Authentic8 Blog Author: A8 Team

Risk Management and Employee Cybersecurity

Illustration: Risk Management and Employee Cybersecurity - Authentic8 Blog

Risk management will be a central topic at the 3rd annual ALM cyberSecure conference in New York City this year.

The cross-industry gathering of thought leaders on December 4-5 aims to facilitate a holistic approach to data security, risk management and data governance.

Influential business leaders from the cybersecurity industry and high-ranking law enforcement officials will be convening with corporate risk management, compliance and law department leaders at the conference, which features speakers from numerous Fortune 100 companies.

Authentic8 Co-Founder and CEO Scott Petry will moderate a discussion panel on “Revamping Employee Cybersecurity Policies and Training to Mitigate Legal Risks” on December 4th.

Scott Petry will be joined on stage by Daniel Pepper, Vice President and Deputy General Counsel at Comcast; Adam Rubin, General Counsel of PrizeLogic; and Allen Brandt, Executive Director, Associate General Counsel and Chief Privacy Officer at the Depository Trust & Clearing Corporation.

Balancing IT security, data protection and privacy

Balancing IT security and data protection with the needs

New OpenSSL vulnerability to be disclosed this week

2015-07-06_OpenSSL

CORPORATE

The OpenSSL Project announced that a new “high” severity vulnerability will be disclosed on Thursday, July 9. Full details of the vulnerability have not been disclosed publicly, in line with standard, zero-day procedures, but organizations should be prepared to take immediate action for a vulnerability of this severity.

OpenSSL is used to secure the connection between the Silo client app and the user's virtual browser running in our secure container.

Authentic8 patches OpenSSL vulnerabilities as soon as they are disclosed, and all users benefit immediately. We also employ outside firms to test our service regularly for vulnerabilities. Examples of vulnerabilities in critical infrastructure (such as OpenSSL and Bash) that have been addressed for customers include: Heartbleed, FREAK, POODLE, and Shellshock.

We will announce our response and any potential user impact when the vulnerability is fully disclosed on Thursday.

Protecting Yourself from PDFs

img_2015-03-25_PDF

SECURITY

Recently a user contacted me with a question on how best to protect himself from PDFs of unknown origin that may have malicious payloads. He had found a PDF on a topic he was researching but as he did not know or trust the site he was concerned about exposing his own device to potential nastiness.

The goal was to provide a method for the user to view the PDF in a safe environment and save the PDF so he can reference it later while also being able to send the file to his colleagues without fear that they might infect their own devices. In short, he needed a secure, safe version of the file he was looking at so he could share with others.

With a traditional web browser when a PDF is rendered, the local device is exposed to any malicious payload that exists within the file. In addition, when a user downloads the PDF and chooses to send

FREAK attack unearths yet another SSL vulnerability

img_2015-03-12_FREAK

SECURITY

TL;DR If you're using Authentic8 Silo, you are safe from the FREAK attack. Last week, the discovery of the FREAK attack against SSL/TLS was publicly announced. FREAK is one of several serious attacks against SSL/TLS -- the encryption protocol securing most Internet communications. Other major bugs and attacks in recent years include BEAST, CRIME, Heartbleed, and POODLE.

Hackers are always looking for ways to break encryption and get access to our most valuable information. Fortunately, the good guys on the Internet are also vigilant in finding and fixing bugs and flaws in TLS. In this case it was Karthikeyan Bhargavan from INRIA in Paris and the miTLS team, who discovered the FREAK attack. If you're interested in a technical discussion of how the FREAK attack works, check out Matthew Green's write up and the research team's SmackTLS site.

In short, the FREAK attack involves a bad actor getting between you and the “secure” website you are visiting, forcing

Protect Yourself from the Anthem Data Hack

img_2015-02-27_Anthem-Facts

IDENTITY

This article isn’t for everyone - only eighty million of you (or 78.8 million to be more precise). That’s the whoppingly huge number of Anthem Health Insurance customers whose personally identifiable information (PII) is now in the hands of internet thieves. If you’re a current or former Anthem subscriber (or a Blue Cross Blue Shield subscriber who received services from Anthem), crooks probably have your full name, birth date, member ID data, street address, phone number, email address, and employment information.

Armed with your PII, these criminals (or the people who buy your PII on the black market) are cooking up ways to steal from you. Here’s a partial list of what they might be considering:

  • Registering for credit cards under your name and going on shopping sprees.
  • Foisting their income taxes on you. If a fraudster gives their employer your social security number, you’re on the hook to the IRS for the crook’s