Vulnerable libssh Embedded Into Critical IoT

ZDNet has reported that a security flaw in libssh “leaves thousands of servers at risk of hijacking.” (CVE-2018-10933) This was a well written article.  However, we believe Catalin Cimpanu, the author, understated the actual risk to organizations when he said “most servers, IoT devices, and personal computers [use the non-vulnerable] openssh instead of libssh.”

Medical IoT Devices Named Top Security Threat

Last week our content manager, Mindy Affrime, sent me an article about the risks associated with Medical IoT Devices. The article caught my attention because of the author.  It was published by the Cyber Security Engineering Department at the University of San Diego.  The article names four areas they believe “will be particularly vulnerable to

Dark Reading Interviews Securolytics Co-Founder

Securolytics recently uncovered a new email exploit we named the Split Tunnel SMTP Exploit.  It allows an attacker to bypass email security gateways and inject malicious messages directly into the victim’s email server.  The good news is that Securolytics Email Encryption customers were always protected against this exploit as our integrated cloud platform performs encryption/decryption

Split Tunnel SMTP Exploit Explained

Published: May 23, 2017 Security Research By: Vikas Singla & Jason Morris Executive Summary: Exploit: The Split Tunnel SMTP Exploit allows an attacker to bypass an organization’s email security gateway and inject messages with malicious payloads directly into the victim’s email server. This exploit targets a newly discovered vulnerability in popular Email Encryption appliances as a backdoor.  Injectable payloads

NY Hospital Hacked- 7,000 Patient Records Stolen

The latest on the Bronx Lebanon Hospital cyberattack.  (Source: NBC News)  Medical records of at least 7,000 patients were compromised in a data breach involving Bronx Lebanon Hospital Center in New York. This hack disclosed patients’ mental health and medical diagnoses, HIV statuses and sexual assault and domestic violence reports, according to records reviewed by

Removing Palikan.com Browser Hijacker

Palikan is a browser hijacker that is bundled with other free software that you download off of the Internet. Once installed it will set the homepage and search engine for any installed browsers to http://www.palikan.com without your permission. This itself is not considered malicious as there are many legitimate programs that change these settings as

IBM dissects 2016 Cyber Attacks

IBM’s 2016 X-Force Threats Intelligence Index was just released. The stats are amazing. Several major data breaches thrust cybersecurity into the global spotlight in 2016. In the Asia-Pacific region, for example, cybercriminals stole 100 GB of government data from the Indian state of Kerala and made off with 300 GB of voter data in the

Hospitals need Increased Data Protection

Lying in a hospital bed, the last thing you should have to worry about is a personal data breach. Yet recent research co-authored by a Michigan State University business scholar found nearly 1,800 occurrences of large data breaches in patient information over a seven-year period. The study, by Xuefeng “John” Jiang, MSU associate professor of

Russians Behind Yahoo Breach

On February 7, 2017 , the team at Securolytics reported on the massive Yahoo breach which affected 500 million of their customers. Yesterday the US Gov’t indicted Dmitry Dokuchaev, Igor Sushchin, Alexsey Belan, and Karim Baratov—for carrying out that Yahoo hack. The indictment unsealed Wednesday by US authorities against two agents of the Russian Federal Security

Atlanta Based Arby’s Acknowledges Data Breach

Fast Food Chain Arby’s credit card users attacked. Sources at nearly a half-dozen banks and credit unions independently reached out over the past 48 hours to inquire if KrebsOnSecurity heard anything about a data breach at Arby’s fast-food restaurants. Asked about the rumors, Arby’s told that site that it recently re-mediated a breach involving malicious software

Spam is making a big-time comeback!

This Network World article is a fantastic reminder that our emails are still BIG targets for cybercrime. All organizations must stay vigilant. Proactive Prevention is the Best Defense! www.networkworld.com/ Spam is making a surprising resurgence as a threat to corporate security and becoming a more significant carrier of attacks as varied as spear phishing, ransomware

25% of Companies Breached in 2016

Securolytics is always on the look out for important and current surveys/reports on the state of IT Security. We want our clients and all organizations to be informed. This survey is very telling. If you have an IT Security survey or report you would like to share, please send it to us. We will post

Georgia Tech Lands $17.3-Million Cybersecurity Grant

Our congrats to Georgia Tech. Last month, Georgia Tech was granted a $17.3 million cybersecurity research contract by the US Department of Defense. Their mandate- to help establish new science that quickly, objectively and positively identifies the virtual actors responsible for cyberattack. The IT Security experts at Securolytics are so proud that our University is embarking

Healthcare Under Cyber-Assault!

Securolytics is working with the Healthcare Industry to proactively defeat CyberCrime. This excellent article looks at the new IoT devices and how they are affecting and providing more opportunity for hackers.  Please learn more from our partners More is not necessarily merrier when it comes to health information technology, as this year’s plague of hacking

Leading Age NY Interviews Securolytics CEO

According to the FBI, “ransomware attacks are not only proliferating, they’re becoming more sophisticated.” (www.fbi. gov/news/stories/incidents-of-ransomware-on-the-rise) That’s especially true for organizations such as hospitals and senior healthcare systems where confidential information governed by the Health Insurance Portability and Accountability Act (HIPAA) is a prime target.

2016’s Biggest Data Breaches

Securolytics is in the forefront of proactively detecting and disarming hackers and identity theft in businesses large and small. Here are some of the major breaches that occurred around the world in 2016 which are important to be aware of. In later articles, we will analyze in depth some of these attacks, so we can

Securolytics Eliminates PCKeeper Adware

Securolytics Web Security detects attempted communication by PCKeeper software and related toolbars.  We thought it would be useful to provide a description of how PCKeeper works to illustrate how Securolytics Web Security protects our customers from having “Potentially Unwanted Programs” like PCKeeper introduced into their systems.

Securolytics Eliminates MacKeeper Adware

Securolytics Web Security detects attempted communication by MacKeeper software and related toolbars.  We thought it would be useful to provide a description of how MacKeeper works to illustrate how Securolytics Web Security protects our customers from having “Potentially Unwanted Programs” like MacKeeper introduced into their systems.

Securolytics Eliminates Mindspark Adware

Securolytics Web Security detects attempted communication by the Mindspark family of adware and toolbars.  We thought it would be useful to provide a description of how these programs work to illustrate how Securolytics Web Security protects our customers from having potentially problematic programs introduced into their systems.

Zoho Partners with Securolytics

With our technological expertise and heavy use of API, it makes sense that Zoho chose Securolytics to be a strategic partner.  When you go to their website, there we are showcased right next to other major companies like Century 21, etc. We are happy to be partnering with Zoho and helping businesses large and small

Ransomware Targeting US Companies

According to the US Department of Homeland Security, “the infections of ransomware, which encrypts critical data and demands payment for its release, are typically triggered by office workers clicking on malicious emails. This prevalence of ransomware is creating significant implications for the business community, with 4,000 ransomware attacks occurring every day, reportedly earning cyber criminals

IoT’s Rough Patch

According to a survey by PricewaterhouseCoopers, almost 70% of connected IoT devices lack fundamental security. According to analyst firm IDC, “the number of IoT devices will grow from approximately 6 billion in this decade to 28 billion in 2020 — a staggering number. The market for wearable smart devices alone is expected to increase at

The State of IoT Security

The team at Securolytics is excited to present the first of our blog series on IoT Security. There is no Technology Security issue that has more people talking and businesses struggling for solutions. Why? Simple- IoT is a real security risk for businesses and no one is predicting that the need for IoT security is

NXDOMAIN

NXDOMAIN is the return code when a DNS lookup fails to resolve the requested domain to an IP address. This can happen for many reasons. Usually, it is just a user mistyping an address– google.xom. However, if you search your logs for NXDOMAIN, and look at the domains for which DNS lookups failed, you may

ransomware

There is a new kind of ransomware floating around on the internet and it’s nasty.   The ransomware detected earlier this year dubbed ‘Bart’ has taken a whole new approach to complicating your life.  With previous builds of ransomware, one of the first actions it took was to look for what’s called a key server. 

CyberLaunch Selects Securolytics to Present at Demo Day

CyberLaunch, the leading accelerator for information security and machine learning startups, announced its inaugural ‘Demo Day,’ for Thursday, Aug. 25, 2016.  Accredited investors, entrepreneurs and media will have an opportunity to attend a private viewing of the accelerators’ first seven startups. CyberLaunch’s Summer 2016 class is comprised of seven startups including: Securolytics.  We are thrilled