Top 10 Overlooked Security Risks: 4 of 10

Encrypting Laptops and Desktops

Encrypting desktops and laptop computers is one of the easiest ways to prevent data loss as a result of lost or stolen computers. Modern operating systems such as Windows 10 Pro and MacOS High Sierra include full disk encryption features bundled with the operating system. Once a disk is encrypted, it is impossible to access data on the device without the proper credentials. This simple task is extremely effective and yet has zero impact on users’ daily work tasks and responsibilities.

Top 10 Overlooked Security Risks: 3 of 10

Data Destruction and Disposal

Companies often forget about data once they stop using it day-to-day. Leaving outdated data on sunsetted systems increases your potential exposure in the event of a data breach. Ensure that data no longer actively used is properly disposed of and devices that contain data, such as laptops, old hard drives and USB drives are properly DoD data wiped or destroyed. Retired company laptops may still retain recoverable data on their hard drives even after formatting. A policy-driven culture enforcing proper destruction and disposal of retired equipment is best practice.

Top 10 Overlooked Security Risks: 2 of 10

Shared or Weak WiFi Passwords

Allowing employees or guests to share a single WiFi password prevents you from controlling who is accessing your company network. Once a person has your WiFi password, they can access your network at any time, even from outside your building’s locked doors, or potentially after you have terminated them, leaving you with no control. Users should always connect to WiFi using a unique username and strong password that company staff can enable and disable as needed. Company policy should always enforce users to use strong passwords so your Wifi password cannot be guessed or compromised.

Top 10 Overlooked Security Risks: 1 of 10

Screen Locking

Once a user logs into a computer, they potentially have access to sensitive company information. If they get distracted or leave their computer unattended, it leaves your company data open to potential theft or exploit. Ensure that all company computers are set to automatically lock the screen after a defined time interval, e.g. 15 or 30 minutes and then require a password to log back in.

Breach Exposes Sensitive California State Employee Data

Data Breaches occur almost on a daily basis. You may not know that your IT Security problem is. We will find it and we’ll develop and implement real-world solutions.  Read on to learn more about the data breach that leaked state government material.

News has surfaced of a breach of sensitive data of California state employees.

As reported by The Sacramento Bee, it appears thousands of Social Security numbers have been exposed at the Department of Fish and Wildlife, with the department confirming so in a memo sent to its staff.

It is alleged the breach was discovered in December last year but was only disclosed to employees this week. The California Highway Patrol is thought to be investigating the incident, which is believed to have been brought about as a result of a former state employee downloading data to a personal device before taking the device outside of the state’s network. Read more »

The most common type of data breach in hospitals? Paper records, study suggests

Our HIPAA risk assessment includes a comprehensive review of your current IT and data security policies, procedures, networks, systems, and configurations. Adsero Security can help your company or practice improve its security and HIPAA compliance. Read on to discover what type of data breach is most likely to happen in a hospital and how this could lead to a HIPAA disaster.  Read more »

FedEx data breach: 119,000 passports or photo IDs found on unsecured server

We are solutions, builders who provide comprehensive, complete, IT security management programs. In an IT security solutions initiative involving many vendors, we are the project managers who pull it all together and make sure it works as planned- for the long term. Breaches such as the one afflicting FedEx could have been avoided if Adsero Security were involved. Read on to find out how this happened.

Thousands of FedEx (FDX) customers’ private information was exposed after the company left scanned passports, driver’s licenses and other personal documentation on a publicly accessible server.

The incident was first discovered by researchers at a German-based security center called Kromtech earlier this month.

According to the security firm, the server belonged to Bongo International, a company that helped customers with shipping calculations and currency translations. FedEx purchased Bongo in 2014 but renamed the company FedEx Cross-Border International a year later before discontinuing the service in April 2017.

FedEx said on Thursday that it has secured some of the customer identification records that were exposed earlier this month and added that so far it has found no evidence that private data were “misappropriated.” The company, however, said it continues to investigate.

“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation,” a spokesman confirmed to FOX Business on Friday.

The data breach could affect anyone who might have used Bongo’s services anytime from 2009 to 2012, and it’s possible the data were exposed online for several years,” according to Bob Diachenko, Kromtech’s head of communications.

What cybersecurity surprises does 2018 hold?

As more technological advancements are made, more opportunities for cybersecurity issues will arise. One thing is for sure, there is no problem that Adsero Security can’t solve. Read on to find out what surprises are in store for this year.

Bitcoin, the General Data Protection Regulation in Europe and the Internet of Things (IoT) are just three recent developments that will present security professionals with new challenges in 2018. That’s in addition to the usual raft of malware, DDoS attacks and database thefts that have dominated the headlines for some time.

To get a handle on what to expect, we asked two Keeper Security experts – Director of Security and Architecture Patrick Tiquet and Chief Technology Officer Craig Lurey – to peer into their crystal balls to find what 2018 holds. Here’s what they saw.

IoT

IoT has been on Patrick’s mind a lot lately, not just because it represents a vast expansion of the attack surface, but also because it opens whole new types of data to compromise. “Every aspect of your everyday life is potentially accessible to anyone anywhere in the world in seconds,” he says. “All your conversations can be accessed, captured and converted.”

Vulnerabilities have already been reported in voice-activated personal assistants, and attackers years ago figured out how to turn on smartphone microphones and cameras without the owner’s knowledge. “We will see a major IoT security disaster this year, and I think it will be bigger than the Dyn hack of 2016,” which originated with printers, security cameras, residential gateways and baby monitors,” Patrick says.

New attack vectors

New attack vectors have also been on Craig’s mind, particularly in light of recent disclosures of hardware flaws in microprocessors. “There’ll be more activity by hackers around hardware-based attacks that go after the memory of the device,” he says. Particularly concerning is that “Spectre and Meltdown took advantage of hardware flaws but were able to abstract them to the software level.” That makes them harder to stop with conventional anti-malware protections alone. Hardware vulnerabilities may demand a whole new type of protection.

Japan’s Coincheck set to report to regulators over $530 million cryptocurrency heist

With a combined  45 years experience, Adsero’s principals have seen it all. We can solve any problem. Prevention is pivotal in cases like this. Read on to find out how over $530 million in cryptocurrency was taken in a heist.

Japanese cryptocurrency exchange Coincheck, stung by the theft of $530 million of digital money last month, is expected to file a report with regulators on the hacking on Tuesday.

The Financial Services Agency ordered Coincheck to raise its standards after the hack and gave the exchange until Feb. 13 to submit a report on the heist, the safety of its systems, and measures it would take to prevent a repeat.

Coincheck said on Friday it would allow customers to restart yen withdrawals on Tuesday. The exchange, which froze all withdrawals of yen as well as digital currencies following the theft, said it had confirmed the integrity of its system security.

Coincheck has received withdrawal requests from customers totaling about 30 billion yen ($280 million), a person with direct knowledge of the matter told Reuters last week.

Still, the exchange said it would keep restrictions on cryptocurrency withdrawals until it could guarantee the secure resumption of its operations. It did not give further details.

The Coincheck heist exposed flaws in Japan’s system of regulating cryptocurrency trading, and raised questions over the country’s dash to oversee the industry – a move that was in sharp contrast to clampdowns by policymakers in countries such as South Korea, China and India. Read more »

Winter Olympics: Computer virus targeted Pyeongchang Games, say cyber security firms

As previously mentioned, the Olympics are a highly suspected target for cybersecurity threats. It did actually happen. Adsero Security would have performed penetration testing to assess any risks and from there developed a security written policy, set risk management standards, and then train various staff members. With Adsero Security on their side, they would have slept better at night. Read on to see how this nightmare occurred

PYEONGCHANG (REUTERS) – Several US cybersecurity firms said on Monday (Feb 12) that they had uncovered a computer virus dubbed “Olympic Destroyer” that was likely used in an attack on Friday’s opening ceremony of the Pyeongchang Winter Games.

Games Organisers confirmed the attack on Sunday, saying that it affected Internet and television services but did not compromise critical operations.

Organisers did not say who was behind the attack or provide a detailed discussion of the malware, though a spokesman said that all issues had been resolved as of Saturday.

Researchers with cybersecurity firms Cisco Systems Inc, CrowdStrike and FireEye Inc said in blog posts and statements to Reuters on Monday that they had analyzed computer code they believed was used in Friday’s attack.

All three security companies said the Olympic Destroyer malware was designed to knock computers offline by deleting critical system files, which would render the machines useless. The three firms said they did not know who was behind the attack.

“Disruption is the clear objective in this type of attack and it leaves us confident in thinking that the actors behind this were after the embarrassment of the Olympic committee during the opening ceremony,” Cisco said in its blog.

 The attack took the Olympics website offline, which meant that some people could not print out tickets and WiFi used by reporters covering the games did not work during the opening ceremony, according to Cisco.

Read more »