This problem was made abundantly clear to the users of the Ashley Madison website. According to CNN, the extramarital affair website’s 37.5 million users are under the threat of having their information shared with the world unless they comply with the hacker’s requests. This is an effective way that hackers can hold a user hostage, but instead of ransoming a loved one or prisoner, it is information that is on the line. Ashley Madison users are only an example; for the average person this is an instance that would not influence their daily lives. However, there are countless other activities that an average person takes part in that could be used to harm, for example, driving. The recent experiment where hackers were able to take over the controls of a Jeep while a passenger was driving should be alarming to any of those who commute regularly. Since hackers were able to control the breaks of the vehicle, serious harm could be inflicted to anyone on the road. Since, according to USA Today, 210 million Americans are licensed drivers, this is an issue that affects almost everyone.

It is becoming a reality that now that everything is done online, we leave a digital footprint in almost everything we do, and this data can be used against us. The key is to recognizing that since everything leaves a trace, than we must be careful about what we post and what activities we choose to do online. Security that detects when our personal issues are being accessed is vital to keep privacy a reality. Effective security could prove to be the difference in being able to live your daily life without fear or being held hostage by it.

Live your life without fear.
Let Aegify help you secure your organizations data and reduce overall risk of being held hostage by the very technology that keeps your business running. To learn more about our Security, Risk and Management solutions please click HERE and register for our LIVE webinar led by Aegify CEO Anupam Sahai on Thursday, September 3 from 11:00 AM – 12:00 PM PDT.

The post How Technology Can Hold You Hostage appeared first on Aegify.

The year 2014 discovered three major vulnerabilities – Heartbleed, Shell Shock Hash bug and the Poodle bug. These major vulnerabilities have shaken the edifice of security havens. The Heart bleed bug made it possible for attackers to steal data from a server including the keys to decode any encrypted contents.

Shellshock a more serious bug made it possible for hackers to take control of millions of machines around the world quietly without notice. Another new breed of bug, Poodle, was found in a 15-year-old web encryption technology called SSL 3.0. SSL, which stands for Secure Sockets Layer, a technology that encrypts a user’s browsing session, making it difficult for anyone using the public Wi-Fi to eavesdrop. The Poodle bug makes it possible for hackers to hijack their victim’s browsing session and do things like take over their email, online banking, or social networking account.

This GHOST vulnerability affects almost all major Linux distributions, except a few such as Ubuntu 14.04. Millions of servers on the Internet contain this vulnerability.

As a buffer overflow bug, GHOST affects certain function calls in the Glibc library. The vulnerability allows a remote attacker to execute arbitrary code using these function calls that are used for DNS resolving, a common event. In exploiting this vulnerability, an attacker may trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution. To eliminate the possibility of an exploit, the specific function calls, ‘glibc’ and ‘mscd’ is to be updated on the system using packages released by Linux updates.

Researchers at Veracode discovered that nearly 41% of enterprise applications using GNU C Library employ the Ghost-ridden ‘gethostbyname’ function[1]. Veracode rates this vulnerability as highly ‘Critical’, as 80% of applications like financial transaction applications or application that access sensitive databases uses ‘glibc’ library and which could be victim of GHOST vulnerability. According to Veracode, the code that initiate network connection, log processing and mail or spam filtering can be vulnerable to GHOST as it uses gethostbyname( ); function.initiate network connection, log processing and mail or spam filtering can be vulnerable to GHOST as it uses gethostbyname( ) function.

Veracode found that 72% of applications which is written in C or C++ are potentially vulnerable to GHOST; applications written in Java, .NET, and PHP are also vulnerable to GHOST.

The easiest way to check for this vulnerability is to run the Aegify scanner on Linux hosted servers within the organization and in its external IT infrastructure. Patches are now available for resolving this vulnerability.

Aegify suite of tools – security, compliance and risk management provide a rich set of solutions for identifying vulnerabilities that continuously emerge and threaten businesses and individuals ensuring that such risks are properly identified and addressed, and all the while remaining compliant to various regulatory requirements.

Aegify Security Posture Management, an innovative and completely cloud-based automated and integrated security monitoring and compliance assessment tool helps enterprises to take away the complexity of maintaining a secure posture and ensuring compliance. This tool simplifies the protection of their physical and virtual environment and IT infrastructure from security breaches by cyber attackers while also meeting regulatory requirements. Equipped with distinct features such as continuous security monitoring, vulnerability management engine, physical and virtual network scans, interoperability, re-mediation and multi-layered vulnerability analysis, Aegify’s security solutions provides a complete end-to-end and comprehensive solution to identify security gaps and help enterprises apply related patches or use virtual patching.

The post The new GHOST Vulnerability that could affect security of Linux based servers across the globe appeared first on Aegify.

Consequently, what you may be describing as a highly sophisticated security breach is most often a simple attack technique used by a hacker. However, the report does point out that these attacks become more sophisticated at a later stage after hackers gain initial access to your network or data. Security experts like Marcus Carey (researcher at Rapid7) also agree with this report. He says that there are hardly any credible reports showing a high percentage of advanced attacks. According the Carey organizations don’t necessarily have to be a big target to be attacked.

While on the positive side, this indicates that smaller organizations can protect themselves from security attacks relatively well by simply ensuring that their security fundamentals are taken care of, on the negative side enterprises which have invested on sophisticated security tools may end up failing drastically in meeting some fundamental security requirements.
What are these fundamental requirements?

According to Carey, organizations should focus on:

• Implementing proper vulnerability management
• Educating users about these requirements
• Implementing network-based access control lists

But not all sophisticated security solutions offer these basic capabilities. Very few solutions like eGestalt’s SecureGRC come with the ability to provide end-to-end security and support on an on-going basis. Designed to tackle all possible security situations whether fundamental or advanced, SecureGRC, unlike any other solution, ensures that all your security issues are resolved, and all requirements are taken care of.

The post Are You Falling Prey to Random Security Attacks? appeared first on Aegify.

It was observed that a large percentage of small medical practices still do not consider data security and privacy as one of their top priorities. Only 31% of the respondents said that their management gave importance to issues concerning data security. Another alarming fact is that 70% of the respondents said that their entity does not have the budget to meet compliance, governance, and risk management needs.

While nearly 30% said that data breaches resulted in medical identity thefts, it was seen that in more than one third of the surveyed entities there was no one responsible for patient data protection. Adding to the concern is the fact that 75% of the respondents said that they are allowed to access business and clinical applications through mobile devices like laptops, smartphones and tablet PCs, and that most of them use these devices at work. But only 48% of these entities have policies governing the use of these devices, where as 45% does not do anything to secure these devices. This creates maximum vulnerability, paving the way for more data loss/theft.

What these small practices need is a security solution that can actively protect Patient Health Records while also ensuring that their budget doesn’t take a dig. And that’s what eGestalt’s SecureGRC SB is all about. An innovative security monitoring and compliance management platform designed to meet the requirements of small businesses, SecureGRC SB ensures that Patient Health Records and privacy are well protected. It provides detailed risk analysis with complete security and guidance on all relevant aspects of medical practice, and helps small practices in efficiently and effectively protecting PHI.

The post Are Small Healthcare Practices Most Vulnerable? appeared first on Aegify.