovered in the course of the ongoing investigation. The 70 million guests impacted by this new development are separate from the 40 million number that was previously shared.” This goes to show how easily a data breach can get out of hand.  Not only has it taken months for all of the information come out, the breadth of the breach continues to grow.  The Verizon breach report says that it [...]

By | 2014-01-24T20:25:28+00:00 January 10th, 2014|Compliance, Data Breach, Information Security, Privacy|0 Comments