Monthly Archives: March 2019


FEMA Exposed PII for Millions of Disaster Victims

The Federal Emergency Management Agency (FEMA) exposed the personal identifiable information of 2.3 million individuals by oversharing data with a contractor. 

The individuals who were affected by hurricanes Harvey, Irma, and Maria, as well as the 2017 wildfires in California , had provided their information to the Federal Emergency Management Agency (Fema) while applying for transitional sheltering in hotels.

“Since discovery of this issue, Fema has taken aggressive measures to correct this error,” Fema press secretary Lizzie Litzow said in a statement. “Fema is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system,” 

According to FEMA a network assessment found that the contractors network contain 11 vulnerabilities and so far only a few have been resolved. Since there has not been no indication of intrusion within the last 30 days which is how far back the logs go back, there … Read the rest


Oregon DHS fell victim to a targeted phishing attack

Nine employees Oregon department of Human Services managed to fall for a targeted phishing attack which compromised 350,000 patients and 2 million Emails. 

 

On a notice by the Cyber Security Team on January 28th determined that the email accounts were breached after nine employees fell to spear-phishing attack. The links they clicked on allowed hackers to access the employees email information. Oregon DHS  hired a third party security team to investigate the incident and determine what information was exposed.

 

The investigation revealed that the compromised email accounts contained around 2 million emails which included personal and medical data of patients.  The hacker had access to their full names, addresses, DOB’s , SSN’s and other details. During the investigation they did not find evidence that the data was copied from the systems.

 

This breach could have been avoided if there was proper cybersecurity awareness training regarding the types of threats that … Read the rest


BAE Report States HUMAN ERROR still major Security Risk

BAE Systems has revealed that even though organizations have continued attempts to improve their cybersecurity, human error is still the major vulnerability towards an organizations network.

They compiled a report by speaking to board level executives, IT decision makers and security professionals to better understand what the current state of corporate incident response capabilities and readiness were.

What they found from their results was to be expected, the BAE Systems research showcased how the majority of organizational breaches are caused by human error. Hackers prey on the uninformed employees.

They have examined that the breaches caused by human error were at 71 percent due to phishing attacks and 65 percent were due to indirect virus and malware infections.

 

Response Teams Saw A Rise In incidents 

BAE Systems also noticed that incident response teams have been working with a number of incidents increases per month.

The research also revealed that many … Read the rest


Counter-Strike 1.6 servers used to push malware

Just about 39% of all Counter-Strike 1.6 servers were being used to push malware to end users. It’s amazing that still to this day counter-strike 1.6 is still being play after 20 years. The game still has many players and there is a high demand for hosting providers to provide players to rent game servers. 

 

Dr. Web, researchers explained that the developers are using the game clients vulnerabilities to push the Belonard Trojan botnet by deploying malicious servers to promote the game servers and enlist more victims to the botnet. At its peak, this botnet grew so large that approximately 39% of the 5,000 Counter-Strike 1.6 servers were compromised and looking to  infect more connected players.

 

“Using this pattern, the developer of the Trojan managed to create a botnet that makes up a considerable part of the CS 1.6 game servers,” stated the research by Dr. Web. “According to our

Read the rest

HIPAA Violation Examples And Fines

Not keeping up with HIPAA regulations can be quite costly for any physician’s office or entity that needs to adhere to compliance. HIPAA Violation fines range from $100 to over $4 Million. Staying compliant is not an easy task, regulations are always changing and you are required be up to date about every change. I have written below a few basic examples and how to avoid them.

 

What is this so called HIPAA Violation?

A HIPAA violation happens when there is some sort of Breach, acquisition, access or a disclosure of Protected health Information which is known as (PHI) that can result in personal risk of the patients. 

Everyone that works with PHI should be compliant:

  • Health Plans

  • Health care clearing houses

  • Health care providers who transmit claims in electronic form

  • Medicare prescription drug card sponsors

  • Any Business Associate, Entity or Individual that has access to any type of PHI. 

Read the rest

The 2019 Threat Report

The new norm with cybersecurity is discovering new attack methods and new threats which emerge daily and new vectors that are being tested by cyber criminals, according to the 2019 Webroot Threat Report.

According to the Webroot Threat Report:

  • 40 percent of malicious malware were found on good domains. , “Since legitimate websites are frequently compromised to host malicious content. Those who use intermediary devices without SSL inspection capabilities should be aware of potential loopholes in their security policies due to this behavior.”

 

  •  Home users are more than twice as likely be infected.
    Home users are not immune; their routers serve as the hub for networks and smart home devices (IoT), yet most users can’t log into their Linux-based routers to see what they are doing. Meanwhile a hacker can learn everything about a user’s environment, can redirect URLs, carry out man-in-the-middle attacks, and even inject cryptojacking scripts.
Read the rest

Ubiquiti Unifi USG-PRO-4 Security Appliance

The Ubiquiti UniFi Security Gateway Pro (USG-PRO-4)is a is an enterprise Gateway Router with Gigabit Ethernet and two combination SFP/RJ45 ports, combining reliable security features with high-performance routing technology in a cost-effective unit. 

The USG-PRO-4 is rack-mountable with fiber connectivity options and a dual-core, 1 GHz processor for maximum hardware‑accelerated performance.

Ubiquiti UniFi Security Gateway Pro Key Features

  • Enterprise Gateway Router with Gigabit Ethernet
  • Advanced Security, Monitoring, and Management
  • Integrates with UniFi Controller Software
  • (2) 10/100/1000 RJ45 Gigabit ports & (2) SFP combo ports
  • Dual-core 1GHz processor
  • Rackmountable form factor with fibre connectivity options
Optical Fiber Connectivity
The Ubiquiti UniFi Security Gateway Pro offers two optional SFP ports for fiber connectivity to support backhaul applications.
Powerful Firewall Performance
The Ubiquiti UniFi Security Gateway Pro offers advanced firewall policies to protect your network and its data.Convenient VLAN Support
The Ubiquiti UniFi Security Gateway Pro can create virtual network segments for
Read the rest

Stay Informed

Receive instant notifications when new content is released.