All posts in Security

.NET-Based Ransomware Uses Open Source Code

Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the cybersecurity happenings for the end of November through early December 2017 time period.

New .NET-Based Ransomware Uses Open Source Code

Two newly discovered .NET-based ransomware families are using open source repositories to encrypt files.two ransomware families have been seen in live attacks carried out via spam emails containing malicious URLs. Both of the new malware families are compiled in Microsoft Intermediate Language (MSIL) and have been packed with the ‘Confuser’ packer.   The malware creates a run key that ensures it is executed each time the user logs into the computer. If removable drives are detected, the threat drops a copy of itself on them, with the name “fatura-vencida.pdf.scr.”   The ransomware changes the victim’s desktop background using image files downloaded from “i[.]imgur.com/NpKQ3KZ.jpg.“Be on the lookout for this one!

Breach at PayPal Subsidiary Affects 1.6 Million Customers

PayPal informed customers on Friday that personal information for 1.6 million individuals may have been obtained by hackers who breached the systems of its subsidiary TIO Networks, one of its subsidiaries.The company is based in Canada and it serves some of the largest telecom and utility network operators in North America.

Chrome to Block Apps from Injecting into Its Processes

Google’s Chrome web browser will soon prevent third-party software from injecting code into its processes.The browser will also guide users into how to update or remove the third-party software responsible for the crash.

We’re Heading into the Holidays!

The increase in transactions during the holiday shopping season naturally comes with an increase in fraud.  Be diligent out there on where you are purchasing and from who.  Don’t fall for the scams.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions. We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

November Security Update with Amy Krohn

Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the cybersecurity happenings for the end of October through early November 2017 time period.

Massive Hack Hidden by UBER from Consumers

Uber said Tuesday that hackers accessed the personal data of 57 million of its users in a breach that had been covered up by the company for more than a year.

Stolen information included the names, email addresses and mobile phone numbers of customers around the world, while the names and driver’s license numbers of roughly 600,000 of its drivers in the United States were accessed.

macOS Malware Spread By Looking like Symantec Blog

A new variant of the macOS-targeting malware is spreading through a blog that looks like the legitimate security company Symantec. The blog,  symantecblog[dot]com, is a very good imitation of the real Symantec blog, and even has the same content from the original.  If you aren’t sure then don’t download from the site.

Symantec Patches Vulnerability in Management Console

Symantec has released an update to address a directory traversal vulnerability in the Symantec Management Console.  Talk to your security administrators about getting this updated if your company uses Symantec.

Microsoft Manually Patched Office Component

Microsoft engineers appear to have manually patched a 17 year-old vulnerability in Office, instead of altering the source code of the vulnerable component, ACROS Security researchers say.  The vulnerability was addressed with a fixed release on November 14 as part of Microsoft’s “Patch Tuesday” security updates.  If you haven’t done this update, do it now.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions. We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

HOT JOBS for the Week of Nov 12th.

Take a look at the best jobs we have on offer from across the Veracity this week, from UX Developer to Process Lead..

Working for us isn’t about slaving away from nine to five, it’s about having a passion and commitment!  Join our team and together we’ll change the way the world looks at technology. Find out more and apply now at Veracity careers.

UX/UI Developer

Veracity has a unique opportunity for an UX/UI Developer whose responsibilities will include collaborating with product management and engineering to define and implement innovative solutions for the product direction, visuals and experience.

Process Lead

This position will support the development of business processes related to creating, curating, sharing, utilizing and managing knowledge across a whole company and even across industries.  You will be the go-to contact for our business stakeholders across a number of high availability services and applications, in a role that will see you to manage expectations, prioritise requests, and develop your skills in a highly collaborative team environment. Sound good? Apply!

Security Analyst

This position serving as the key IT security analyst addressing current and future security requirements. Provides security monitoring, vulnerability assessment, and analysis into potential security related events and incidents.

About Amy Riedel

Amy Riedel, Director, Recruiting and Talent Acquisition

Amy Riedel, Director, Recruiting and Talent Acquisition

Amy Riedel has recruited a good number of amazing people to work on accounts with a cornucopia of clients. She is leading Veracity recruiting strategy and acquisition efforts across the United States.  Her team of recruiting ‘sleuths’  search the “ends of the earth,”  looking for the best in Engineering,  Program Management, and System Administration. With offices on the East coast, West coast and in the Midwest, Veracity looks for talent from all over the United States to join their team.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and
communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions.

We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Services,
Enterprise Architecture, Managed Infrastructure, Security, and Web Services.

Equifax Hack: What to do now?

Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recommendations for you regarding the Equifax cybersecurity breach.

Equifax is one of the three major consumer credit reporting agencies that together, give you your credit score. Equifax said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers. For example, the entire U.S. population in July 2016 was roughly 323 million, according to Census Bureau data. There are  more than 249 million people over age 18 — i.e., those most likely to have a credit file.Equifax’s security lapse could be the largest theft involving Social Security numbers, one of the most common methods used to confirm a person’s identity in the U.S.

What can you do to help yourself during this time?

  1. Assume you are affected. Check your existing credit accounts for suspicious transactions and look out for new accounts in your name.
  2. If you use Equifax, change your account information NOW.
  3. Watch out for phishing attacks.
  4. Equifax has established a website, equifaxsecurity2017.com, so you can check to see if your personal information may have been stolen.  If the verification comes back, you will be offered to enroll in their “TrustedPremier” program.  This is Equifax’s credit monitoring service.  Consumers can also call 866-447-7559 for more information, if they are uneasy about giving this information to Equifax over the web. Experian is also offering free credit monitoring to all U.S. consumers for a year.

It’s difficult to tell consumers to check their credit reports since Equifax was one of the three credit reporting agencies breached.  Normally, during a major breach such as this, a consumer would order their reports from each agency to review activity. Since Equifax is one of these three, it’s understandable that your confidence is shaken, but you will need to be diligent in reviewing your files.  Equifax discovered the hack July 29, but waited until Thursday to warn consumers. If you are unease going this route, then consider purchasing a 3rd party agency for identity theft like Lifelock, IdentityGuard, or Credit Sesame.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions. We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

 

Security Update for the Month Ending May to June 2017: Adobe Patches 20 Flaws

Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the cybersecurity happenings for the end of May through early June 2017 time period.

Adobe Patches 20 Flaws in Flash Player and Other Products! Updates released by Adobe on Tuesday for Flash Player, Shockwave Player, Captivate, and Digital Editions address a total of 20 vulnerabilities, including critical weaknesses that can be exploited for remote code execution. Update your Adobe products now!

Thousands of Firms Fail to Update Software on Most Computers: An analysis of 35,000 companies around the world showed that thousands of them have failed to update the software running on a majority of their computers.  Don’t let this happen to your company. If you need help with a plan, Veracity can assist you with our managed IT infrastructure services capabilities.

MAC USERS!  MacRansom RaaS Potentially Created by Copycats: A newly discovered ransomware family targeting Mac users is using the Ransomware-as-a-service (RaaS) distribution model and uses code copied from previous MacOS ransomware, Fortinet researchers warn. The threat uses a web portal hosted on TOR, but samples aren’t readily available through the portal, and interested parties must contact the author directly to obtain them. Wannabe criminals can specify a ransom amount, a date to trigger the ransomware, and whether the malware should execute when someone plugs in a USB drive.

MAC USERS! MacSpy Malware Offered as Free Service: The first malware-as-a-service (MaaS) targeting Mac users was discovered on an underground forum available for free, AlienVault reveals. Users can infect machines by placing MacSpy’s unzipped folder onto a USB drive and manually executing a 64-bit executable called ‘updated’ when needed. Don’t load any unknown zip files on to your Mac or allow anyone else to, either. Do a scan on the device and then install.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions. We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

 

Security Brief with Amy Krohn: Did Someone Just Share a Random Google Doc With You? Don’t click!

Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the cybersecurity happenings for  end of April – early May 2017 time period.

A Dangerously Convincing Google Docs Phishing Scam Is Spreading Like Crazy! DON’T CLICK: The latest Phishing scam appears to be spreading on a massive scale through people’s contacts. If you’re concerned your account has been compromised, you can go to Google’s security page to adjust permissions. (Look for “manage apps,” and revoke access to untrusted apps.) . Read More

Intel Warns of Critical Vulnerability in Processor Firmware . A critical escalation of privilege vulnerability affecting Intel Active Management Technology (AMT) could allow an unprivileged network attacker to gain system privileges. To deflect: Get a good, complete hardware inventory together, and get a good software inventory.

Cloudflare Launches Service to Protect IoT Devices: Cloudflare has launched a new service that aims to address one of the most wide-spread issues in today’s connected world: the poor security of Internet of Things (IoT) devices.

ATTENTION MAC USERS – New “Dok” Mac OSX Malware Steals Sensitive Data:  New malware able to spy on OSX users’ internet traffic, including https traffic, has been found targeting European users. The malware was previously not stopped by Apple’s Gatekeeper, and when discovered was not detected by anti-malware signature engines.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions.

We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

Facebook, Microsoft and Adobe! April Security Update with Amy Krohn

Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the cybersecurity happenings for April 2017.

VMware released patches for its vCenter Server product to address a critical remote code execution flaw that exists due to the use of a vulnerable third-party component. The vulnerabilities can be exploited for denial-of-service (DoS) attacks, remote code execution, and to obtain sensitive data. The security hole affects vCenter Server 6.0 and 6.5; version 5.5 or other VMware products are not impacted. VMware has advised users to apply the 6.5c and 6.0U3b patches to address the vulnerability.

Facebook on Friday, April 14, 2017, said it disrupted an international fake account operation that was firing off inauthentic “likes” and bogus comments to win friends it would then spam. Under pressure to stem the spread of “fake news,” Facebook has taken a series of steps including making it easier to report such posts and harder to earn money from them. Facebook said the campaign aimed to trick people into connecting as friends they would later target with spam.

Microsoft Patches Office, IE Flaws Exploited in Attacks. Microsoft’s security updates for April 2017 address more than 40 critical, important, and moderately severe vulnerabilities, including three zero-day flaws that have been exploited in attacks. If you are an Office and IE user, please update your applications.

Adobe patches have 60 vulnerabilities  across several products. Security updates by Adobe inform patch users of nearly 60 vulnerabilities across several of the company’s products. The Acrobat and Reader updates address 47 flaws, including many that could lead to simple code execution. Please be sure to accept this update.

Good-bye Microsoft Vista!  Microsoft Kills Support for Windows Vista this month. Now that support has ended, Windows Vista will continue to work as before, only that it will become increasingly vulnerable to security risks and malware. It’s time to upgrade!

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions.

We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

IRS Scammers are Working Overtime During Tax Season!

Amy_Krohn

Amy Krohn, Veracity’s VP of Technology

Protect Yourself From Scammers During This Tax Season and Everyday!

There is a new phone scam working in Kansas City and around the country. The Internal Revenue Service reports impostors are calling people and demanding immediate payment.  In many cases threatened jail-time or deportation.  How do I know this?  I came home to a a crying family member being threatened by these villains demanding payment.

Tax season is stressful. IRS scammers only add to your anxiety, through phone calls and emails.  They will try to convince victims they owe money.  The more the public is educated about the security risks and what to look for, better prepared we will be to fend off these impostors.   As a professional in Infrastructure and Security, its my job to take care of educating my clients about security on a greater scale.  But when the issue hits home or when I hear of the elderly, who are perhaps not as tech-savvy, being taken advantage of, I feel its my duty to step forward to help.  Below are some helpful “rules” from the IRS to know about the IRS calling you at home.

Five things the scammers often do but the IRS will not do.

Any one of these five things is a tell-tale sign of a scam. The IRS will never:

  1. Call to demand immediate payment, nor will we call about taxes owed without first having mailed you a bill..
  2. Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  3. Require you to use a specific payment method for your taxes, such as a prepaid debit card.
  4. Ask for credit or debit card numbers over the phone.
  5. Threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.

When these scammers call, simply hang-up.   They will more than likely call again and you should hang up again.  Report the phone number to the IRS.   Your best defense is to not give out any piece of information to them.  And never give out your social security number,  license, passport information, address, or children’s information.  For more information on the IRS scams and what you can do go visit  www.justice.gov/tax or www.irs.gov .

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions.

We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

Security Brief with Amy Krohn: Vulnerabilities in Common Devices

Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the cybersecurity happenings for March 2017.

Industrial Sector Becoming a Common Target for Attacks: According to Kaspersky Labs, the industrial sector is increasingly becoming a common target. This information is based on data collected by the company in the second half of 2016.  The problem is the devices used by network administrators, developers and contractors can freely connect to the Internet, and there is the vulnerability.  For email, hackers use common topics (e.g. UPS, bank messages) to send the malware. Be on the lookout for documents like Word, NSIS, AutoCAD, HTML, Java, BAT, PDF and Excel files.  Run a virus scan first before opening.

Apple Patches Hundreds of Vulnerabilities Across Product Lines: On March 27, 2017, Apple released security patches for its macOS and macOS Server, iOS, watchOS, tvOS, Safari, and Pages, to address over 200 vulnerabilities.

Google Researcher Finds New Flaw in LastPass: Google Project Zero researcher Tavis Ormandy has identified yet another serious vulnerability in the LastPass browser extension. The developers of the password manager are aware of the flaw and are working on a patch.  

FBI Warns Healthcare Industry of FTP Attacks: FBI warns the healthcare industry that threat actors are targeting FTP servers that have anonymous authentication enabled.  Talk to your System Administrators about the disable methods.

Botnet Pummels Retail Websites in Hunt for Gift Card Balances: A recently discovered Internet bot is conducting sustained attacks against retailers and checking millions of gift card numbers to determine if any have balances, Distil Networks researchers warn.

CIA’s Mac, iPhone Vulnerabilities Already Patched: Apple’s initial analysis shows that the iPhone and Mac exploits disclosed by the website WikiLeaks have already been patched, and Apple told WikiLeaks to submit vulnerabilities through the normal process.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions.

We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.

September Cybersecurity Recap: Ransomware And Email Scams Still Dominate

Amy_Krohn-300x300

In September, the reoccurring threat theme indicated that parties needed to be on the lookout for ransomware. Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the USHS Cybersecurity Report for September 2016: Ransomware and Email Scams Still Dominate the Landscape.

Ransomeware Still a Major Issue for Companies!

There was an almost 200% increase in the number of ransomware discovered in the first half of 2016.  According to the FBI, there were over $209 million worth of ransomware-related monetary losses were recorded during the first three months of 2016 in the United States alone.

What is the best way to counter these attacks?

Organizations looking to protect against ransomware should consider solutions that one, identify and block malicious emails, files, and URLs before they can reach endpoints; and two, enable behavior and network traffic monitoring, which allows advanced detection and immediate suspension of malicious activities within the network.

Business Email Compromise Scams Continue to Spread

Email scams typically use social engineering lures rather than malware to intercept monetary transactions. The U.S. ranks among the highest for these types of attacks. Who are the most common targets? The company CFO, who tends to be spoofed because an email comes from the company’s supposed CEO.  The solution is education, but it is important to have security solutions that can block malicious emails and flag social engineering techniques associated with ongoing scams. Be sure to keep your company’s email servers up-to-date and create a plan of action before you are attacked. If you find your company without the necessary expertise to perform such tasks,  Veracity’s Manage Services infrastructure team can assist your company with the necessary maintenance and training.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses andAbout_Us_Veracity_Consulting communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions.

We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.