Categories
Information Security>Asset Management|Information Security>Data Breach|Compliance>Encryption|Compliance>Privacy

Two Missing BCBS laptops may impact 800k people

Source: http://threatpost.com/two-missing-insurance-laptops-may-impact-800k-people/103202

  • Someone broke into the offices of Horizon Blue Cross Blue Shield of New Jersey and stole two laptops that contained the sensitive information of more than 800,000 members
  • The medical insurance provider claims that the machines were locked to an employee workstation inside Horizon’s Newark headquarters
  • The laptops are password protected but also admitted that they had failed to encrypt them
  • Stolen machines may have contained member names, addresses, dates of birth, Horizon Blue Cross Blue Shield of New Jersey identification numbers, Social Security numbers, and clinical information
  • Horizon Blue Cross Blue Shield of New Jersey claims that they have no reason to believe that the thieves targeted the stolen laptops because of the information stored within them.
  • “Due to the way the stolen laptops were configured, we are not certain that all of the member information contained on the laptops is accessible,”
Categories
Information Security>Data Breach|Compliance>PCI|Compliance>Privacy|Computer & Network Security>Vulnerabilities

Target Stores said have data breach of over 40 million customers

Source: http://news.cnet.com/8301-1009_3-57616054-83/target-investigating-massive-black-friday-data-breach-report/

Everyone will be attacked, and many will be breached.  Have you taken steps to protect your organization or made plans for how to react in the event of a data breach?  Securit360 offers services to fortify your security programs, train your employees, and measure your vulnerabilities.

[av_button label=’Contact Us’ link=’page,35′ link_target=’_blank’ color=’theme-color’ custom_bg=’#444444′ custom_font=’#ffffff’ size=’small’ position=’right’ icon_select=’no’ icon=’ue800′ font=’entypo-fontello’]

 

 

Categories
Information Security>Asset Management|Computer & Network Security|Information Security>Data Breach|Compliance>Encryption|Compliance>HIPPA

Missing Thumb Drive Compromises User Data

Do you have policies in place to protect your client’s data?  Do you verify that your employees are following those policies?  It was reported that nearly 19000 users were compromised because someone lost a thumb drive that was not encrypted, even though there was a policy in place saying it should have been.  Read More

Do you need help creating or reviewing your policies?  Do your policies meet regulations?

[av_button label=’We can help’ link=’page,35′ link_target=’_blank’ color=’theme-color’ custom_bg=’#444444′ custom_font=’#ffffff’ size=’small’ position=’right’ icon_select=’no’ icon=’ue800′ font=’entypo-fontello’]

Categories
Computer & Network Security>Microsoft|Computer & Network Security>Microsoft Security Bulletin|Computer & Network Security>Patches

Microsoft December Security Bulletin

Today Microsoft released eleven security bulletins addressing 24 CVE’s. Five bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important.

http://blogs.technet.com/b/srd/archive/2013/12/10/assessing-risk-for-the-december-2013-security-updates.aspx

Categories
Compliance>Privacy|Research|Social Engineering

Information Security Profiling

If your not profiling, you’re not doing security…This is a great article that dispells some common misconceptions about the word profiling.  http://www.danielmiessler.com/blog/security-profiling

Categories
Computer & Network Security>Microsoft|Computer & Network Security>Microsoft Security Bulletin|Computer & Network Security>Patches

Microsoft November Security Bulletin

Today Microsoft released eight security bulletins addressing 19 CVE’s. Three bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important.

http://blogs.technet.com/b/srd/archive/2013/11/12/assessing-risk-for-the-november-2013-security-updates.aspx

Categories
Computer & Network Security>Malware|Computer & Network Security>Microsoft|Research|Computer & Network Security>Vulnerabilities|Computer & Network Security>Zero-day

McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office

Last Thursday morning (October 31), our Advanced Exploit Detection System (AEDS), which we discussed in an earlier post, detected a suspicious sample targeting Microsoft Office. After some investigation, we confirmed this is a zero-day attack.

[av_button label=’Read More’ link=’manually,http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2′ link_target=’_blank’ color=’theme-color’ custom_bg=’#444444′ custom_font=’#ffffff’ size=’small’ position=’left’ icon_select=’no’ icon=’ue800′ font=’entypo-fontello’]

Categories
Computer & Network Security>Malware

Top 5 malware that kept researchers up at night

Which malicious code would be most frightening if sinister pieces of malware could rise from the dead on Halloween? Well, malware researchers spend all their time working with the creations of people who intend others harm, so you might expect they would be pretty immune to nervousness about the effects of malicious code. And it is true; a lot of us are very jaded about your average malware. Researchers certainly have a sense of the potential danger of the materials we are working with and are appropriately cautious, but there are some threats that are so scary that we will double or triple-check everything to make sure we cannot possibly let it loose somewhere accidentally.

While there are certainly other malware that has been more costly to fix or which spread much more widely, in terms of inconvenience or outright damage the following are the five malware that really give me the creeps:

1. CIH (aka Chernobyl)
CIH is the oldest of the malware on this list, and it was first discovered in 1998. This virus caused such pain for its victims that it was brought up in the news every year for ages, and almost every year it seemed to have a brand new nickname in the press, but the one that stuck was related to its particular payload.CIH would spread by hiding itself in “empty” spaces within innocent files, which made it very hard to clean – the size of those empty spaces varies a lot, so the virus code could be broken up in different ways, so it was hard to be sure that cleaning routines got every last bit of it out of a file. That could mean possibly manually replacing a lot of damaged executable files.Worse than that, if your system was still infected on April 26th (the anniversary of the Chernobyl disaster, which was speculated by some to be why the date was chosen) the virus was set to overwrite the first megabyte of the hard-drive, which made the computer hang or blue-screen. In some cases the virus would even flash the BIOS, which is to say it rendered the computer completely unusable by overwriting code on a chip attached to the motherboard that enables computers to turn on. This virus hit over a million computers worldwide, and stuck around for many years after the last variant was found.

2. ExploreZip
ExploreZip is a pretty old virus too, first discovered in 1999. This comes from back in the days when people started using the term “blended threat” to describe the increasingly popular tactic of worms spreading by using a variety of different mechanisms. This one spread both by replying to your unread email with a copy of itself, and by searching for network shares that it could silently copy itself to. Once it was executed, it showed an error message that seemed to indicate that you’d just run a corrupted ZIP file.So far, pretty mundane stuff. But in the background, this virus overwrote .DOC files and certain programming source files with zeroes, which meant the files were destroyed in a way that could not be undone without resorting to expensive data recovery techniques.

3. CryptoLocker
CryptoLocker is the newest threat on this list, having first been discovered in the last few months. It too causes changes to affected users’ files such that they may be beyond repair. This malware is considered ransomware, which means that it scrambles files from a list of different file-types, if the scammer is not paid $300 within a fixed time frame of a few days.That list of file-types it seeks is very extensive, so the odds are good that if you do not have a backup of your data files, they will soon be completely garbled. Sometimes with ransomware we will get lucky and there will be some sort of clue in the files or weakness in the encryption that will allow us to figure out how to decrypt the files. But as this uses asymmetric encryption (similar to the technique used by commercial products), without the attacker’s key the files cannot be retrieved.

4. Mebromi
Mebromi is a nasty beast that was discovered in 2011, which takes a tip from CIH in that it flashes the BIOS to store some of its code. This puts part of its code outside the confines of the hard disk, which means it is outside the reach of the usual software-based cleaning mechanisms. As this would mean monkeying with the motherboard, this is a process that would probably require a trip to a repair shop.

5. ZMist
You may have heard of polymorphic viruses, which are viruses that change the appearance of their code from one infection to the next so that they appear different enough to hopefully fool anti-malware scanners. The problem with this is that the code used to change itself is static, and can be used by scanners as a way to identify the virus. ZMist, which was discovered in 2002, was called a “metamorphic” virus because it took this idea to an even more complicated level. Rather than simply changing its appearance, it contained code to completely recompile itself from one infection to the next. This made it incredibly difficult to detect, with the technology that was available at the time.

These malware are all terribly unnerving in that they work hard to elude removal or create permanent damage on infected machines. But none of these threats managed to be truly undetectable, and most of them will not work at all on the latest versions of Windows.

The first two threats managed to become quite widespread, and they genuinely did cause a lot of damage. Because threats are now mostly financially motivated, it is generally not a good idea for them to announce their presence by causing a lot of damage on affected systems, as they are effectively killing their source of income. CryptoLocker is something of an exception to this rule, as some people are apparently paying to get their data back, but it is not truly damaging the files so much as rendering them unusable. But if you have backed up your data, this is merely an annoyance rather than a genuine problem.

The last two threats had researchers on tenterhooks for a while, as it could really have caused some major headaches or necessitated some changes in defensive technology, if malware authors had continued development of these strategies. But the thing is, malware authors looking for financial gain are not going to sink more of their time or money into development than they need to. Enough people are not employing good security practices that malware authors are able to make a considerable amount of money with much less complicated techniques.
Malware authors do not need to develop the most stealthy, armor-piercing creations imaginable to get what they want. But at the same time, this means you will not need bulletproof technology to defend yourself. For most people, practicing above average security hygiene–including good, up-to-date antivirus–is enough to evade most threats.

The post Scary Code: Top 5 malware that kept researchers up at night appeared first on:
We Live Security.

View article…

Categories
Information Security>Data Breach|Compliance>Encryption|Compliance>Privacy|Social Engineering|Computer & Network Security>Vulnerabilities

MongoHQ Hacked

This goes to show that application dev is not necessarily the biggest risk.  Information Security isn’t tied to any single domain of IT or business.  It’s a complex relationship between every aspect.

http://techcrunch.com/2013/10/29/hosting-service-mongohq-suffers-major-security-breach-that-explains-buffers-hack-over-the-weekend/

http://security.mongohq.com/notice

Categories
Information Security>Data Breach|Social Engineering>Phishing|Compliance>Privacy

Phishing With Linkedin’s Intro

In the everchanging landscape of social media, the latest ‘features’ can often be the newest vulnerabilities.  Social engineering techniques have become very sophisticated, and can be a real problem for enterprises.  Take the recent changes to LinkedIn and the threat they post in the form of phishing emails: http://jordan-wright.github.io/blog/2013/10/26/phishing-with-linkedins-intro/

Are your end users’ prepared to spot a well crafted spear phishing email like this?  We can help you find out.

[av_button label=’Find Out How’ link=’page,1298′ link_target=’_blank’ color=’theme-color’ custom_bg=’#444444′ custom_font=’#ffffff’ size=’small’ position=’right’ icon_select=’no’ icon=’ue800′ font=’entypo-fontello’]