Week in Photos: July 8-14

https://www.defense.gov/Photos/PhotoEssays/EssayView?CollectionId=16729

Week in Photos is a collection of the best images published on Defense.gov during a seven-day period.

Posted in Solutions | Comments Off on Week in Photos: July 8-14

The Long and Winding Road to Cyber Recovery

http://www.securitymagazine.com/articles/88057-the-long-and-winding-road-to-cyber-recovery

Paul McCartney wrote “The Long and Winding Road” while the Beatles were in the throes of dissent and months away from breaking up. Listening now to the song’s yearning lyrics and plaintive melody, is it possible that Sir Paul actually anticipated the NIST Cybersecurity Framework’s Recover function, and was imagining the category titled Recovery Planning?

Posted in Solutions | Comments Off on The Long and Winding Road to Cyber Recovery

July 14, 2017: Senior Executives of Medical Drug Re-Packager Plead Guilty to Defrauding Healthcare Providers

July 14, 2017: Senior Executives of Medical Drug Re-Packager Plead Guilty to Defrauding Healthcare Providers

Posted in Solutions | Leave a comment

Trump Hotels Hit By 3rd Card Breach in 2 Years

Maybe some of you missed this amid all the breach news recently (I know I did), but Trump International Hotels Management LLC last week announced its third credit-card data breach in the past two years. I thought it might be useful to see these events plotted on a timeline, because it suggests that virtually anyone who used a credit card at a Trump property in the past two years likely has had their card data stolen and put on sale in the cybercrime underground as a result.

On May 2, 2017, KrebsOnSecurity broke the story that travel industry giant Sabre Corp. experienced a significant breach of its payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments. Last week, Trump International Hotels disclosed the SABRE breach impacted at least 13 Trump Hotel properties between August 2016 and March 2017. Trump Hotels said it was first notified of the breach on June 5.

A timeline of Trump Hotels’ credit card woes over the past two years. Click to enlarge.

According to Verizon‘s latest annual Data Breach Investigations Report (DBIR), malware attacks on point-of-sale systems used at front desk and hotel restaurant systems “are absolutely rampant” in the hospitality sector. Accommodation was the top industry for point-of-sale intrusions in this year’s data, with 87% of breaches within that pattern.

Other hotel chains that disclosed this past week getting hit in the Sabre breach include 11 Hard Rock properties (another chain hit by multiple card breach incidents); Four Seasons Hotels and Resorts; and at least two dozen Loews Hotels in the United States and Canada.

ANALYSIS/RANT

Given its abysmal record of failing to protect customer card data, you might think the hospitality industry would be anxious to assuage guests who may already be concerned that handing over their card at the hotel check-in desk also means consigning that card to cybercrooks (e.g. at underground carding shops like Trumps Dumps).

However, so far this year I’ve been hard-pressed to find any of the major hotel chains that accept more secure chip-based cards, which are designed to make card data stolen by point-of-sale malware and skimmers much more difficult to turn into counterfeit cards. I travel quite a bit — at least twice a month — and I have yet to experience a single U.S.-based hotel in the past year asking me to dip my chip-based card as opposed to swiping it.

A carding shop that sells stolen credit cards and invokes 45's likeness and name. No word yet on whether this cybercriminal store actually sold any cards stolen from Trump Hotel properties.

A carding shop that sells stolen credit cards and invokes 45’s likeness and name. No word yet on whether this cybercriminal store actually sold any cards stolen from Trump Hotel properties.

True, chip cards alone aren’t going to solve the whole problem. Hotels and other merchants that implement the ability to process chip cards still need to ensure the data is encrypted at every step of the transaction (known as “point-to-point” or “end-to-end” encryption). Investing in technology like tokenization — which allows merchants to store a code that represents the customer’s card data instead of the card data itself — also can help companies become less of a target.

Maybe it wouldn’t be so irksome if those of us concerned about security or annoyed enough at getting our cards replaced three or four times a year due to fraud could stay at a major hotel chain in the United States and simply pay with cash. But alas, we’re talking about an industry that essentially requires customers to pay by credit card.

Well, at least I’ll continue to accrue reward points on my credit card that I can use toward future rounds of Russian roulette with the hotel’s credit card systems.

It’s bad enough that cities and states routinely levy huge taxes on lodging establishments (the idea being the tax is disproportionately paid by people who don’t vote or live in the area); now we have the industry-wide “carder tax” conveniently added to every stay.

What’s the carder tax you ask? It’s the sense of dread and the incredulous “really?” that wells up when one watches his chip card being swiped yet again at the check-out counter.

It’s the time wasted on the phone with your bank trying to sort out whether you really made all those fraudulent purchases, and then having to enter your new card number at all those sites and services where the old one was stored. It’s that awkward moment when the waiter says in front of your date or guests that your card has been declined.

If you’re brave enough to pay for everything with a debit card (bad idea), it may be the time you spend without access to cash while your bank sorts things out. It may be the aggravation of dealing with bounced checks as a result of the fraud.

I can recall a recent stay wherein right next to the credit card machine at the hotel’s front desk was a stack of various daily newspapers, one of which had a very visible headline warning of an ongoing credit card breach at the same hotel that was getting ready to swipe my card yet again (by the way, I’m still kicking myself for not snapping a selfie right then).

After I checked out of that particular hotel, I descended to the parking garage to retrieve a rental car. The garage displayed large signs everywhere warning customers that the property was not responsible for any damage or thefts that may be inflicted on vehicles parked there. I recall thinking at the time that this same hotel probably should have been required to display a similar sign over their credit card machines (actually, they all should).

“The privacy and protection of our guests’ information is a matter we take very seriously.” This is from boilerplate text found in both the Trump Hotels and Loews Hotel statements. It sounds nice. Too bad it’s all hogwash. Once again, the timeline above speaks far more about the hospitality industry’s attitudes on credit card security than any platitudes offered in these all-too-common breach notifications.

Further reading:

Banks: Card Breach at Trump Hotel Properties
Trump Hotel Collection Confirms Card Breach
Sources: Trump Hotels Breached Again
Trump Hotels Settles Over Data Breach: To Pay ,000 for 70,000 Stolen Cards
Breach at Sabre Corp.’s Hospitality Unit

Posted in Four Seasons hotel breach, Hard Rock breach, Loews Hotels breach, Other, Sabre Corp. breaach, Solutions, Trump Hotel breach, Trump International Hotels Management, Trump's-Dumps, Verizon | Leave a comment

Focused Goal, Right Plan And Execution Key to Startup Success

Indian ethnic & handloom wear has always stood out as the best original outfit for the modern generation of people. The rich & diverse Indian culture & traditions are reflected through this Indian ethnic & handloom collection. The elegant Indian women wear mesmerizing attire and give her the most aesthetic look.

These traditional ethnic wedding wear and handloom wear enhance the beauty & elegance. These colorful textiles, breathtaking crafts and the untold stories of these master creations have always been behind the scene.

ClassyStreet.com attempts is to bring these unsung heroes to the real world limelight so that the world not only praises their work but in reality these people get a better life also.

Mr. Debansh Das Sharma, Founder of Innovedge Solutions Pvt.ltd that owns classystreet.com in an interview with greatcompanies.in says that the company took such an initiative to provide a platform for the skillful handicraft workers, who lacked appreciation from the society.

Mr. Sharma provided some more insights on startup culture, success mantra and much more.

Interviewer: Please tell me something about the company.

Mr. Debansh: It is an online platform for traditional handlooms and handicraft. It is a platform to showcase the work of award winning and talented designers along with their profile and portfolio.

Interviewer: How did you come up with such an idea?

Mr. Debansh: We realized that it is important to bridge the gap between the people who don’t have the knowledge about such intriguing things and the designers who don’t have any platform to showcase their work and talent. These upcoming designers had to face the adversities of dishonest middlemen, and people who copied their designs. Many people started taking advantages of the skilled. Since then we wanted to take up the initiative of working with them directly. Also, we as customers didn’t trust the authenticity and genuinity of these items. So we developed a reliable platform to order handcrafted and hand loomed products.

debansh
Interviewer: What were the challenges you faced and what did you learn from them?

Mr. Debansh: Being a startup, one has to always face challenges. But we have always been courageous and dedicated to our goals. We believe in working with the attitude of giving our best to achieve the desired goal whatever comes our way. The problems would always exist, but the right decision and perseverance would take you forward.

Interviewer: What are the three things important for a successful business?

Mr. Debansh: A much-focused goal, a right plan and execution, and the attitude to overcome the challenges are the three things, I believe, are important for any business.

Interviewer: What would you advice budding entrepreneurs who are willing to start up their own business or facing challenges?

Mr. Debansh: One should always look for the best idea and something exclusive so that no one else can imitate or take the credit of coming up with the same idea. An entrepreneur should never copy while performing their daily functions or even just start a business because it is trending or it looks attractive.

They should rather work hard for something about which they are passionate and do that in a the systematic manner to get the best results.

Interviewer: What are some of your habits which make you a successful entrepreneur?

Mr. Debansh: I am a polite person, always ready to take up challenges. I think that is important for sustainability. Also, I always promote optimism. One should never think that they won’t be able to do something or achieve a goal; they should always give it a try.

I have also been much focused on only promoting handloom and handicrafts.

Interviewer: How does entrepreneurship change a person?

Mr. Debansh: Entrepreneurship comes with responsibilities and being responsible affects one’s persona. After becoming a businessman, they always forget about their circle and their own self, which is a very wrong habit. Someone who has the capacity to balance their personal life and the spirituality of business has more probability to become a successful businessman. One needs to be balanced and developed as an individual to reach heights. Being calm also comes with the essence of entrepreneurship.

Initially, I was not able to take up the responsibility which came along with the running of a business. But, eventually, I took certain steps to overcome my personal shortcomings and it is now also reflected on me as a human being.

Courtesy – greatcompanies.in

The post Focused Goal, Right Plan And Execution Key to Startup Success appeared first on Learning Simplify.

Posted in ClassyStreet, ClassyStreet.com, Cloud Security, Solutions, Start Ups, Startup, Startup culture, startups, Technology | Leave a comment

3 Questions to Improve Cyber Incident Recovery

http://www.securitymagazine.com/articles/88105-questions-to-improve-cyber-incident-recovery

The NIST Cybersecurity Frame-work focuses twice on the concept of improvement, doing so within both the Respond and the Recover functions.

Posted in Solutions | Comments Off on 3 Questions to Improve Cyber Incident Recovery

CVE-2017-11310 (imagemagick)

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11310

The read_user_chunk_callback function in coderspng.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.

Posted in Solutions | Comments Off on CVE-2017-11310 (imagemagick)

July 17, 2017: Leader of $17 Million Health Insurance Fraud Scheme Ordered to Prison

July 17, 2017: Leader of $17 Million Health Insurance Fraud Scheme Ordered to Prison

Posted in Solutions | Leave a comment

July 17, 2017: Gloucester Woman Pleads Guilty to Her Role in Counterfeit Steroid Trafficking Scheme

July 17, 2017: Gloucester Woman Pleads Guilty to Her Role in Counterfeit Steroid Trafficking Scheme

Posted in Solutions | Leave a comment

July 6, 2017: North Olmsted Man Charged with Selling Misbranded Drugs

July 6, 2017: North Olmsted Man Charged with Selling Misbranded Drugs

Posted in Solutions | Leave a comment