Data Security vulnerability – Aegify https://www.aegify.com Comprehensive Security, Risk and Compliance Assurance Solution Wed, 03 Aug 2016 00:23:43 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 How Technology Can Hold You Hostage https://www.aegify.com/how-technology-can-hold-you-hostage/ https://www.aegify.com/how-technology-can-hold-you-hostage/#comments Mon, 24 Aug 2015 05:43:00 +0000 https://www.aegify.com/blog/?p=1243 If you have ever been on the Internet or used a computer, you have left data trails of the sites you have visited. Virtually everyone leaves behind a digital footprint and can be traced back to its user. In today’s world of evolving technology, almost every aspect of life is being connected back to the…

The post How Technology Can Hold You Hostage appeared first on Aegify.

]]>
If you have ever been on the Internet or used a computer, you have left data trails of the sites you have visited. Virtually everyone leaves behind a digital footprint and can be traced back to its user. In today’s world of evolving technology, almost every aspect of life is being connected back to the Internet. Our reliance on these technologies is only making our daily lives more available to the public. It is becoming increasingly apparent that a world that is interconnected through data, privacy is becoming harder to achieve.

This problem was made abundantly clear to the users of the Ashley Madison website. According to CNN, the extramarital affair website’s 37.5 million users are under the threat of having their information shared with the world unless they comply with the hacker’s requests. This is an effective way that hackers can hold a user hostage, but instead of ransoming a loved one or prisoner, it is information that is on the line. Ashley Madison users are only an example; for the average person this is an instance that would not influence their daily lives. However, there are countless other activities that an average person takes part in that could be used to harm, for example, driving. The recent experiment where hackers were able to take over the controls of a Jeep while a passenger was driving should be alarming to any of those who commute regularly. Since hackers were able to control the breaks of the vehicle, serious harm could be inflicted to anyone on the road. Since, according to USA Today, 210 million Americans are licensed drivers, this is an issue that affects almost everyone.

It is becoming a reality that now that everything is done online, we leave a digital footprint in almost everything we do, and this data can be used against us. The key is to recognizing that since everything leaves a trace, than we must be careful about what we post and what activities we choose to do online. Security that detects when our personal issues are being accessed is vital to keep privacy a reality. Effective security could prove to be the difference in being able to live your daily life without fear or being held hostage by it.

Live your life without fear.
Let Aegify help you secure your organizations data and reduce overall risk of being held hostage by the very technology that keeps your business running. To learn more about our Security, Risk and Management solutions please click HERE and register for our LIVE webinar led by Aegify CEO Anupam Sahai on Thursday, September 3 from 11:00 AM – 12:00 PM PDT.

The post How Technology Can Hold You Hostage appeared first on Aegify.

]]>
https://www.aegify.com/how-technology-can-hold-you-hostage/feed/ 2
The new GHOST Vulnerability that could affect security of Linux based servers across the globe https://www.aegify.com/new-ghost-vulnerability-in-linux-systems/ https://www.aegify.com/new-ghost-vulnerability-in-linux-systems/#comments Thu, 12 Feb 2015 14:07:34 +0000 http://www.egestalt.com/blog/?p=940 A new found vulnerability known as GHOST (CVE-2015-0235) affects many systems built on Linux starting with glibc-2.2 as well as Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7 and Ubuntu 12.04, and allows attackers to remotely take control of an entire system without having any prior knowledge of system credentials. The…

The post The new GHOST Vulnerability that could affect security of Linux based servers across the globe appeared first on Aegify.

]]>
new found vulnerability known as GHOST (CVE-2015-0235) affects many systems built on Linux starting with glibc-2.2 as well as Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7 and Ubuntu 12.04, and allows attackers to remotely take control of an entire system without having any prior knowledge of system credentials. The vulnerability is termed as GHOST because it lets the attacker take control of the victim’s system remotely by exploiting a buffer overflow bug in glibc’s gethostbyname( ) functions.

The year 2014 discovered three major vulnerabilities – Heartbleed, Shell Shock Hash bug and the Poodle bug. These major vulnerabilities have shaken the edifice of security havens. The Heart bleed bug made it possible for attackers to steal data from a server including the keys to decode any encrypted contents.

Shellshock a more serious bug made it possible for hackers to take control of millions of machines around the world quietly without notice. Another new breed of bug, Poodle, was found in a 15-year-old web encryption technology called SSL 3.0. SSL, which stands for Secure Sockets Layer, a technology that encrypts a user’s browsing session, making it difficult for anyone using the public Wi-Fi to eavesdrop. The Poodle bug makes it possible for hackers to hijack their victim’s browsing session and do things like take over their email, online banking, or social networking account.

This GHOST vulnerability affects almost all major Linux distributions, except a few such as Ubuntu 14.04. Millions of servers on the Internet contain this vulnerability.

As a buffer overflow bug, GHOST affects certain function calls in the Glibc library. The vulnerability allows a remote attacker to execute arbitrary code using these function calls that are used for DNS resolving, a common event. In exploiting this vulnerability, an attacker may trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution. To eliminate the possibility of an exploit, the specific function calls, ‘glibc’ and ‘mscd’ is to be updated on the system using packages released by Linux updates.

Researchers at Veracode discovered that nearly 41% of enterprise applications using GNU C Library employ the Ghost-ridden ‘gethostbyname’ function[1]. Veracode rates this vulnerability as highly ‘Critical’, as 80% of applications like financial transaction applications or application that access sensitive databases uses ‘glibc’ library and which could be victim of GHOST vulnerability. According to Veracode, the code that initiate network connection, log processing and mail or spam filtering can be vulnerable to GHOST as it uses gethostbyname( ); function.initiate network connection, log processing and mail or spam filtering can be vulnerable to GHOST as it uses gethostbyname( ) function.

Veracode found that 72% of applications which is written in C or C++ are potentially vulnerable to GHOST; applications written in Java, .NET, and PHP are also vulnerable to GHOST.

The easiest way to check for this vulnerability is to run the Aegify scanner on Linux hosted servers within the organization and in its external IT infrastructure. Patches are now available for resolving this vulnerability.

Aegify suite of tools – security, compliance and risk management provide a rich set of solutions for identifying vulnerabilities that continuously emerge and threaten businesses and individuals ensuring that such risks are properly identified and addressed, and all the while remaining compliant to various regulatory requirements.

Aegify Security Posture Management, an innovative and completely cloud-based automated and integrated security monitoring and compliance assessment tool helps enterprises to take away the complexity of maintaining a secure posture and ensuring compliance. This tool simplifies the protection of their physical and virtual environment and IT infrastructure from security breaches by cyber attackers while also meeting regulatory requirements. Equipped with distinct features such as continuous security monitoring, vulnerability management engine, physical and virtual network scans, interoperability, re-mediation and multi-layered vulnerability analysis, Aegify’s security solutions provides a complete end-to-end and comprehensive solution to identify security gaps and help enterprises apply related patches or use virtual patching.

 

The post The new GHOST Vulnerability that could affect security of Linux based servers across the globe appeared first on Aegify.

]]>
https://www.aegify.com/new-ghost-vulnerability-in-linux-systems/feed/ 2
Are You Falling Prey to Random Security Attacks? https://www.aegify.com/are-you-falling-prey-to-random-security-attacks/ https://www.aegify.com/are-you-falling-prey-to-random-security-attacks/#respond Mon, 26 Mar 2012 06:08:40 +0000 http://www.egestalt.com/blog/?p=302 You may be wondering what caused a security breach, or how it actually occurred, and also be  totally unaware that you were not even targeted, but you merely fell prey to a random attack- At least, that’s what a recent report by Verizon indicates: Nearly eight out of ten cyber attacks in 2011 were committed…

The post Are You Falling Prey to Random Security Attacks? appeared first on Aegify.

]]>
You may be wondering what caused a security breach, or how it actually occurred, and also be  totally unaware that you were not even targeted, but you merely fell prey to a random attack- At least, that’s what a recent report by Verizon indicates: Nearly eight out of ten cyber attacks in 2011 were committed against victims of opportunity rather than targeted users.  This was just one of the many findings revealed in the report. Another finding shows that 97% of the time hackers use relatively simple methods in their security attacks.

Consequently, what you may be describing as a highly sophisticated security breach is most often a simple attack technique used by a hacker. However, the report does point out that these attacks become more sophisticated at a later stage after hackers gain initial access to your network or data. Security experts like Marcus Carey (researcher at Rapid7) also agree with this report. He says that there are hardly any credible reports showing a high percentage of advanced attacks. According the Carey organizations don’t necessarily have to be a big target to be attacked.

While on the positive side, this indicates that smaller organizations can protect themselves from security attacks relatively well by simply ensuring that their security fundamentals are taken care of, on the negative side enterprises which have invested on sophisticated security tools may end up failing drastically in meeting some fundamental security requirements.
What are these fundamental requirements?

According to Carey, organizations should focus on:

  • Implementing proper vulnerability management
  • Educating users about these requirements
  • Implementing network-based access control lists

But not all sophisticated security solutions offer these basic capabilities. Very few solutions like eGestalt’s SecureGRC come with the ability to provide end-to-end security and support on an on-going basis. Designed to tackle all possible security situations whether fundamental or advanced, SecureGRC, unlike any other solution, ensures that all your security issues are resolved, and all requirements are taken care of.

The post Are You Falling Prey to Random Security Attacks? appeared first on Aegify.

]]>
https://www.aegify.com/are-you-falling-prey-to-random-security-attacks/feed/ 0
Are Small Healthcare Practices Most Vulnerable? https://www.aegify.com/are-small-healthcare-practices-most-vulnerable/ https://www.aegify.com/are-small-healthcare-practices-most-vulnerable/#respond Mon, 27 Feb 2012 08:31:37 +0000 http://www.egestalt.com/blog/?p=193 Although data breaches are not typical of a certain size or type of organization, small medical practices seem to be at the highest risk of being attacked. A recent survey, conducted by the Ponemon Institute and commissioned by MegaPath, which queried more than 700 IT and administrative personnel in healthcare organizations with less than 250…

The post Are Small Healthcare Practices Most Vulnerable? appeared first on Aegify.

]]>
Although data breaches are not typical of a certain size or type of organization, small medical practices seem to be at the highest risk of being attacked. A recent survey, conducted by the Ponemon Institute and commissioned by MegaPath, which queried more than 700 IT and administrative personnel in healthcare organizations with less than 250 employees, revealed some shocking facts. It was noted that nearly 90% of small healthcare practices in North America have suffered a data breach in the past 12 months.

It was observed that a large percentage of small medical practices still do not consider data security and privacy as one of their top priorities. Only 31% of the respondents said that their management gave importance to issues concerning data security. Another alarming fact is that 70% of the respondents said that their entity does not have the budget to meet compliance, governance, and risk management needs.

While nearly 30% said that data breaches resulted in medical identity thefts, it was seen that in more than one third of the surveyed entities there was no one responsible for patient data protection. Adding to the concern is the fact that 75% of the respondents said that they are allowed to access business and clinical applications through mobile devices like laptops, smartphones and tablet PCs, and that most of them use these devices at work. But only 48% of these entities have policies governing the use of these devices, where as 45% does not do anything to secure these devices. This creates maximum vulnerability, paving the way for more data loss/theft.

What these small practices need is a security solution that can actively protect Patient Health Records while also ensuring that their budget doesn’t take a dig. And that’s what eGestalt’s SecureGRC SB is all about. An innovative security monitoring and compliance management platform designed to meet the requirements of small businesses, SecureGRC SB ensures that Patient Health Records and privacy are well protected. It provides detailed risk analysis with complete security and guidance on all relevant aspects of medical practice, and helps small practices in efficiently and effectively protecting PHI.

The post Are Small Healthcare Practices Most Vulnerable? appeared first on Aegify.

]]>
https://www.aegify.com/are-small-healthcare-practices-most-vulnerable/feed/ 0