All posts in Security

Security Update for the Month Ending May to June 2017: Adobe Patches 20 Flaws

Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the cybersecurity happenings for the end of May through early June 2017 time period.

Adobe Patches 20 Flaws in Flash Player and Other Products! Updates released by Adobe on Tuesday for Flash Player, Shockwave Player, Captivate, and Digital Editions address a total of 20 vulnerabilities, including critical weaknesses that can be exploited for remote code execution. Update your Adobe products now!

Thousands of Firms Fail to Update Software on Most Computers: An analysis of 35,000 companies around the world showed that thousands of them have failed to update the software running on a majority of their computers.  Don’t let this happen to your company. If you need help with a plan, Veracity can assist you with our managed IT infrastructure services capabilities.

MAC USERS!  MacRansom RaaS Potentially Created by Copycats: A newly discovered ransomware family targeting Mac users is using the Ransomware-as-a-service (RaaS) distribution model and uses code copied from previous MacOS ransomware, Fortinet researchers warn. The threat uses a web portal hosted on TOR, but samples aren’t readily available through the portal, and interested parties must contact the author directly to obtain them. Wannabe criminals can specify a ransom amount, a date to trigger the ransomware, and whether the malware should execute when someone plugs in a USB drive.

MAC USERS! MacSpy Malware Offered as Free Service: The first malware-as-a-service (MaaS) targeting Mac users was discovered on an underground forum available for free, AlienVault reveals. Users can infect machines by placing MacSpy’s unzipped folder onto a USB drive and manually executing a 64-bit executable called ‘updated’ when needed. Don’t load any unknown zip files on to your Mac or allow anyone else to, either. Do a scan on the device and then install.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions. We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

 

Security Brief with Amy Krohn: Did Someone Just Share a Random Google Doc With You? Don’t click!

Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the cybersecurity happenings for  end of April – early May 2017 time period.

A Dangerously Convincing Google Docs Phishing Scam Is Spreading Like Crazy! DON’T CLICK: The latest Phishing scam appears to be spreading on a massive scale through people’s contacts. If you’re concerned your account has been compromised, you can go to Google’s security page to adjust permissions. (Look for “manage apps,” and revoke access to untrusted apps.) . Read More

Intel Warns of Critical Vulnerability in Processor Firmware . A critical escalation of privilege vulnerability affecting Intel Active Management Technology (AMT) could allow an unprivileged network attacker to gain system privileges. To deflect: Get a good, complete hardware inventory together, and get a good software inventory.

Cloudflare Launches Service to Protect IoT Devices: Cloudflare has launched a new service that aims to address one of the most wide-spread issues in today’s connected world: the poor security of Internet of Things (IoT) devices.

ATTENTION MAC USERS – New “Dok” Mac OSX Malware Steals Sensitive Data:  New malware able to spy on OSX users’ internet traffic, including https traffic, has been found targeting European users. The malware was previously not stopped by Apple’s Gatekeeper, and when discovered was not detected by anti-malware signature engines.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions.

We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

Facebook, Microsoft and Adobe! April Security Update with Amy Krohn

Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the cybersecurity happenings for April 2017.

VMware released patches for its vCenter Server product to address a critical remote code execution flaw that exists due to the use of a vulnerable third-party component. The vulnerabilities can be exploited for denial-of-service (DoS) attacks, remote code execution, and to obtain sensitive data. The security hole affects vCenter Server 6.0 and 6.5; version 5.5 or other VMware products are not impacted. VMware has advised users to apply the 6.5c and 6.0U3b patches to address the vulnerability.

Facebook on Friday, April 14, 2017, said it disrupted an international fake account operation that was firing off inauthentic “likes” and bogus comments to win friends it would then spam. Under pressure to stem the spread of “fake news,” Facebook has taken a series of steps including making it easier to report such posts and harder to earn money from them. Facebook said the campaign aimed to trick people into connecting as friends they would later target with spam.

Microsoft Patches Office, IE Flaws Exploited in Attacks. Microsoft’s security updates for April 2017 address more than 40 critical, important, and moderately severe vulnerabilities, including three zero-day flaws that have been exploited in attacks. If you are an Office and IE user, please update your applications.

Adobe patches have 60 vulnerabilities  across several products. Security updates by Adobe inform patch users of nearly 60 vulnerabilities across several of the company’s products. The Acrobat and Reader updates address 47 flaws, including many that could lead to simple code execution. Please be sure to accept this update.

Good-bye Microsoft Vista!  Microsoft Kills Support for Windows Vista this month. Now that support has ended, Windows Vista will continue to work as before, only that it will become increasingly vulnerable to security risks and malware. It’s time to upgrade!

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions.

We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

IRS Scammers are Working Overtime During Tax Season!

Amy_Krohn

Amy Krohn, Veracity’s VP of Technology

Protect Yourself From Scammers During This Tax Season and Everyday!

There is a new phone scam working in Kansas City and around the country. The Internal Revenue Service reports impostors are calling people and demanding immediate payment.  In many cases threatened jail-time or deportation.  How do I know this?  I came home to a a crying family member being threatened by these villains demanding payment.

Tax season is stressful. IRS scammers only add to your anxiety, through phone calls and emails.  They will try to convince victims they owe money.  The more the public is educated about the security risks and what to look for, better prepared we will be to fend off these impostors.   As a professional in Infrastructure and Security, its my job to take care of educating my clients about security on a greater scale.  But when the issue hits home or when I hear of the elderly, who are perhaps not as tech-savvy, being taken advantage of, I feel its my duty to step forward to help.  Below are some helpful “rules” from the IRS to know about the IRS calling you at home.

Five things the scammers often do but the IRS will not do.

Any one of these five things is a tell-tale sign of a scam. The IRS will never:

  1. Call to demand immediate payment, nor will we call about taxes owed without first having mailed you a bill..
  2. Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  3. Require you to use a specific payment method for your taxes, such as a prepaid debit card.
  4. Ask for credit or debit card numbers over the phone.
  5. Threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.

When these scammers call, simply hang-up.   They will more than likely call again and you should hang up again.  Report the phone number to the IRS.   Your best defense is to not give out any piece of information to them.  And never give out your social security number,  license, passport information, address, or children’s information.  For more information on the IRS scams and what you can do go visit  www.justice.gov/tax or www.irs.gov .

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions.

We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

Security Brief with Amy Krohn: Vulnerabilities in Common Devices

Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the cybersecurity happenings for March 2017.

Industrial Sector Becoming a Common Target for Attacks: According to Kaspersky Labs, the industrial sector is increasingly becoming a common target. This information is based on data collected by the company in the second half of 2016.  The problem is the devices used by network administrators, developers and contractors can freely connect to the Internet, and there is the vulnerability.  For email, hackers use common topics (e.g. UPS, bank messages) to send the malware. Be on the lookout for documents like Word, NSIS, AutoCAD, HTML, Java, BAT, PDF and Excel files.  Run a virus scan first before opening.

Apple Patches Hundreds of Vulnerabilities Across Product Lines: On March 27, 2017, Apple released security patches for its macOS and macOS Server, iOS, watchOS, tvOS, Safari, and Pages, to address over 200 vulnerabilities.

Google Researcher Finds New Flaw in LastPass: Google Project Zero researcher Tavis Ormandy has identified yet another serious vulnerability in the LastPass browser extension. The developers of the password manager are aware of the flaw and are working on a patch.  

FBI Warns Healthcare Industry of FTP Attacks: FBI warns the healthcare industry that threat actors are targeting FTP servers that have anonymous authentication enabled.  Talk to your System Administrators about the disable methods.

Botnet Pummels Retail Websites in Hunt for Gift Card Balances: A recently discovered Internet bot is conducting sustained attacks against retailers and checking millions of gift card numbers to determine if any have balances, Distil Networks researchers warn.

CIA’s Mac, iPhone Vulnerabilities Already Patched: Apple’s initial analysis shows that the iPhone and Mac exploits disclosed by the website WikiLeaks have already been patched, and Apple told WikiLeaks to submit vulnerabilities through the normal process.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions.

We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

September Cybersecurity Recap: Ransomware And Email Scams Still Dominate

Amy_Krohn-300x300

In September, the reoccurring threat theme indicated that parties needed to be on the lookout for ransomware. Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the USHS Cybersecurity Report for September 2016: Ransomware and Email Scams Still Dominate the Landscape.

Ransomeware Still a Major Issue for Companies!

There was an almost 200% increase in the number of ransomware discovered in the first half of 2016.  According to the FBI, there were over $209 million worth of ransomware-related monetary losses were recorded during the first three months of 2016 in the United States alone.

What is the best way to counter these attacks?

Organizations looking to protect against ransomware should consider solutions that one, identify and block malicious emails, files, and URLs before they can reach endpoints; and two, enable behavior and network traffic monitoring, which allows advanced detection and immediate suspension of malicious activities within the network.

Business Email Compromise Scams Continue to Spread

Email scams typically use social engineering lures rather than malware to intercept monetary transactions. The U.S. ranks among the highest for these types of attacks. Who are the most common targets? The company CFO, who tends to be spoofed because an email comes from the company’s supposed CEO.  The solution is education, but it is important to have security solutions that can block malicious emails and flag social engineering techniques associated with ongoing scams. Be sure to keep your company’s email servers up-to-date and create a plan of action before you are attacked. If you find your company without the necessary expertise to perform such tasks,  Veracity’s Manage Services infrastructure team can assist your company with the necessary maintenance and training.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses andAbout_Us_Veracity_Consulting communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions.

We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

August Cybersecurity Recap: Staggering 11 Million Patient Records Breached in August!

Amy_Krohn-300x300

11 Million Patient Records Breached in One Month is Unacceptable

In August, more than 8.8 million patient and health plan member records were exposed as a result of data breaches. Here is a recap of the USHS cybersecurity report for in 8/2016 by Veracity Consulting’s Vice President of Technology, Amy Krohn:

August was a horrible month for data breaches, particularly in the healthcare industry. According to the latest installment of the Protenus Breach Barometer, the total number of healthcare records stolen or exposed this summer exceeds 20 million. The Breach Barometer shows that one of the most potent threats to healthcare data security are insiders or people that work for the healthcare providers. These individuals were responsible for causing approximately 43% of the data breaches reported in August 2016. Hacking was cited as a smaller cause, but was still a significant threat that could include anything from malicious individuals poking around in your systems to staged ransomware attacks. If you’ll recall, ransomware has become a hot button this year due to healthcare providers be held “hostage” by hackers until they pay for their systems to come back online. Ransomware was the second largest cause of breaches accounting for 29% of incidents.

Fortunately, we are doing better. Healthcare providers appear to be better prepared for breaches and are able to issue notifications well within the cybersecurity-rules-linkedintime frame allowed by the Breach Notification Rule.  But, 11 million patient records breached is far from acceptable. Companies must remember that each recorded breach is a hit to their bottom-line. Therefore, these types of threats must be dealt with quickly. Businesses need to stay ahead of hackers, keeping processes updated and communicating what security practices are acceptable for employees. This applies to all companies that deal with customer data, not just healthcare.  It is critical for companies to have plans in place to recognize attacks as they happen, as well as a plan for countering or stopping the attack. Last, companies need to hold a  review of processes post-attack. Now is the best time to audit your processes and infrastructure to insure that your vulnerabilities and weaknesses are protected. Engage the Veracity team to help you with infrastructure and cybersecurity assessments.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses andvc communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions.

We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Services, Enterprise Architecture, Managed Infrastructure, Security, and Web Services.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

source: Department of Homeland Security, Protenus – june

How to Create a Culture for Building Better Cybersecurity

Cybersecurity breaches are quickly becoming an everyday occurrence in the news, especially in the last few days. Sony has been hacked,  Home Depot and even the White House.  Since last year’s massive Target breach sent consumers home from their holiday shopping bonanzas, businesses are paying more attention to the real threat of hackers on their bottom-line.  As the saying goes….“It is not a matter of if you will be breached, but when…” Companies must constantly test their security measures and responses by continuously secure-iconauditing their systems and processes; this helps to identify and close loopholes. If your company wants to know how to implement best practices for their security and auditing measures, Veracity Consultants are here to help you get started.

Consider the following:

Begin with Strong Business Leadership. Identify a business champion that can communicate change management effectively. Many companies want to lean on their technical expert for implementing security changes. Sometimes this isn’t always the best choice. To build a solid program that will gain momentum for implementing regular audits, counter measures, and gaining buy in from the company as a whole, you must have a business leader to champion the cause. You need someone who can organize, communicate, and influence. If this is your Technical Expert, fantastic, but don’t be afraid to use your PMOs, who are truly experts in standing up a new program.

Encourage an Open Dialog. Change is difficult for everyone, but proper communication can ease anxiety and the water cooler talk. When teams are properly educated about the situation and its impact (who, what, why, and how) there is less room for gossip and speculation.

Create a Culture of Security. Some of the biggest threats today are coming from overseas. Many are actively attempting to steal trade secrets or destabilize a company. Instill in employees a culture of security while empowering them to protect the company’s assets. After all, protecting the latest company top-secret project is actually protecting their livelihood! Leaders should hold individuals accountable for new standards, but also allow individual contributors to hold each other accountable. Supporting this is critical. Standards should be constantly discussed with employees as well as their responsibility to the standard.

Educate Users about Current Threats and What They Can Do. Your users can be one of the biggest risks to the security of your organization. Many times users circumvent controls without fully understanding the repercussions. This leaves your organization and its people vulnerable to its weaknesses. It takes a Program Manager with sound communications skills and ability to influence everyone to buy in to the initiative. Open and honest communication about “what will happen..” and “why we need to do this..” works well. When it doesn’t, then it’s time to hold people accountable for the breach.

Implement and Post Your Company Security Policy. Policies and standards provide the foundation for what to do and what not to do. Proper documentation and communication of policies and standards to end users will create the backbone of your program. Not everybody will read them thoroughly, nor will they follow them all of the time, but if you can change the behavior of a number of end users and add teeth to the program, that is a huge win. When policies are not followed as expected, and standards are not met, then the accountability from above comes back into play.secure_server

Stay on Top of Your Patch Management. Veracity IT Managed Services Team has successful implemented vulnerability scanning software for daily, monthly, and quarterly assessment by System Engineering. From this information our technical leaders then formulate a schedule for patch management on an ongoing basis. These are the steps that help our clients detour and maintain visibility of ongoing threats. Our Managed Services Consultants begin by building an asset inventory and scanning assets for problems. Once that’s established, a Veracity Program Manager works with system engineering to properly schedule the eradication of the issues. Lastly, the team provides metrics so a baseline is established that executives can use to make educated decisions on what vulnerabilities need to be addressed next.

Perform Regular Assessments. Use an outside partner like Veracity Consulting’s Security Assessment Team or another reputable source. These outside consulting teams will give your internal security and systems teams’ honest feedback on your security processes and policies. This is a very important part of the process.

Remember, it takes time to build an information security program. But you must start somewhere. It is the most important IT initiative that you can take in 2014, 2015, and beyond. Be sure to choose a partner that you trust and one that can help you to provide a safe and secure business environment to your employees and your intellectual property.

Call, 913-945-1912 or email us today for more information on how a Veracity Consultant can help your company create a culture that champions your company’s cybersecurity initiative.