Top 5 Cyber Monday security threats and what to do about them

Top 5 Cyber Monday security threats and what to do about them

by | Nov 28, 2015 | Canada, Privacy, Security, Technology, United States

With Cyber Monday just around the corner, many people still wonder if it is safe to buy online during end-of-the-year sales events.

Of course it is safe in the sense that you won’t be pushed, hit, or crushed by other customers who also want to get their hands on the big deals. But is your credit or debit card information safe when you shop online? If you take a few basic precautions, you can enjoy the big discounts and not worry about getting into trouble.

Historically, November and December are the months with the most online transactions, and are therefore the months in which cyber-criminals are the most active.

We will enumerate the top five security threats you may encounter when shopping online and give you hints about how to shop safely on these dates.\
Read more: http://www.itproportal.com/2015/11/28/top-5-cyber-monday-security-threats-and-what-to-do-about-them/#ixzz3snzVP4ZL

#Heartbleed is not gone yet

#Heartbleed is not gone yet

by | Jan 17, 2015 | Security

When the Heartbleed vulnerability made headlines last spring, Internet companies went into a frenzy: Creating patches, moving away from OpenSSL, and warning users to reset their passwords.

But while we haven’t heard much about it lately — and many servers have been updated to avoid it — Heartbleed is still very much a problem.

The problem is that OpenSSL is in everything.

“It’s an infrastructure hack, and it’s deep … it puts into question everything that we use on the Internet,” said Sami Nassar, CEO of secure element chip maker NXP.

He calls Heartbleed the death knell for SSL. While some will argue that SSL became obsolete a long time ago, its use is still pervasive. So what’s scary to Nassar is that though the news cycle around Heartbleed ended long ago, the damages are still ravaging on.

Read more at VB News

More than 1 million credit cards may have been compromised in Staples hack

More than 1 million credit cards may have been compromised in Staples hack

by | Dec 20, 2014 | Security, Technology

Staples says as many as 1.16 million customer credit cards may have been compromised as part of a malware attack on some of its point-of-sale systems earlier this year. Today the company released some of its findings of an investigation into the attacks, saying that malware was found in 113 of its US stores, and may have affected purchases at those locations made between August 10th, 2014 and September 16th, 2014. Staples added that at two stores, the malicious software could have been running unseen for even longer, dating all the way back to late-July.

http://www.appy-geek.com/Web/ArticleWeb.aspx?regionid=3&articleid=33562847

Privacy breaches at Rouge Valley hospital may have affected Ajax-Pickering patients

Privacy breaches at Rouge Valley hospital may have affected Ajax-Pickering patients

by | Dec 18, 2014 | Canada, e-Health, eHealth, EHR, Healthcare, Privacy, Security

Ontario’s privacy commissioner has found the Rouge Valley Health System failed to protect patient health information following a review of two separate privacy breaches, which may have affected patients at both Centenary and Ajax-Pickering hospitals.

http://m.durhamregion.com/news-story/5211578-privacy-breaches-at-rouge-valley-hospital-may-have-affected-ajax-pickering-patients/

How the #Heartbleed bug could affect health care (Breaches have compromised at least 21M patients’ records since 2009)

How the #Heartbleed bug could affect health care (Breaches have compromised at least 21M patients’ records since 2009)

by | Apr 21, 2014 | Canada, Security, Technology, United States

Thousands of security breaches may be undetectable, experts say

Hospitals and providers’ online networks—including email accounts, electronic health records (EHRs), and remote monitoring devices—may be vulnerable to a destructive “Heartbleed” computer bug, according to security experts.

Breaches have compromised at least 21M patients’ records since 2009 

A Google engineer and another security team last week discovered the bug and found that it infiltrates systems through a widely used Web encryption program known as OpenSSL; websites such as Amazon and Google use the program. After a breach, hackers may be able to get sensitive information from email servers, laptops, mobile phones, and security firewalls, experts say.

“[T]his is huge…it’s servers, it’s appliances, it’s devices,” says CynergisTek CEO Mac McMillan, adding that the bug has been around for about two years and experts do not know how many breaches may have already happened. Government agencies and private companies are rushing to fix any vulnerabilities, but breaches may not be detected for a long time, if at all.

“It’s going to be a long, long time before they truly understand the scope of this,” says McMillan.

CEO of CloudFlare Matthew Prince called Heartbleed “the worst bug the Internet has ever seen,” adding “[i]f a week from now we hear criminals spoofed a massive number of accounts of financial institutions, it won’t surprise me.”

At this point, it is also unclear if the nation’s health care providers are especially vulnerable. For example, Web networks that rely on two- or three-factor password authentication should be safe, McMillan says.

But even health groups that do not rely on OpenSSL should be worried about ramifications of the massive breach, according to David Harlow, principal of health care law Harlow Group.

http://www.advisory.com/daily-briefing/2014/04/14/how-the-heartbleed-bug-could-affect-health-care