Our HIPAA risk assessment includes a comprehensive review of your current IT and data security policies, procedures, networks, systems, and configurations. Adsero Security can help your company or practice improve its security and HIPAA compliance. Read on to discover what type of data breach is most likely to happen in a hospital and how this could lead to a HIPAA disaster. Read more »
We are solutions, builders who provide comprehensive, complete, IT security management programs. In an IT security solutions initiative involving many vendors, we are the project managers who pull it all together and make sure it works as planned- for the long term. Breaches such as the one afflicting FedEx could have been avoided if Adsero Security were involved. Read on to find out how this happened.
Thousands of FedEx (FDX) customers’ private information was exposed after the company left scanned passports, driver’s licenses and other personal documentation on a publicly accessible server.
The incident was first discovered by researchers at a German-based security center called Kromtech earlier this month.
According to the security firm, the server belonged to Bongo International, a company that helped customers with shipping calculations and currency translations. FedEx purchased Bongo in 2014 but renamed the company FedEx Cross-Border International a year later before discontinuing the service in April 2017.
FedEx said on Thursday that it has secured some of the customer identification records that were exposed earlier this month and added that so far it has found no evidence that private data were “misappropriated.” The company, however, said it continues to investigate.
“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation,” a spokesman confirmed to FOX Business on Friday.
The data breach could affect anyone who might have used Bongo’s services anytime from 2009 to 2012, and it’s possible the data were exposed online for several years,” according to Bob Diachenko, Kromtech’s head of communications.
With a combined 45 years experience, Adsero’s principals have seen it all. We can solve any problem. Prevention is pivotal in cases like this. Read on to find out how over $530 million in cryptocurrency was taken in a heist.
The Financial Services Agency ordered Coincheck to raise its standards after the hack and gave the exchange until Feb. 13 to submit a report on the heist, the safety of its systems, and measures it would take to prevent a repeat.
Coincheck said on Friday it would allow customers to restart yen withdrawals on Tuesday. The exchange, which froze all withdrawals of yen as well as digital currencies following the theft, said it had confirmed the integrity of its system security.
Coincheck has received withdrawal requests from customers totaling about 30 billion yen ($280 million), a person with direct knowledge of the matter told Reuters last week.
Still, the exchange said it would keep restrictions on cryptocurrency withdrawals until it could guarantee the secure resumption of its operations. It did not give further details.
The Coincheck heist exposed flaws in Japan’s system of regulating cryptocurrency trading, and raised questions over the country’s dash to oversee the industry – a move that was in sharp contrast to clampdowns by policymakers in countries such as South Korea, China and India. Read more »
Our society is faced with an array of opportunities of being hacked. This is why Adsero Security’s specialty in writing IT security policies and training your staff on policy adherence thus developing a culture of compliance is so important. Read on to discover why cybersecurity issues affect society as a whole.
The Equifax data breach was yet another cybersecurity incident involving the theft of significant personal data from a large company. Moreover, it is another reminder that the modern world depends on critical systems, networks and data repositories that are not as secure as they should be. And it signals that these data breaches will continue until society as a whole (industry, government and individual users) is able to objectively assess and improve cybersecurity procedures.
Although this specific incident is still under investigation, the fact that breaches like this have been happening – and getting bigger – for more than a decade provides cybersecurity researchers another opportunity to examine why these events keep happening. Unfortunately, there is plenty of responsibility for everyone.
Several major problems need to be addressed before people can live in a truly secure society: For example, companies must find and hire the right people to actually solve the overall problems and think innovatively rather than just fixing the day-to-day issues. Companies must be made to get serious about cybersecurity – at a time when many firms have financial incentives not to, also. Until then, major breaches will keep happening and may get even worse.
Finding the right people
Data breaches are commonplace now, and have widespread effects. The Equifax(NYSE: EFX) breach affected more than 143 million people– far more than than the 110 million victims in 2013 at Target, the 45 million TJX customers hit in 2007, and significantly more than the 20 million or so current and former government employees in the 2015 U.S. Office of Personnel Management incident. Yahoo’s 2016 loss of user records, with a purported one billion victims, likely holds the dubious record for most victims in a single incident.
Hackers can strike from anywhere. This means that any organization is vulnerable. Adero’s penetration testing allows clients to detect their areas of vulnerability. Read on to discover how easy it was for two people to hack into Uber’s system.
The two people behind a 2016 data breach at Uber Technologies Inc. were found to be in Canada and Florida, an Uber cyber security executive told the U.S. Congress on Tuesday.
About 25 million users affected by the breach are users located in the United States, John Flynn, chief information security officer at Uber, said in written testimony to a Senate Commerce Committee panel.
Uber announced the breach of 57 million worldwide users last November. Of those impacted in the United States, 4.1 million were drivers, according to the testimony.
Uber Canada announced late last year that 815,000 Canadian riders and drivers may have been affected.
The testimony from Flynn is the most comprehensive public account to date of the Uber hack, the handling of which prompted newly appointed Uber chief executive Dara Khosrowshahi to fire two of the company’s top security officials.
Reuters reported in December that a 20-year-old man was primarily behind the massive data breach, and that he was paid by Uber to destroy the data through a so-called “bug bounty” program normally used to identify small code vulnerabilities.
Flynn confirmed the man who obtained data from Uber was in Florida and that his partner, who first contacted the company on Nov. 14, 2016, to demand a six-figure payment, was located in Canada.
The company’s security team made contact with both people and received assurances the pilfered data had been destroyed before paying the intruders $100,000, Flynn said.
You may not know exactly what your IT Security issue is. We will find it and develop and implement a solution. The more reliant on technology that we become, the more prone to hacking our society is. Listen to how easily Roku TVs can be hacked.
We’ve written in the past about Consumer Reports, as part of a broad privacy and security evaluation, has has found that millions of smart TVs are vulnerable to hackers and “raise privacy concerns by collecting very detailed information on their users.”, and now
“We found that a relatively unsophisticated hacker could change channels, play offensive content or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening,” Consumer Reports said. “This could be done over the web, from thousands of miles away.”
The good news is these TVs’ security vulnerabilities apparently won’t allow hackers to spy on you or steal your information, according to Consumer Reports.
The report singled out Samsung, TCL and other Roku TVs as being vulnerable, but smart TVs from LG, Sony and Vizio were also evaluated. While they were cleared from a security standpoint, the testing found “that all these TVs raised privacy concerns by collecting very detailed information on their users.”
As CNET’s David Katzmaier wrote last year, Vizio was Apple, Amazon and Google haven’t yet made any major privacy missteps, but their policies are generally less intrusive than those of TVs. Read more »for failing to properly disclose how it shares its tracking information, and in previous years and have both faced similar scrutiny. Streamers from Roku,
Adsero Security develops long-term solutions that are supported by written policies. Issues arise such as hacking. This can be prevented via penetration testing. Check out this article about how easy it is for organizations to be hacked.
Directors Facing Increased Liability for Data Breaches
Because two of my clients – 360 Advanced and Adsero Security – provide IT data breach auditing and remediation services, I was especially interested when I learned of how a major corporation had been so easily hacked recently.
The hackers got inside the corporation’s accounts payable department and had a pretty hefty check sent to them, which was cashed and cleared. The corporation’s vice president for information technology (IT) and his team reported to the board at its monthly directors and management meeting that “everything’s OK now.”
Is it? Could the hackers still be inside, or worse, inside the company’s vendor and partner IT systems?
“Duty of care” Demands Auditing Risks as Hacks Increase
Statistics show that once data thieves are in, they can hide for months undiscovered until they strike again – this time at an even greater cost to the victim and their vendors and partners. Data thieves got inside Target through an air conditioning/heating vendor and loitered at their leisure, and Yahoo! and Equifax still aren’t certain who or how they were breached.
Which brings me back to the corporate board of directors. The corporation victimized by the hackers in this instance has not had an outside, third-party audit of its IT systems and data security processes and protocols by a QSR – Qualified Security Assessor. Could that failure lead to a lawsuit against its officers and directors for failure to exercise the concept of duty of care when there is another future hack? With news of major hacks every day now, should boards be more diligent in ordering management to have such audits? Read more »