Security

Capital One Data Breach from My Perspective

Capital One was breached and had 106 million applicants’ information stolen. This breach is one of the largest data breaches to occur. In comparison, the Equifax breach affected 150 million people. Capital One’s breach included 100 million US and 6 million Canadian applicants. These numbers are significant because with the US population estimated at being 330 million people, including minors, this means the breach affects an incredible percentage of US adults.

How did this happen? Capital One has embraced a cloud strategy and uses Amazon’s cloud services. Paige A. Thompson, a 33-year-old, hacked through Capital One’s firewall and was able to steal the applicant data. The stolen data includes applicant information from 2005 to early 2019. The data elements included in the breach include: addresses, dates of birth, self-reported income, social security numbers, bank account numbers, email addresses and more. Fortunately, only 140,000 social security numbers and 80,000 bank account numbers were stolen. This is a very small percentage of the overall breach. Additionally, no credit card numbers or user passwords were stolen. The criminal complaint against Ms. Thompson is, she intended to sell the data on-line. Capital One has stated that it is unlikely the stolen information was disseminated or used for fraud.

What you need to know and do: Because no passwords were stolen, there is no immediate threat of fraudulent bank or credit card transactions. If data was successfully sold on the Dark Web, you can expect an increase in social engineering attacks targeted to individuals and businesses. These attacks will be in the form of SPAM emails, telephone calls, etc. Everyone needs to understand how crafty these criminals are in creating messages that look legitimate.

WARNING: Criminals always take advantage of a crisis. If you receive an email from Capital One advising that you were affected by the breach, it could be a SPAM email. Always verify the link in any email before you click (“Think Before you Click-It”). Even better, don’t click on any links in emails. It is a better practice to go directly to the company’s web site by typing in the URL in a new browser.

Remember: It typically takes more than one thing to go wrong for a company to suffer an IT security incident. For more information on protecting or managing your network, contact Quanexus at www.quanexus.com or call 937-885-7272.

Request your free network assessment today. There is no hassle, or obligation.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security

Dell’s Preinstalled Support Software has a Serious Vulnerability

A new vulnerability affecting Millions of Dell computers has been found.  This issue effects both home and business computers.  Dell’s built-in support tool of Dell SuppoortAssist (all versions) has a vulnerability that allows for rights escalation.  The issue is, a user who is are not administrators can exploit this vulnerability and gain administrative rights to the computers.  Once administrative rights are granted, the unauthorized user is now free to see everything on the computer and can also install malware on the system to spy on the user.

The reason users should not have administrative rights to their computers is to prevent unauthorized access or malicious software from being installed.  I have presented on this topic many times.  Even home users should not be using an account with administrative right on their computer.  The only time administrative rights are needed and should be used, is to install new software or perform other administrative tasks on that system.  Another benefit of having non-administrative accounts on a computer, even a home computer, is the ability quickly recover a computer should a user profile become infected or corrupt.

Dell licenses their desktop support tool from PC-Doctor.  SafeBreach Labs identified the vulnerability.  Dell was notified of the issue on April 29, 2019 and PC-Doctor provided an update on May 28th.  Dell is encouraging all their users to update to the new version of Dell SuppoortAssist.   For more on performing the update, go to Dells’ support site and look up   DSA-2019-084.  This has been given CVE Identifier: CVE-2019-12280.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Small Business

Firefox Zero Day Exploit Found

Anyone using Firefox on a Mac, Linux or Windows platform needs to immediate update to the latest version.  This vulnerability appears to allow for remote access and execution on the victim’s system.

The vulnerability was found by: Samuel Groß of Google Project Zero, Coinbase Security.  It has been labeled with an impact of critical.

Description from Firefox’s website: “A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.”  This vulnerability is identified as CVE-2019-11707.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Recent Posts, Small Business

Cyber Insurance

Cyber Insurance is a relatively new form of insurance to protect against cyber threats.  Because this is a new form of insurance, it is important to understand what you are purchasing.  It seems that not many business owners like reading insurance policies (which is understandable).

There is a large court case pending between Zurich International and US food company Mondelez International.  Mondelez International experienced a cyber incident, which allegedly cost them $190 million in losses.  According to Doug Olenick of SC Magazine (scmagazine.com), “Mondelez placed a claim with its insurance provider, Zurich America, based on a clause in its contract that stated it was covered for ‘all risks of physical loss or damage’ to property, including ‘physical loss or damage to electronic data, programs, or software, including loss or damage caused by the malicious introduction of a machine code or instruction.’  Along with any loss or expenses incurred by the company for the period its business was interrupted.”

Doug went on to say that “Zurich eventually declined to make a payment, citing an exception to coverage because NotPetya was a ‘hostile or warlike action’ by a ‘government or sovereign power.’  So, Mondelez countered with a $100 million lawsuit.”  This placed the burden of proof on Zurich.  They must now prove that the incident was a “hostile or warlike action” by a “government or sovereign power,” which is an exception on their cyber-policy.

A few more words of caution when looking at cyber-insurance.  Insurance companies are now requiring their clients to complete questionnaires when applying for coverage.  Like all legal documents, it is critical that these questionnaires be answered to the best of your knowledge.  Many clients are calling us for assistance with completing the questionnaires.  The purpose of the questionnaire is for the insurance company to understand the risk they are insuring against.  From my perspective, because this is a relatively new type of coverage, I’ve not seen any company denied coverage or had a rate significantly change based on the result of the questionnaire.  I have seen language in polices stating that if the information you are attesting to is true and accurate though.  So, if a company provides false information and there is a coverage question, I would not be surprised to see the claim is denied.  This would put the burden of proof on the client to prove that they have the controls in place to protect against the threat.

If you cannot affirmatively answer a question, most questionnaires will have an area for additional information on what your plan is to meet the requirement.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Small Business