now browsing by tag


We now know what Meghan Markle wore on her first date with Prince Harry | #tinder | #pof | romancescams | #scams

_________________________ What does one wear to meet a prince? It’s hard enough to figure out what you’ll wear on a Tinder date over Zoom so we don’t envy the dilemma […] View full post on National Cyber Security

#bumble | #tinder | #pof Know Someone Who Is Building The Next Instagram Or Spotify? Nominate Them — Or Yourself! – For The Next Forbes 30 Under 30 | romancescams | #scams

In the 10 years since we published the first Forbes 30 Under 30 list, the world has changed dramatically, but one thing has not: our history of spotting young innovators […] View full post on National Cyber Security

#cyberbullying | #cyberbully | Maharashtra Board SSC 10th Result 2020 to be Declared Tomorrow? Know Confirmed Date And Time | #parenting | #parenting | #kids

Maharashtra Board SSC 10th Result 2020: The Maharashtra State Board of Secondary and Higher Secondary Education (MSBSHSE) is expected to declare the SSC 10th Result 2020 on Monday. Though an official confirmation regarding the same is awaited, speculations are rife that the board will release the SSC 10th results on July 27 on the official […] View full post on National Cyber Security

THE ABC’S OF THE S.I.U.: What Providers Need To Know | Fox Rothschild LLP | #employeefraud | #recruitment | #corporatesecurity | #businesssecurity | #

Medical record requests by payors are commonplace for health care providers. Typically, these requests are received by a front desk employee who responds to the inquiry in short order.  Yet, not all requests should be treated the same.  When a request for documentation is propounded by the “Special Investigation Unit” (S.I.U.)  of an insurance company, special care should be exercised and provider involvement is required.

What is a S.I.U. anyway?  Over the past two decades, campaigns have intensified to curb fraud and abuse in health care.  On the government side, False Claims prosecutions have markedly increased and in the private sector, insurance companies have created specific departments to combat fraud.  The S.I.U. is a department within an insurance company with a targeted focus on recovering payments from medical providers that appear to be the product of fraud.  Individuals employed by a S.I.U. include former law enforcement personnel, claims adjusters and fraud analysts, among others, who receive specific training and credentialing in fraud detection.  These investigators utilize data analytics and other methods to flag providers for claims that fall outside of the “normal range” for the type of health care provider under review.

S.I.U. “audits” or requests for information about the practice should be taken seriously and taken to the top of your organization.   In many cases, special investigators receive incentives from the insurance company for recovering payments from providers.  They often attempt to “strong arm” a resolution by threatening a fraud claim, which in a number of states includes the prospect of treble (triple) damages, punitive damages, and attorneys’ fees.  In some cases, medical records produced by the provider (or the absence thereof) will assist the fraud allegation.  In others, the records will assist in supporting a defense to the same.

Here are 5 tips for your practice:

  1. Instruct  staff that all audit requests should be forwarded to the owner of the practice and the provider whose records are being requested.
  2. If the audit is deemed routine (not S.I.U. generated), instruct staff to make a copy of the records requested and the cover letter that attaches the records so that you can memorialize exactly what was provided and when.
  3. If you receive a letter from the S.I.U., reach out to an attorney who has experience in dealing with the S.I.U. to assist you through the process.
  4. If an investigator from the S.I.U. appears at your office, ask for a business card and do not let him/her disrupt patient care.  You can call them later (or your attorney can).
  5. Do not provide access to your electronic records or files to anyone — including anyone employed by a payor.

[View source.]

Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

View full post on National Cyber Security

#cyberfraud | #cybercriminals | What You Need to Know

Source: National Cyber Security – Produced By Gregory Evans Guest Contribution by Harold Kilpatrick, PR Consultancy A recent study showed that 66% of consumers had made an online purchase as a result of marketing campaigns. But most don’t even need research to know how useful email marketing can be. Between extensive reach, low cost, and […] View full post on

#deepweb | A Guide to Everything You Need to Know About Dark Data

Source: National Cyber Security – Produced By Gregory Evans We are living in a world where data is a currency, offering businesses leverage in the market. Hence data ought to be treated as a resource that needs to be exploited to the maximum potential. Normally, companies make use of structured data to collect information. However, […] View full post on

#cybersecurity | #hackerspace | Will Your WAF Know When You Are Compromised?

Source: National Cyber Security – Produced By Gregory Evans

In my last blog post “The Existential Crisis of a WAF,” I talked through the consequences of an attack getting through either by a rule not matching, a device misconfiguration, or traffic obfuscation. The latter includes the inability to decrypt and parse the traffic, which was the case with the Equifax breach. I also discussed Trusted Execution™, a new technology that provides huge value over the rule-based network security devices, including:

  1. Protection against Zero-Day attacks
  2. No False Positives = No Tuning and No Learning
  3. Visibility of the full “Kill-Chain”
  4. Blocking action at any phase of the Kill-Chain
  5. Very low Total Cost of Ownership

In this second installment, I thought I would explore the true cost in man-hours of a rule-based network security device, such as the WAF, NG Firewall, IDS/IPS. I am not going to put a number to the below scenario, but instead I want you to think about what the real cost is to you and your organization.

Good Guy Defensive Hacker Training

But first, I want to take a stroll down Memory Lane (no overflows, please…). When I was a young buck in the Air Force, I became an expert at the various IDS and firewall devices that were deployed at the time. One of the firewalls I was managing had several protocol “proxies,” including HTTP that made it capable of understanding the upper layers of the OSI stack web traffic and enforcing a negative security model for that protocol. In this sense, you can say that this firewall was the predecessor to the WAF. This firewall protected the base’s web page, and several employee portals, which was cutting-edge at the time. Every day I would come in and sift through the firewall logs to make sure no big red flags were present. I thought I was so cool, being the only one on base to be able to read the mountains of log entries.

That all changed when I was selected to go to a DOD Unix Security Course, where I was first introduced to the Buffer Overflow exploitations in the Unix finger and sendmail services, which were the exploitations that allowed the famed Morris Worm to be so successful in 1988 (

I learned how to think like a hacker: carefully performing target selection, reconnaissance, enumeration, exploitation, and finally ways to cover my tracks. I also learned methods to meticulously lock down the system in order to defend against hacking. To conclude the course, everyone in our training competed in a “Capture the Flag” exercise, which was both exhilarating and enlightening. In the end, I was completely pumped about cybersecurity. Who knew learning hacking techniques would open up new possibilities and turn my professional world upside down?! Sure, in the past I dabbled in hacking, but that was more with services like SMTP and FTP, and rudimentary password cracking. Slackware Linux was just gaining popularity as a free Unix-ish Operating System you can use for hacking, so serious hacking was restricted to licensed Unix and Solaris systems, which was cost prohibitive to the novice.

As Awareness Increases, a Scarier Reality Emerges

Knowing more also had its challenges. When I got back into my daily job reviewing firewall logs, I started to ask the tough “What If” questions: What if I messed up the firewall and exposed us? What if an attack got through? What if there is a hacker in our systems RIGHT NOW??? I could get court-martialed for incompetence! Shortly after my Unix Security training, the Air Force decided to classify all Information Systems as Weapon Systems. This meant that now we had to perform an extensive security audit, classification, and readiness accreditation of every IT system on base. I had to draft the contingency plans to cover the possibility of a compromised system. That led to an extremely important question – perhaps the most important question a security guy can ask:

“If we were compromised, how would I know?”

How Do You Know If Your Network Is Compromised?

Fast-forward to today, and guess what? That question is still a very valid one – How do you know if you are compromised? If you manage ANY security product, the one fact you have to accept is that you don’t know what you don’t know. Meaning, if an attack is not recognized by your security device for any of the reasons mentioned at the beginning of this post, can you prove that you were (or weren’t) compromised?

Consider this scenario: If I create a script to scan for all 34 documented CVEs that are related to Nginx web server (assuming each of them can be tested from the network), and I slip in one or two Zero-Day tests that actually get through (Yay Me!), for a single IP address targeted, what count of WAF alerts will you have? IDS alerts? Firewall alerts?

Thankfully, you may have a SIEM that gives you a grand total of 153 alerts (a completely arbitrary number) for the total count of devices in the path, including that shiny new RASP you just installed on the targeted server. Now what? What is the contingency plan to make sure every security device did its job and blocked the 34 attacks? Or is it 36? Or is it 100? Do you really know???

It just so happens that attack number 35 was a file-less buffer-overflow that was not yet released to the public, and I now own the box with at least the privileges of the Nginx process. (Inquire about our Nginx Attack Demo.) I am now “living off the land” until I am discovered. This period is called Dwell Time, and the clock is ticking until I am discovered, so I have to work fast to secure the beachhead and cover my tracks. I am thinking to myself that I generated enough “noise” with the other attacks, I am keeping you (the Security Administrator) busy trying to figure out what just happened. Chances are good you won’t find out I’m in your network for awhile.

Choose Between Blind Action or No Action?

So, now what? What is your course of action if you think an attack may have happened but you’re not sure? Without the sufficient evidence that the breach attempt was successful, can you request that the server be quarantined? How long will it take to sift through all the alerts and document the attack to give enough compelling evidence to justify disrupting business? Can the server just be replaced with a known-good image? What is the real cost of reacting to an attack? Or of not reacting? AND will you always react this way EVERY SINGLE TIME you see a flutter of alerts coming from an opportunistic web scanner?

20/20 Virsec Vision

I now have to ask another “What If” question: What if you had a tool in your toolbox that showed exactly what did, or did not happen to that Nginx web server? What if you could open up the Virsec UI and see that an attack got through the network, but Virsec did its job and killed the offensive spawned process? Virsec’s Trusted Execution technology detected the buffer overflow, saw the Nginx process jump from an authorized memory location to an unauthorized memory location, then triggered a Micro-Protection action that killed the offending Process ID, returning the application to smooth operation. No guesswork, no forensics, no quarantining, just a copasetic server humming along, serving out its share of inconvenienced electrons in the form of web pages.

Virsec In Action

In the example below, the Virsec system is in monitoring mode so we can see the entire Kill Chain of the attack. Starting from the bottom line, working up, it starts with a Buffer Overflow , where the system detects a jump to a memory location that is not intended by the application. We then see hostname executed, following by a wget that creates a file, modifies it, then deletes it.

Usually Buffer Overflow attacks are extremely hard to detect with conventional security products, but Virsec would have killed the offending process at the first alert, thereby stopping attackers in their tracks.

The result? You cut costs in the form of staff-hours, prove value in defending the network, and safeguard your customer’s data from being stolen. You become the hero and they place a bronze statue of you down in the lobby. Your next stop? CISO!

I hope you enjoyed this post, and for those of you who are maintaining industry certifications, don’t forget to put in for your CPEs when you read any of our blog posts. Cheers!

Further resources:

The Existential Crisis of a WAF

Making Applications Truly Self Defending: Nine Ways That Virsec Fills Gaps in RASP Security to Deliver Full Stack Application Security Self Defense


The post Will Your WAF Know When You Are Compromised? appeared first on Virsec Systems.

*** This is a Security Bloggers Network syndicated blog from Blog – Virsec Systems authored by Mark Pelkoski. Read the original post at:

Source link

The post #cybersecurity | #hackerspace |<p> Will Your WAF Know When You Are Compromised? <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #infosec | What you Need to Know

Source: National Cyber Security – Produced By Gregory Evans

What is BlueKeep?

BlueKeep is the name that has been given to a security vulnerability that was discovered earlier this year in some versions of Microsoft Windows’ implementation of the Remote Desktop Protocol (RDP).

The vulnerability was described as “wormable” by Microsoft, and users were warned that BlueKeep might be exploited in a similar fashion to how the WannaCry ransomware used the Eternal Blue vulnerability to spread widely in 2017.

Warnings about the BlueKeep vulnerability have been issued by the UK’s National Cyber Security Centre (NCSC) and United States’s National Security Agency (NSA), as well as equivalent agencies in Germany and Australia, as well as Microsoft itself.

Microsoft considered the threat posed by BlueKeep to be so serious that the software giant took the unusual step of releasing patches for no-longer supported versions of Windows such as Windows Server 2003, Windows Vista, and Windows XP.

Sounds serious. Which other operating systems are vulnerable?

The RDP functionality on Windows 7 and Windows Server 2008 (both reaching the end of their support life-cycle) is also vulnerable, and should be patched as a matter of urgency.

But didn’t this all happen a while ago?

Yes, the patches from Microsoft came out in May, and although some IT teams acted fast to secure their critical Windows systems, hundreds of thousands of other internet-connected computers remain unpatched to this day.

So what have bad guys been doing with the BlueKeep vulnerability?

For some months it seemed not much was happening. But recently an attack was seen in the wild which attempted to install cryptomining software onto RDP servers that had not been patched, and had exposed port 3389 to the internet.

You said “attempted”…

Yes, the attack – first spotted by security researcher Kevin Beaumont – caused systems to crash with the infamous “blue screen of death.”

According to a ZDNet report, the reason why the attack failed was because of an incompatibility between the exploit code and a patch Microsoft had previously issued for the Intel CPU vulnerability known as Meltdown.

So, having vulnerable computers crash is bad but better than having them compromised by malicious code, right?

Right. If a computer crashes it might alert you that something’s wrong, and is certainly better than an attacker silently installing unauthorised code.

But it is widely expected that a revised version of the BlueKeep exploitation code will be issued this week which will NOT caused Meltdown-patched computers to crash.

So what should we do?

  • Patch your vulnerable computers now, with the fixes Microsoft issued earlier this year.
  • Block port 3389 used by the RDP protocol at your firewalls, especially if they are exposed to the internet.
  • Disable remote desktop services if they are not required.
  • Enable Network Level Authentication (NLA) to control who connects to your systems, and protect your network from unauthorised users and software.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Source link

The post #cybersecurity | #infosec | What you Need to Know appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Do You Know How To Protect Yourself Against Phishing Emails? – University Times

Source: National Cyber Security – Produced By Gregory Evans Close Illustration by Lauren Dahncke Illustration by Lauren Dahncke Illustration by Lauren Dahncke National Cybersecurity Awareness month recently came to an end, but phishing emails never seem to.  According to Cal State LA’s Information Technology Security, phishing emails are sent to the recipient with the purpose […] View full post on