About Geeks-r-Us, Inc.

About Geeks-r-Us, Inc.

The principals of Geeks-r-Us, Inc. are celebrating their 30th year in the computing industry in SW Florida... More »

Our Clients

Our Clients

We value our clients, and enjoy working with the premier legal, non-profit, and service sector organizations in the southeastern United States. More »

 

Category Archives: Blog

Is it Bad When Security Companies Leak Data? You Betcha…

This morning being The Dawning of the Age of GDPR (the European Union’s new regulations regarding privacy and data retention by businesses) I was glad to get an early start into all of the emails requiring my assent for them to keep sending me “stuff”, (I hope that about 80% take me off their email lists, but that’s another for another post).  I did, however, decide I wanted to read the latest white paper on Cyber Security from well-known Security and Compliance services firm AlienVault.  Oops…

Imagine my surprise when, after clicking on the new GDPR-mandated website box saying that yes, I know they’ll keep my data and relentlessly spam and call me, their marketing system popped open a new screen that dropped me into their SalesForce interface and started spewing 1,000+ emails of their clients and prospects from the system.  There’s no telling if this error was caused by SalesForce, the marketing automation platform Marketo, or just bad coding on the part of AlienVault employees, as all three company platforms were exposed in the code and data dump that took place. It should be noted that this wasn’t a web page that acted up and started showing its source code, it opened up an unencrypted form on the AlienVault web site that appeared to allow queries and posting to their SalesForce leads database via Marketo. I did not query their system for any information, the long, long list of emails were already displayed on the page. While I understand that “stuff” happens, for a security company to have such an egregious issue on the very first day of heightened regulation looks bad.

For the record, we do not use AlienVault (or any of the other companies mentioned above) in our service offerings.

New Ransomware Looks Like Your Office Copier

A second wave of the Locky ransomware variant called IKARUSdilapidated has been identified by security experts. The source of the ransomware is a botnet of zombie computers coordinated to launch phishing attacks that send emails and attachments appearing to come from a targeted recipient’s trusted business-class multifunction printer.

This is the second wave of IKARUSdilapidated ransomware spotted in the past month, according to Comodo Threat Intelligence Lab. The original attack, first identified on Aug. 9 and lasting three days, utilized spam messages that contained little to no content along with a malicious Visual Basic Script attachment.

 “This is a more mature campaign, targeting office workers whose workstations are part of a corporate network linked to multifunction scanners and printers,” said Fatih Orhan, director of technology at Comodo, in an interview with Threatpost. “As many employees today scan original documents at the company printer and email them to themselves and others, this malware-laden email will look very innocent.”

Emails part of the campaign use a popular printer model in the subject line to trick users into thinking the messages are legitimate. One such message reads, “Scanned image from M-2600N”. MX-2600N is the model of a leading enterprise-class Sharp multifunction printer. Messages contained malicious JavaScript attachments that if clicked on initiated a dropper program that downloaded the IKARUSdilapidated ransomware.

An easy solution to this is to always involve your trusted IT professional in the purchase and configuration of these devices, so that the subject line can be changed from the default and your staff and trading partners know what is and [more importantly] is not a legitimate email from your multi-function scan devices.  Your copier technician is rarely trained in these matters. We recommend that you limit scan and email to only off-site personnel, and using file-share delivery whenever possible.

 

[Threatpost: New Locky Variant ‘IKARUSdilapidated’ Strikes Again – 30 AUG 2017]

Election Equipment Vendor Exposes Voter Data Online

[EDITORS NOTE: This manufacturer is the same firm that makes the voting equipment used in Lee County, Florida]

Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an unsecured cloud “data bucket” configured for public access.

The data was a backup stored in the cloud by Election Systems & Software (ES&S), a voting machine and election management systems vendor based in Omaha, Ne.

Researchers from UpGuard made the discovery last Saturday and privately reported the leak to a government regulator who connected them to the Chicago FBI field office. The FBI then notified ES&S, which immediately pulled down the data from the Amazon Web Services system.

Amazon buckets are configured to be private by default and require some kind of authentication to access what’s stored in them. For some reason, ES&S misconfigured its bucket to public months ago, opening the possibility that others had accessed the data before UpGuard.

ES&S confirmed in a statement that the copy of the backup file, a .bak or Microsoft SQL backup file, contained 1.8 million names, addresses, dates of birth, partial Social Security numbers and in some cases, driver’s license and state identification numbers. Jon Hendren, director of strategy at UpGuard and the person who found the exposed data, said that the databases also included fields indicating whether a voter was active. About 1.5 million of the records belonged to active voters.

There were two folders in the AWS bucket, Hendren said, containing about a dozen backup files, about 12GB in all. Also in the folder was some information on ES&S security procedures that included the hashed email passwords of ES&S employees. While the personal information of voters exposes them to fraud via phishing and other scams, the employee data poses a serious threat in another direction.

“There’s no telling how far a nefarious actor could get if they’re willing to use those credentials,” said Chris Vickery, UpGuard director of cyber risk research who has found other similar leaks via Amazon buckets. “There’s no way to tell if they would be able to infiltrate ES&S networks or systems, but the potential is there.”

ES&S sells a number of different electronic voting systems and vote tabulators. The City of Chicago is a customer of theirs, and it’s unknown what type of work was being done with the data or why it was being stored in a publicly accessible bucket.

“The backup files on the AWS server did not include any ballot information or vote totals and were not in any way connected to Chicago’s voting or tabulation systems,” ES&S said in a statement. “These backup files had no impact on any voters’ registration records and had no impact on the results of any election.”

The City of Chicago Election Board said it was notified of the breach by the FBI last Saturday afternoon at 5:37. By 9:44 p.m., the board said ES&S had taken the server offline. The board said in a statement that no systems, websites or servers managed by the board were affected and that none of its sites or networks reside on AWS.

“We were deeply troubled to learn of this incident, and very relieved to have it contained quickly,” said Chicago Election Board Chairwoman Marisel A. Hernandez. “We have been in steady contact with ES&S to order and review the steps that must be taken, including the investigation of ES&S’s AWS server. We will continue reviewing our contract, policies and practices with ES&S. We are taking steps to make certain this can never happen again.”

Vickery said it’s unknown whether anyone else accessed the data, nor whether ES&S had logging configured and enabled.

“Given the bucket name was easy to guess (“Chicago DB”) and had been up many months before I noticed it, I would say the chances of me being the first one are slim,” Hendren said.

Vickery added that ES&S websites do not have SSL enabled. A web-scanning and ranking service called CSTAR run by UpGuard determined the ES&S also falls short in that it does not have HSTS turned on, nor does it use HttpOnly cookies, secure cookies, DMARC or DNSSEC. It also displays the server information header.

 

[Threatpost: Vendor Exposes Backup of Chicago Voter Roll via AWS Bucket- 22 AUG 2017]

Lawyers E-Discovery Error Leads to Release of Confidential Client Information

A lawyer representing Wells Fargo in a lawsuit subpoena request has explained how she inadvertently turned over confidential information about thousands of bank clients.

Lawyer Angela Turiano of Bressler, Amery & Ross had overseen the e-discovery conducted by a vendor and turned over the documents to a lawyer for a defamation plaintiff without realizing she was releasing information about wealthy Wells Fargo clients, the New York Law Journal (sub. req.) reports.

The plaintiff and his lawyer told the New York Times about the release. According to the Times, the information consisted of “a vast trove of confidential information about tens of thousands of the bank’s wealthiest clients,” including customer names, Social Security numbers and financial data.

The information was turned over in a suit filed by former Wells Fargo employee Gary Sinderbrand against his brother Steven Sinderbrand, also a Wells Fargo employee. Gary Sinderbrand had sought emails between Steven and the bank through a third-party subpoena request.

In an affidavit, Turiano said she used an e-discovery vendor’s software to review what she believed to be a complete set of results and marked some documents as privileged and confidential. She did not realize she was using “a view” that showed a limited set of documents.

“I thus inadvertently provided documents that had not been reviewed by me for confidentiality and privilege,” she said.

Turiano also said the documents she flagged for redaction were not redacted before they were produced. “I realize now that I misunderstood the role of the vendor,” she said. “Finally, I now understand that I may have miscoded some documents during my review.”

According to the New York Law Journal, “The event highlights the increasing risks of relying on unfamiliar e-discovery technology—and the potential liability exposure to lawyers.”

Judges in New York and New Jersey have issued orders barring further release of the documents, requiring the plaintiff to delete any document copies, and requiring the plaintiff to give the digital file to the court for safekeeping.

 

[ABA Journal: Lawyers e-discovery error led to release of confidential info on  thousands of Wells Fargo clients- 27 JUL 2017]

Gizmodo Previews the Latest in Windows 10 “Stuff”

breaking down the Surface Studio and all the new stuff coming to Windows 10 Pro: