I participate in IT professional industry forums, where peers ask questions of other peers. Someone in the forum made a somewhat disjointed post questioning the severity for the recent Meltdown and Spectre security vulnerabilities. I paraphrase his long question: About [...]
Orange County, CA – I just read about a new product announcement, New version of L0phtCrack makes cracking Windows passwords easier than ever. At Alvaka we used to do a hacking demo during a lunch and learn. Rex Frank would usually do the demo by doing a SQL Injection attack and bumping out to the command prompt. From there he would download the SAM (Security Access Manager) file and then use L0phtCrack to decode a password right in front of the eyes of everyone. Nearly everyone was shocked beyond compare. Of course that approach is now a bit dated, but it showed our guests just how vulnerable unpatched and inadequately secured systems can be. From the start of the demo to the revelation of an account password would only take five o
Beware of Jigsaw, the newest ransomware trojan. It does not wait for you to pay a ransom. Within the first 24 hours it deletes files and then accelerates the process exponentially to show you they mean business in the nastiest [...]
Irvine, CA - Juniper had a flaw in their networking equipment that may have allowed breaches in government networks for as long as three years. I would presume the same risk applies to Juniper users in private enterprises as well.The [...]
Tustin, CA - The most interesting part of this BlueCross BlueShield announcement is not that they found the breach on August 5th. What is interesting when you read further into the announcement is that they say “Our investigation further revealed [...]
Over the years we have seen many new clients come to Alvaka Networks feeling like they are hostages to Information Technology. IT Hostages feel this way for many different reasons. Most often the person feeling this way is the CFO, Controller, CEO, COO, IT manager or an IT technician for the most part in that order in terms of frequency.
Why do you feel that way?
Any federal employee or contractor that has been through a background check and whose information may have been compromised in the OPM breach, beware of any emails or phone calls that are claiming to be from the government or others [...]
VISA just released this Security Alert. It affects everyone who uses a Point-of-Sale (POS) terminal to accept credit card payments. If you use that small device by your register to slide cards in order to accept payment you may be at risk.
VISA has identified malicious code that can allow hackers to gain access to the credit card information you are receiving through these POS terminals. Some of the service providers who maintain these devices are not following good security practices and
These are some serious allegations. Read the whole story for the chilling insight and alleged incompetency. Here are some choice quotes:
"From my perspective, OPM compromised this information more than three years ago," he added. "And my take on the current breach is 'so what's new?'"
In fact, the breach was unprecedented in its breadth and scope: "Security-wise, this may be the worst breach of personally identifying information ever,"
I was recently asked to be part of a webinar moderated by Elliott Markowitz, The VAR Guy. Elliott wanted me to share my thoughts on the top threats facing small to mid-size businesses. My answer is not scientifically derived, but based upon what I am seeing most often in the past two years of IT and security management in my world. I am seeing the top threats from these five areas:
1. Ransomware – Organized crime groups that encrypt all your important files and hold your data hostage until you pay....