Sales: 833-641-1814 - Service: 585-582-1600

Comment

Why Patients Deserve an Electronic Paper Trail

According to a statement issued by Albany, N.Y.-based St. Peter’s Surgery & Endoscopy Center on Jan. 8, 2018, an unauthorized third party possibly gained access to approximately 135,000 patient records at their facility.  

Why Patients Deserve an Electronic Paper Trail.png

The key words here are “unauthorized” and “possibly,” meaning that St. Peter’s knows by the presence of malware on their server that someone with access may have knowingly or unknowingly allowed malware to be loaded through vectors of infection including web, email and/or a USB drive. The vector of infection also could have been via network worm or remote access if it was not secure.  It is disquieting because there has been no traceable activity in regards to the patient’s electronic files: it can’t be proved one way or another.

As frightening as this potential breach of patient’s records is to St. Peters and patients, it does provide an opportunity to bring up some preventative strategies to improve the health of your IT network.  

As a managed IT services provider specializing in HIPAA security, and a member of both the New York State Association of Ambulatory and Surgery Centers (NYSAASC) and the national Ambulatory and Surgery Center Association (ASCA), SkyPort IT regularly educates our clients about cybersecurity services and tools that should be utilized to help prevent and/or document breaches and basic procedures that allow you to build an electronic paper trail of every activity involving electronic protected health information (PHI) in your IT environment.

Who Has Your Back?

Because SkyPort IT specializes in HIPAA compliance for healthcare IT, policies and procedures for electronic records and information systems, we advocate for security on every layer and level of your information network.

In the case of St. Peter’s recent malware discovery, our breach management system would identify exactly what had happened and there would be no ambiguity related to where the files were or who had them because we track every file being accessed in the network.  We set up alerts so that if access to a file had occurred we could quickly track specifically who in the organization had touched these files, and the path they had taken. It can block operations with files to prevent critical data from leaving the environment.

More importantly, our healthcare cybersecurity services extend to ensuring that we prevent malware from making its way to your server, to begin with. As important as the software tools and services that we utilize to keep organizations like yours stay safe, are the HIPAA compliance policies and procedures we put in place for data protection.

Physical security for your server is especially important. All servers should be physically and remotely secure with limited access. If you have an IT person on staff, which many small to medium-sized businesses do not, you must have a policy and procedure in place to limit access to the organizations’ server.

Patient records are a gold mine.

There are a number of ways a worm or malware can infect or enter your IT network. While it is important for all employees to be educated about general good practices regarding their use of the internet and your internal network, it is critical that the employees most active on the network – such as your IT staff - are being vigilant.

The server is not a personal workstation and should only be used for appropriate work such as maintenance. Your IT staff, IT provider, or anyone with administrative access rights to the server, should never be engaged in these activities which are all vectors for intrusion:

  • Browsing the web

  • Looking at emails

  • Opening files off a thumb drive

  • Plugging in a cell phone

Recognizing that the server at a healthcare or medical organization holds information that is a gold mine for hackers is the first step in protecting your patient’s data, your business, and your reputation.  Advice and useful materials for cloud computing security and healthcare IT can be found here: https://www.skyport-it.com/useful-materials-just-for-you.

 

 





 

Comment

Comment

Another Docusign Phishing Scam - Do not be fooled!

Think before you click.

DocuSign Phishing.png
  • Was I expecting a document to sign?

  • Does it look off for some reason?

    • Hover over (do not click) buttons and links.

      • Link on button “Please sign here” goes to “http://playcoremusic...”

      • Odd looking email Doçusign “<dse_na2@docu-boxsign.net>” plus an email that was spoofed “user@mailcenter.docusign.com

      • “Download the Docusign App” is not a link to anywhere.

  • Under the hood? - If you go to File, then properties in Outlook you would find the real source of the email has nothing to do with Docusign Users or their mail servers.

If you are in doubt, throw it out!

Safe Regards,

Dan

Comment

Comment

Wi-Fi KRACKED?

On October 16, 2017 the U.S. Department of Homeland Security announced the news of the KRACK (‘key reinstallation attack’) flaw in the protocol which was designed to secure all modern protected Wi-Fi networks.  

Comment

Comment

SkyPort IT Nominates National Alliance on Mental Illness (NAMI) for M&T Business Challenge

Comment

      You already know that a whopping 143 million Equifax records were compromised. The difference with this one is that a big-three credit bureau like Equifax tracks so much personal and sometimes confidential information like social security numbers, full names, addresses, birth dates, and even drivers licenses and credit card numbers for some.  It can be the difference between being able to buy a house or sometimes even get a job or not. This breach and the way they handled it, including the announcement, was what Brian Krebs rightfully called a dumpster fire.  The problem is that with this much personal information in the hands of the bad guys, highly targeted spear phishing attacks can be expected, and a variety of other related crime like full-on identity theft on a much larger scale.  These records are first going to be sold on the dark web to organized crime for premium prices, for immediate exploitation, sometimes by local gangs on the street. Shame on Equifax for this epic fail. They will be sued for billions of dollars for this web-app vulnerability.  So this Scam of the Week covers what is inevitable in the near future, we have not seen actual Equifax phishing attacks at this point yet, but you can expect them in the coming days and weeks because the bad guys are going to take their most efficient way to leverage this data... email.  I suggest you send the following to your employees, friends, and family. You're welcome to copy, paste, and/or edit:   "Cyber criminals have stolen 143 million credit records in the recent hacking scandal at big-three credit bureau Equifax. At this point you have to assume that the bad guys have highly personal information that they can use to trick you. You need to watch out for the following things:      Phishing emails that claim to be from Equifax where you can check if your data was compromised         Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information         Calls from scammers that claim they are from your bank or credit union         Fraudulent charges on any credit card because your identity was stolen     Here are 5 things you can do to prevent identity theft:      First sign up for credit monitoring (there are many companies providing that service including Equifax but we cannot recommend that)         Next freeze your credit files at the three major credit bureaus Equifax, Experian and TransUnion. Remember that generally it is not possible to sign up for credit monitoring services after a freeze is in place. Advice for how to file a freeze is available here on a state-by-state basis:  http://consumersunion.org/research/security-freeze/          Check your credit reports via the free annualcreditreport.com         Check your bank and credit card statements for any unauthorized activity         If you believe you may have been the victim of identity theft, here is a site where you can learn more about how to protect yourself:  www.idtheftcenter.org . You can also call the center’s toll-free number (888-400-5530) for advice on how to resolve identify-theft issues. All of the center’s services are free.     And as always, Think Before You Click!    It's only early days in this hack, there will be a lot more information coming out in the days ahead. We will keep you updated when more news is available.  

Comment

Scam of the Week: Equifax Phishing

You already know that a whopping 143 million Equifax records were compromised. The difference with this one is that a big-three credit bureau like Equifax tracks so much personal and sometimes confidential information like social security numbers, full names, addresses, birth dates, and even drivers licenses and credit card numbers for some.

Comment

      [ALERT] The IRS Issued An Urgent Warning Against An IRS / FBI-Themed Ransomware Phishing Attack  WASHINGTON, August 28, 2017 — The Internal Revenue Service warned people to avoid a new phishing scheme that impersonates the IRS and the FBI as part of a ransomware scam to take computer data hostage.  The IRS said: "The scam email uses the emblems of both the IRS and the Federal Bureau of Investigation. It tries to entice users to select a “here” link to download a fake FBI questionnaire. Instead, the link downloads a certain type of malware called ransomware that prevents users from accessing data stored on their device unless they pay money to the scammers."  “This is a new twist on an old scheme,” said IRS Commissioner John Koskinen. “People should stay vigilant against email scams that try to impersonate the IRS and other agencies that try to lure you into clicking a link or opening an attachment. People with a tax issue won’t get their first contact from the IRS with a threatening email or phone call."   I suggest you send employees, friends and family an email about this ransomware attack, you're welcome to copy/paste/edit:      "Heads-up! The IRS is warning against a new phishing scam that tries to make you download an FBI questionnaire. But if you click the link, your computer will be infected with ransomware instead. The scam email uses the emblems of both the IRS and the Federal Bureau of Investigation.  Remember that the IRS does not use email, text messages or social media to discuss personal tax issues, such as those involving bills or refunds. THINK BEFORE YOU CLICK!     The IRS stated: "Victims should not pay a ransom. Paying it further encourages the criminals, and frequently the scammers won’t provide the decryption key even after a ransom is paid. Victims should immediately report any ransomware attempt or attack to the FBI at the Internet Crime Complaint Center,  www.IC3.gov . Forward any IRS-themed scams to  phishing@irs.gov ."  Here is the official IRS Newsroom post:  https://www.irs.gov/uac/newsroom/irs-issues-urgent-warning-to-beware-irs-fbi-themed-ransomware-scam

Comment

WASHINGTON, August 28, 2017 — The Internal Revenue Service warned people to avoid a new phishing scheme that impersonates the IRS and the FBI as part of a ransomware scam to take computer data hostage.

Comment

      EXECUTIVE BRIEF: WHY ADVANCED THREATS DEMAND ADVANCED EMAIL SECURITY   Email usage continues to increase    Regardless of the proliferation of text and social media, email communication is still growing strong. According to a recent study by the Radicati Group, the total volume of worldwide emails sent and received reached 205 billion per day, with this volume projected to increase by at least 5% every year. And, this fact is not lost upon hackers, who are constantly seeking opportunities to exploit organizations. ( The Radicati Group, Inc.,   Email Statistics Report, 2015-2019  )  Anatomy of an email attack:  • A CFO gets an email from the CEO authorizing an emergency fund transfer. But the email is actually from a cybercriminal.  • An employee with administrative rights to key systems receives an urgent email from IT to update their network password. They actually disclose their password to cybercriminals.  • An employee receives an email to read an important attachment about their benefits provider. When they open the attachment, they unknowingly activate hidden Trojan malware.   E-mail threats organizations face today    Emails offer hackers a vehicle to deliver a variety of vulnerabilities to an organization. Some of the more common email-borne threats include:  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Malware  – email is one of the top delivery mechanisms to distribute known &amp; unknown malware, which are typically embedded into email attachments in hopes that the attachment will be opened or downloaded onto a computer or network, thereby allowing hackers to gain access to resources, steal data, or crash systems.  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Ransomware  – one particularly nefarious malware variant is ransomware. Once the email attachment is activated, the code embeds itself on a network and ransomware typically encrypts or locks critical files and systems. The hackers then coerce the organization to pay an extortion fee in order to have the files or systems un-encrypted or unlocked.  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Phishing  – this common hacker tactic utilizes emails with embedded links to hacker sites. When gullible users visit these sites, they’re prompted to enter PII (Personably Identifiable Information) that is in turn used to steal identities, compromise corporate data, or access other critical systems.  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Spear Phishing / Whaling  – in this variant of phishing, key IT/networking individuals or company execs are targeted using malware-laced emails appearing to come from a trusted source, in efforts to gain access to internal systems &amp; data.  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Business Email Compromise / CEO Fraud / Impostor email  – Over the past two years, Business Email Compromise (BEC) schemes have caused at least $3.1 billion in total losses to approximately 22,000 enterprises around the world, according to the latest figures from the FBI1. The FBI defines Business Email Compromise as a sophisticated email scam that targets businesses working with foreign partners that regularly perform wire transfer payments.  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Spam  – emails are used to deliver spam or unsolicited messages, which can clog inboxes and network resources, diminish businesses productivity, and increase operational costs.  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  Outbound Email Hijacking  – corporations are also subject to corporate policies and government regulations, which hold businesses accountable for their outgoing emails and ensuring they protect their customer’s PII. Zombie attacks and IP hi-jacking can disseminate customer PII, ruining the reputation of a business.   Conclusion    Emails communications are essential to organizations today, something hackers are keenly aware of. Given today’s complex, mature threats, it’s tantamount that organizations deploy a multi-layered security solution that includes dedicated, leading-edge, email protection. To effectively combat today’s emerging threats, organizations are well-advised to implement a next-generation email security management solution that provides fundamental email protection. To learn more about ways to protect your organization’s emails.  &nbsp;What your next-gen multi-layered security needs to stop advanced threats.   &nbsp;&nbsp;(  www.ic3.gov/media/2016/160614.aspx  )   About SkyPort IT, Inc   SkyPort IT promises a relentless focus on data security and regulatory compliance so our clients can focus on their business by using best practices and best-in-class technology to proactively design, deploy, and protect clients’ IT infrastructure and data. Why Managed Security Services? Visit: www.skyport-it.com for the answer or for a free consult call us at 585-582-1600 or email SecureMe@skyport-it.com

Comment

In today’s hyper-connected world, email-based communications are not just commonplace – they have become a fundamental cornerstone for effectively conducting business, with the total volume of worldwide emails sent per day projected to increase by at least 5% every year. Given the ubiquitous nature of email communications, emails are and will continue to be a popular vector for a variety of threats.

Comment

      NotPetya Is a Cyber Weapon, Not Ransomware  Yesterday morning, after monitoring this new outbreak for 24 hours, I came to the conclusion we were dealing with cyber warfare, and not ransomware. Two separate reports coming from Comae Technologies and Kaspersky Lab experts confirm this now.  NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past.  Note that Shamoon actually deleted files, NotPetya goes about it slightly different, it does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same.  Someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. Guess who.  You never had a chance to recover your files.&nbsp;There are several technical indicators that NotPetya was only made to look as ransomware as a smoke screen:  It never bothers to generate a valid infection ID The Master File Table gets overwritten and is not recoverable The author of the original Petya also made it clear NotPetya was not his work This has actually happened earlier. Foreshadowing the NotPetya attack, the author of the AES-NI ransomware said in May he did not create the XData ransomware, which was also used in targeted attacks against Ukraine. Furthermore, both XData and NotPetya used the same distribution vector, the update servers of a Ukrainian accounting software maker.  Catalin Cimpanu, the Security News Editor for Bleepingcomputer stated: "The consensus on NotPetya has shifted dramatically in the past 24 hours, and nobody would be wrong to say that NotPetya is on the same level with Stuxnet and BlackEnergy, two malware families used for political purposes and for their destructive effects. Evidence is clearly mounting that NotPetya is a cyber-weapon and not just some overly-aggressive ransomware."  Cybersecurity has moved from Tech to a CEO and Board-level business issue  You did not sign up for this, but today it is abundantly clear that as an IT pro you are have just found yourself on the front line of 21-st century cyber war.&nbsp;Cybersecurity has moved from Tech to a CEO and Board-level business issue.  I strongly suggest you have another look at your defense-in-depth, and make sure to:   Have weapons-grade backups  Religiously patch  Step users through new-school security awareness training   I would be happy to visit and explain our Managed Security Services, multi-layered protection schema to current and prospective customers.&nbsp;  Think before you click!  Safe Regards,  Dan

Comment

NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past.

Comment

      Scam of the Week: Massive DocuSign Phishing Attacks  DocuSign has admitted they were the victim of a data breach that has led to massive phishing attacks which used exfiltrated DocuSign information. Ouch. So here is your Scam of the Week.  They discovered the data breach when on May 9, 15, and 17 DocuSign, customers were being targeted with phishing campaigns. They now are advising customers to filter or delete any emails with specific subject lines. We do not repeat them here, because this newsletter might be filtered out, but you can see them at the blog, together with screenshots:  https://blog.knowbe4.com/scam-of-the-week-docusign-phishing-attacks   The campaigns all have Word docs as attachments, and use social engineering to trick users into activating Word's macro feature which will download and install malware on the user's workstation. DocuSign warned that it is highly likely there will be more campaigns in the future.  I suggest you send the following to your employees. You're welcome to copy, paste, and/or edit:  "Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you into opening an attached Word file and click to enable editing.  But if you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any DocuSign email. Remember: Think Before You Click."  Safe Regards, Dan

Comment

Scam of the Week: Massive DocuSign Phishing Attacks

DocuSign has admitted they were the victim of a data breach that has led to massive phishing attacks which used exfiltrated DocuSign information. Ouch. So here is your Scam of the Week.

They discovered the data breach when on May 9, 15, and 17 DocuSign, customers were being targeted with phishing campaigns. They now are advising customers to filter or delete any emails with specific subject lines. We do not repeat them here, because this newsletter might be filtered out, but you can see them at the blog, together with screenshots:
https://blog.knowbe4.com/scam-of-the-week-docusign-phishing-attacks

The campaigns all have Word docs as attachments, and use social engineering to trick users into activating Word's macro feature which will download and install malware on the user's workstation. DocuSign warned that it is highly likely there will be more campaigns in the future.

I suggest you send the following to your employees. You're welcome to copy, paste, and/or edit:

"Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you into opening an attached Word file and click to enable editing.

But if you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any DocuSign email. Remember: Think Before You Click."

Safe Regards,
Dan

Comment

      Latest Wannacry Ransomware Information  Hi Folks,  Just watched  https://www.sans.org/webcasts/latest-wannacry-ransomware-105150 .  If you’ve not been keeping up with the Wannacry ransomware, it’s probably worth an hour to view it. &nbsp;The insight on how people were tracking it down and reacting to it could be useful.  I’d give it a 4/5 on topic/interest/content depending on how much you’ve already learned about wannacry.  Safe Regards, Dan

Comment

Latest Wannacry Ransomware Information

Hi Folks,

Just watched https://www.sans.org/webcasts/latest-wannacry-ransomware-105150.

If you’ve not been keeping up with the Wannacry ransomware, it’s probably worth an hour to view it.  The insight on how people were tracking it down and reacting to it could be useful.

I’d give it a 4/5 on topic/interest/content depending on how much you’ve already learned about wannacry.

Safe Regards,
Dan

Comment

      [URGENT ALERT] Defend Against This Ransomware WMD NOW   This is not a drill, or a phishing test.   Yet unknown cyber criminals have taken an NSA 0-day threat and weaponized a ransomware strain so that it replicates like a worm and takes over the whole network.&nbsp;   This is the biggest ransomware outbreak in history.  There is a MS patch that needs to be applied urgently if you have not done that already.&nbsp;  I suggest you immediately look into this and patch your systems before your users come back to work on Monday. Here is a blog post with all the updated detail:   https://blog.knowbe4.com/ransomware-attack-uses-nsa-0-day-exploits-to-go-on-worldwide-rampage   Yes, if you hover, this link is redirected, but you can cut&amp;paste the link to our blog if you are paranoid. (which you should be!)  This is a bad one. Let's stay safe out there.&nbsp;  Safe Regards,  Dan

Comment

[URGENT ALERT] Defend Against This Ransomware WMD NOW

This is not a drill, or a phishing test.

Yet unknown cyber criminals have taken an NSA 0-day threat and weaponized a ransomware strain so that it replicates like a worm and takes over the whole network. 

This is the biggest ransomware outbreak in history. There is a MS patch that needs to be applied urgently if you have not done that already. 

I suggest you immediately look into this and patch your systems before your users come back to work on Monday. Here is a blog post with all the updated detail:

https://blog.knowbe4.com/ransomware-attack-uses-nsa-0-day-exploits-to-go-on-worldwide-rampage

Yes, if you hover, this link is redirected, but you can cut&paste the link to our blog if you are paranoid. (which you should be!)

This is a bad one. Let's stay safe out there. 

Safe Regards,

Dan

Comment

      New York is the first State to enforce regulation laws towards Financial companies specific to Cyber Security. &nbsp;The regulation makes it clear that cybersecurity is not solely a technology or information security team matter. It comprises an enterprise-level approach to managing cyber risk by expressly imposing responsibility for the cybersecurity program on senior management and requiring not only technical controls, but operational controls, policies and procedures, training programs and reporting to senior management and the board.  Many pieces of this regulations are expected to be adopted by the end of this summer.  Here is a great article on this topic.   http://ahearnelaw.com/revised-newyork-cybersecurity-rules-for-financial-companies-start-march-1-2017/   From NYS DFS:  http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf   Also check with your associations to see if they have developed templates for your industry for policies and procedures.  As part of our managed services we help in the development of proper policies and procedures. This is the first step in compliance. However, few organizations have proper ones in place. Our years of experience in HIPAA and PCI-DSS make this a no-brainer. It is like running a business without a business plan, bad things can happen.  Safe Regards,| Dan  P.S. – You may find (and request) useful information here on our site:  https://www.skyport-it.com/useful-materials-just-for-you

Comment

New York is the first State to enforce regulation laws towards Financial companies specific to Cyber Security.  The regulation makes it clear that cybersecurity is not solely a technology or information security team matter. It comprises an enterprise-level approach to managing cyber risk by expressly imposing responsibility for the cybersecurity program on senior management and requiring not only technical controls, but operational controls, policies and procedures, training programs and reporting to senior management and the board.

Many pieces of this regulations are expected to be adopted by the end of this summer.

Here is a great article on this topic.

http://ahearnelaw.com/revised-newyork-cybersecurity-rules-for-financial-companies-start-march-1-2017/

From NYS DFS: http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf

Also check with your associations to see if they have developed templates for your industry for policies and procedures.

As part of our managed services we help in the development of proper policies and procedures. This is the first step in compliance. However, few organizations have proper ones in place. Our years of experience in HIPAA and PCI-DSS make this a no-brainer. It is like running a business without a business plan, bad things can happen.

Safe Regards,|
Dan

P.S. – You may find (and request) useful information here on our site: https://www.skyport-it.com/useful-materials-just-for-you

Comment

      Hey: Don’t Click That Weird Google Docs Link You Just Got (and Tell Your Mom Not to Click, Either)  A very convincing Google Docs phishing scheme is racing around the internet right now, which means you should avoid clicking any weird Google Docs that have been emailed to you recently — even if it’s from someone you know. It’s spreading incredibly quickly:  Safe Regards, Dan

Comment

Hey: Don’t Click That Weird Google Docs Link You Just Got (and Tell Your Mom Not to Click, Either)

Comment

      VMware Releases Security Advisories for Various Critical Vulnerabilities in vCenter, Workstation, and more  Description: VMware has releases two security advisories addressing eight vulnerabilities across vCenter Server, Unified Access Gateway, Horizon View, and Workstation. The first advisory details CVE-2017-5641, a remote code execution flaw in vCenter Server manifesting via BlazeDS. The second advisory addresses a vulnerability in Unified Access Gateway and Horizon View that could allow an attacker to execute code on the security gateway. The second advisory also addresses various flaws in Cortado ThinPrint that could allow a guest to execute code or perform a denial of service attack on the host operating system. VMware has released software updates that address these vulnerabilities. Reference: -  http://www.vmware.com/security/advisories/VMSA-2017-0007.html  -  http://www.vmware.com/security/advisories/VMSA-2017-0008.html  Snort SID: Detection pending release of vulnerability information

Comment

VMware Releases Security Advisories for Various Critical Vulnerabilities in vCenter, Workstation, and more

VMware has releases two security advisories addressing eight vulnerabilities across vCenter Server, Unified Access Gateway, Horizon View, and Workstation.

Comment

      Overlooking risks leads to breach, $400,000 settlement  The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on the lack of a security management process to safeguard electronic protected health information (ePHI). Metro Community Provider Network (MCPN), a federally-qualified health center (FQHC), has agreed to settle potential noncompliance with the HIPAA Privacy and Security Rules by paying $400,000 and implementing a corrective action plan. With this settlement amount, OCR considered MCPN’s status as a FQHC when balancing the significance of the violation with MCPN’s ability to maintain sufficient financial standing to ensure the provision of ongoing patient care. MCPN provides primary medical care, dental care, pharmacies, social work, and behavioral health care services throughout the greater Denver, Colorado metropolitan area to approximately 43,000 patients per year, a large majority of whom have incomes at or below the poverty level.  On January 27, 2012, MCPN filed a breach report with OCR indicating that a hacker accessed employees' email accounts and obtained 3,200 individuals' ePHI through a phishing incident. OCR’s investigation revealed that MCPN took necessary corrective action related to the phishing incident; however, the investigation also revealed that MCPN failed to conduct a risk analysis until mid-February 2012. Prior to the breach incident, MCPN had not conducted a risk analysis to assess the risks and vulnerabilities in its ePHI environment, and, consequently, had not implemented any corresponding risk management plans to address the risks and vulnerabilities identified in a risk analysis. When MCPN finally conducted a risk analysis, that risk analysis, as well as all subsequent risk analyses, were insufficient to meet the requirements of the Security Rule.  “Patients seeking health care trust that their providers will safeguard and protect their health information,” said OCR Director Roger Severino. “Compliance with the HIPAA Security Rule helps covered entities meet this important obligation to their patient communities.”  The Resolution Agreement and Corrective Action Plan may be found on the OCR website at  http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/MCPN   OCR’s guidance on the Security Rule may be found at  https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html   To learn more about non-discrimination and health information privacy laws, your civil rights, and privacy rights in health care and human service settings, and to find information on filing a complaint, visit us at  http://www.hhs.gov/hipaa/index.html

Comment

Overlooking risks leads to breach, $400,000 settlement

On January 27, 2012, MCPN filed a breach report with OCR indicating that a hacker accessed employees' email accounts and obtained 3,200 individuals' ePHI through a phishing incident.

Comment

      [ALERT] You Want To Fix This MS-Word 0-day Threat Today  Monday night, researchers at Proofpoint sounded the alarm about a critical 0-day threat known as CVE-2017-0199 in Microsoft Word that allowed booby-trapped Dridex phishing attacks be sent to millions of employees claiming to be a PDF sent to them by their company photocopier.  This one is particularly bad because it bypasses exploit mitigations built into Windows, doesn't require your employee to enable macros, works even against Windows 10 which is Redmond's most secure OS yet, and this exploit works on most or all Windows versions of Word. Ouch!  Campaign Uses Spoofed Email Domains  Dridex used to rely on macro-infected documents attached to emails and use social engineering to trick the user to open the attachment and click the macro button. This time around they were pretty nimble and leveraged a zero-day in Word. Proofpoint's technical analysis said:  "Emails in this campaign used an attached Microsoft Word RTF (Rich Text Format) document. Messages purported to be from "". [device] may be "copier", "documents", "noreply", "no-reply", or "scanner". The subject line in all cases read "Scan Data" and included attachments named "Scan_123456.doc" or "Scan_123456.pdf", where "123456" was replaced with random digits. Note that while this campaign does not rely on sophisticated social engineering, the spoofed email domains and common practice of emailing digitized versions of documents make the lures fairly convincing.   What To Do About It?   1) Patch. Fortunately, on Tuesday Microsoft released its regular batch of security patches - including a fix for this nasty Office zero-day vulnerability CVE-2017-0199. Turns out that this wasn't the only thing needed patching. An elevation of privilege vulnerability in Internet Explorer (CVE-2017-0210) that would allow an attacker to convince a user to visit a compromised website was also fixed.  2) If you cannot patch. Here is a quick and dirty fix to prevent this exploit from working by adding the following to your Windows registry: Software\Microsoft\Office\15.0\Word\Security\FileBlock\RtfFiles to 2 and OpenInProtectedView to 0.&nbsp;  3) Find out if your domain can be spoofed. Did you know that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain? Now they can launch a spear phishing attack on your organization.  If you are a managed services customer we are already helping you. If not go here to see why managed services makes sense.  https://www.skyport-it.com/managed-services/   Safe Regards,  Dan

Comment

[ALERT] You Want To Fix This MS-Word 0-day Threat Today

Monday night, researchers at Proofpoint sounded the alarm about a critical 0-day threat known as CVE-2017-0199 in Microsoft Word that allowed booby-trapped Dridex phishing attacks be sent to millions of employees claiming to be a PDF sent to them by their company photocopier.

Comment

       Five-year prediction: cloud vs. data center   Analysts, tech bloggers and IT managers have been debating the net value of using data centers vs. the public cloud for years now. We’ve seen opinions around business advantages and disadvantages for both, but which will ultimately win the cost war in the future? We went straight to the front lines of IT for answers.  We sat down with Samuel Alt, technical support specialist at Ingram Micro, to get his future forecast. He has extensive, real-world experience with both data centers and the cloud, and his five-year prediction may surprise you.   Everyone's talking about the cloud overtaking data centers. What's your opinion?  The short-term play for many companies is cloud, due to low upfront costs and instant scalability, but I question its long-term sustainability due to cost. As for the landscape five years from now, I actually see a shift back to an energy-efficient, powerful, shrunken form of data centers.   What will hurt the cloud play in the future?  Cost will eventually kill cloud momentum. The cloud appears cost-effective at first, but gets expensive quickly as you scale. Some organizations must store thousands of terabytes—that’s going to be a pain point as the world consumes more data. Cloud bandwidth is expensive. Cloud SQL storage is expensive.  There’s also a lack of control and flexibility in the cloud. I like to see, touch, migrate and own my data. Depending on what you’re using it for, it may be difficult and time-consuming to pull down your data when you want it.  Also, there’s always a bit of paranoia when it comes to someone else hosting your data. You have no idea whether it’s physically residing in Texas, Ohio, China—it could be sitting anywhere.   Why do you think data centers will make a comeback in five years?  I’ll start with my mobile phone analogy—the early consumer wireless phones were huge bricks. Then, they trended toward slimmer models with small screens. Today, they’re massive again, in the form of phablets with big screens, because that’s what consumers wanted all along. Since companies have never stopped wanting control over their data, I think we’ll see a similar return to on-premise data centers, just in a superior, resurrected form.   What will data centers look like in the future?  Smaller, extremely energy-efficient and more powerful. Imagine what people love about the cloud, but in a controllable, on-premise environment. That’s the future of data centers. The ideal scenario is total control over your data, but at a significantly lower cost and without taking up much physical real estate.   What else needs to happen in order to see a shift back to data centers?  Power efficiency is critical. One component that measures this is power usage effectiveness (PUE), which calculates the ratio of total amount of energy used by a data center facility to the energy delivered to computing equipment.  Currently, powering up a data center is expensive, but it won’t always be. Energy-efficient data centers will produce dramatic savings when it comes to power, heating and cooling costs.   What's the tipping point?  The cost of hardware (cooling infrastructure, firewalls, tape drives, etc.) will decrease and the cost of using the cloud will increase. IT managers will balk at the annual cloud spend. Again, pricing will catch up to the cloud as we consume more data.  Going forward, I think that cloud will have a great place in the SMB and small data center market. However, any mid- to large-scale data center will not be willing to change due to a cost perspective.   Can you speak more to the physical size of future data centers?  Data centers will shrink with virtualization. The days of massive racks filled with networking equipment will go away. (Think old IBM mainframes that took up half a building.) Space is money. Real estate is a key reason why companies go to the cloud—with virtualization, that won’t be a factor. Consider how hyperconvergence integrates storage, networking and virtualization all in one box.  In five years, you could run an enterprise from a small closet. In 10 years, from your pocket.

Comment

FIVE-YEAR PREDICTION: CLOUD VS. DATA CENTER

Analysts, tech bloggers and IT managers have been debating the net value of using data centers vs. the public cloud for years now. We’ve seen opinions around business advantages and disadvantages for both, but which will ultimately win the cost war in the future? We went straight to the front lines of IT for answers.

Comment