Compromise Assessment Archives

Compromise Assessment

Windows Vulnerability

Oftentimes, cyber attackers are able to infiltrate the networks of organizations through holes in older programs which have not been updated. Recently, a malware known as “DoublePulsar” has been found targeting un-patched Windows systems, inserting itself within networks and laying seeds for future ransomware attacks. Here’s what’s currently known about this threat and what steps you can take to prevent yourself from falling victim to it. An Advanced Attacker As reported in Bank Info Security, a group of hackers known as the “Shadow Brokers” – believed to have ties with the Russian government – released a set of attack tools which exploit flaws in older versions of Windows. One of these tools, DoublePulsar, has been adopted by attackers and implanted in

BAI Security April 27, 2017

Compromise Assessment

Compromise Assessment: Rooting Out Hidden Attackers

We often think of data breaches as these big, climactic events. Something like the bank robberies you might see in big budget movies. One minute, everyth is fine. The next, YaPostTypes Permalinkshoo or Target’s doors are being kicked down; they’re under attack. Millions of passwords, bank account info and more are made off with in an instant. Of course, it’s not really like that. There aren’t any getaway cars out front or dramatic fight scenes as the criminals steal information. Cyber-attacks don’t normally set off alarms – it’s in cyber criminals’ best interest to quietly sneak in so they can steal as much information as they can for as long as possible. These are stealth attacks that can linger, sometimes for years. To combat

BAI Security December 1, 2016

Breach

Update: The Yahoo Breach Keeps Getting Worse

Recently, we discussed the massive impact the Yahoo data breach was having on companies in all fields. At the time of our writing, there were rumors of Verizon beginning to get cold feed out of a proposed merger with Yahoo, potentially costing Yahoo up to a billion dollars. Things were not looking so great. News this week has warranted an update to Yahoo’s plight, however, as it appears somehow things have gotten even worse with the admission that their breach problems might have begun years ago. A Hidden Problem According to a filing Yahoo made to the Securities and Exchange Commission (SEC), Yahoo believes that the attacker who affected at least 500 million accounts first obtained access to their system

BAI Security December 17, 2016

BAI Security Compromise Assessment

Unseen Consequences: The Ripple Effects of a Data Breach

A data breach results in some obvious, immediate impacts. Your customers’ and/or patients’ data is exposed, for one. Even if you don’t lose their business, there will likely be some fences to mend to regain their trust. However, what often gets lost in the aftermath of significant breaches is the ripple effect these attacks can have on all levels of your business. These ripples are currently shaking an in-transition Yahoo to its core. Market Loss As you’ve probably heard, Yahoo recently announced that at least 500 million user accounts were breached in a late 2014 attack, making it potentially one of the largest cyber breaches ever. This news came at a particularly bad time, as Verizon was willing to bid

BAI Security October 20, 2016

BAI Security Audit

BAI Security: “Most Promising Enterprise Security Companies”

BAI Security is pleased and proud to announce that we have been included in the CIO Review Enterprise Security list of the “20 Most Promising Enterprise Security Companies.” The companies included in this year’s list were selected by a panel of CIOs and CEOs of public companies, analysts, and the CIO Review editorial board. The list highlights a select group of companies that “provide uniquely effective approaches to enterprise security threats.” CIO’s write-up also states that it “believes these companies have achieved significant momentum and will rise above the rest.” So you can see why we’re so pleased to be included. In CIO Review’s article on BAI Security, we were (correctly!) described as a “singularly-focused IT Security and Compliance firm

BAI Security March 3, 2015

BAI Security Audit

THE NEXT BIG ADVANCE IN BREACH DETECTION & PREVENTION

Sears Holdings Corp. announced in March of this year (2014), it was investigating a possible security breach after a series of cyberattacks on other retailers have exposed the data of millions of consumers. The security review was still at an early stage as Verizon Communications Inc. (VZ)’s digital forensics unit and the U.S. Secret Service sift through the company’s computer data to look for traces of hackers and the extent of any incursion, according to two people familiar with the matter. Sears, which was already working to reverse 28 straight quarters of declining sales, could be faced with fighting a possible hacking attack with shoppers on edge after a flurry of retail data breaches tarnished the image of merchants including

BAI Security April 1, 2014

BAI Security Audit