Security Alert: Google Email Attack

Google is investigating a large-scale phishing attack involving malware that is currently spreading among users of its Gmail service. You will see a message similar to the one below! The message sent to Gmail users includes an invitation to view a shared Google Docs document. However the link leads to a self-propagating internet worm. DO NOT CLICK IT! Users are asked to log into their Google accounts by the malware, which doesn't ask for a password and appears to bypass two-factor authenticatio ...

Your iPhone Is a Target for Criminals

Check Point Software released their April 2016 Threat Index revealing what we all know; cyber-threats are rising at alarming rates.  The report shows Apple's iOS devices are under heavier attack than reported in previous reports. Over 2,000 unique malware families were identified by Check Point during April, which they state is a 50 percent increase over March, and you thought rabbits multiplied rapidly!  The iOS issue comes from the fact they found XcodGhost had moved into the top three most common mobi ...

Anti-virus products, security devices affected by 7-Zip vulnerability

Two vulnerabilities have been uncovered by researchers in a open-source Windows utility called 7-Zip. This program provides compression and archiving tools for files. While many of our readers may not know what, or who, 7-Zip is, it is likely that other products that you do use or know about rely on 7-Zip in their programs. Some of the vendors that have 7-Zip integrated include FireEye, Malwarebytes, and Comodo. This means whether you use 7-Zip directly or not, you may be vulnerable. Cisco Talos re ...

Cyber Breach – No One is Immune

This article is the first in a three-part series from Third Rock, a leading HIPAA Compliance and Risk Management provider, explaining the magnitude and business impact of cyber security breaches as well as steps you can take to protect your records and your organization. Recent headlines have reported that cyber breaches are occurring with greater frequency than ever before. Everyone is familiar with the cyber breaches of Target, Home Depot, JP Morgan, Sony, and most recently, the federal Office of Perso ...

Security Alert: Healthcare needs to learn from OPM Breach

HealthITSecurity wrote a good article on what Healthcare can learn from the US Office of Personnel Management (OPM) breach.  The key being that ALL businesses and organizations need to understand it is IMPOSSIBLE to keep the bad guys out of the castle, you WILL be breached sooner or later.  Therefore, they need to be prepared, by implementing multiple layers of cyber-security defense.  One part of the cyber-security they did NOT mention is a next generation solution that detects when unauthorized softwa ...

Security Advisory: LastPass Compromised

According to LastPass their team found and blocked suspicious activity on their network. They claim that no evidence that any encrypted user vault data (where the passwords are stored) was taken. However they said that the investigation has shown that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. "We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authent ...

US-CERT: Microsoft Releases Critical Security Bulletin

Microsoft has released Security Bulletin MS15-011 (link is external) to address a critical vulnerability in Windows. Exploitation of this vulnerability could allow a remote attacker to take complete control of an affected system. This security update contains a new policy feature (UNC Hardened Access) which is not enabled by default. To enable this feature, a system administrator must deploy the update, then apply the Group Policy settings described in the bulletin. For complete protection agains ...

Security Advisory: New Adobe Flash Vulnerability

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address a vulnerability that could be used to circumvent memory randomization mitigations on the Windows platform. Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player.  Additionally, we are investigating reports that a separate exploit for Flash Player 16.0.0.287 and earlier also exists ...

Hackers Pay 20-times More for Medical Information

According to Kelly Yee, Vice President at Penango, the secure webmail and encryption company, hackers are willing to pay 20 times more for medical information than credit card information! The main reason is medical records are a smorgasbord of information, including social security numbers, personal information, and medical history. With information like this they can apply for credit cards, gain access to prescription medication, and much more. With the valuation of stolen credit card information going ...

2015 – The Healthcare Hack

Just a short post before the New Year! The writing is on the wall. If you look at predictions and reports from all of the security organizations, the one thing that is clear is that Healthcare will find itself the major target of hackers in 2015. As of 2013, it is reported that 43% of all data breaches involved healthcare data. That is only going to get worse! Why is healthcare such a primer target? Simple, medical records contain a lot of information about your patients identity. This allows for iden ...

1 2