Vulnerability Scanning


Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning


Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring


We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More

What are the Top 5 Internet Security Trends for 2013

As the Internet and technology advances at increasing speeds, the concerns over security are keeping pace. New threats to security emerge every day. Check out the National Vulnerability Database . With access to the Internet expanding to various devices other than the laptop or desktop, there are more opportunities for attacks. With the ever increasing connectedness of our society, it is important to look at the Internet security trends 2013 and be prepared.

Each time you access the Internet, you are putting yourself and your technology at risk by exposing it to the security risks, known and unknown. The security trends for the coming year are looking to focus around a variety of threats including cyber conflict, ransomware, madware, social software and cloud-based cyber attacks. Like it or not, these concerns aren’t going away any time soon, so it is best to gain a baseline understanding of them so that you’ll be able to protect yourself in the coming year.

1. Cyber Conflict

Increasingly, cyber conflict is becoming a serious threat between states, organizations and individuals. While the threats at the state and organizational level may not be of immediate concern, cyber conflict can become very serious when you’re dealing with others sitting behind a computer screen. People are less considerate and often more bold when sitting at a keyboard. Threats and aggression come quickly as discussions online become heated. You can protect yourself and your family from cyber conflict by becoming more aware of how you interact on the Internet. Bullying and aggression are of great concern for families with children. Be sure to educate your children and monitor their Internet usage closely.

2. Ransomware

It’s actually just what it sounds like – virtual ransom demands from criminals. This is a growing threat due to the increasing sophistication of cyber-criminals. Be aware and protect yourself online by consulting with an Internet security firm if you are in a position where you feel exposed to the threat of cyber-criminals. Fast incident response is key when dealing with Ransomware.

3. Madware

Mobile adware or Madware is a growing concern as more and more people are using mobile devices to connect to the Internet. Madware can cause a HIPAA security violation easily of you lose patient data to an attack as well as pose a problem to the functionality of your mobile devices. Often mobile apps expose mobile device users to various forms of madware. Consult your mobile device dealer or an Internet security firm in order to protect yourself from madware. See this good illustration of madware from

4. Social Software

Social media security is a growing concern as more and more people and social media platforms emerge. The social media reputation risk is high when people use social media platforms carelessly or are uneducated about the multitude of privacy and security risks that come from social media.

5. Cloud-based Cyber Attacks

Cyber attackers are turning to the cloud as more people and companies are using it as a way to store the massive amounts of data they accumulate through their desktops, laptops, tablets and mobile devices. This can be a great concern for people who are relying on these cloud-based services to store their valuable documents, entertainment collections and pictures. The recent news article of Wired technology journalist Mat Honan getting hacked through Amazon and Apple cloud services, “Apple account hack raises concern about cloud storage”  illustrates the damage.

As you can see, each of the Internet security trends of 2013 pose a real threat to your security online. Now is the time to take serious steps to protect yourself from these emerging trends so that you will be able to start the new year off right. It may seem like these things will never happen to you, but usually these attacks come when you least expect it. Just like home invasion, if you’re an easy target, you’re more likely to get hit by any one of these threats. The best defense is a good offense and in this case. For help in cloud, network and social media security, contact us at KRAA Security.

Enhanced by Zemanta
Facebook logo

Image via Wikipedia

When you take a photo of yourself in your house and then post it via Facebook or twitpic, you assume that no one will really know where you are taking that picture. Well, you may be wrong. Social media security is in a very nascent development stage. There are a number of theats already to social media such as malicious applications in Facebook or trojans in shortened URLs that the average user does not know about or where to turn to for advice. A new threat could be giving up your location when you post a picture from inside your house. A team of scientists dicovered that with some smartphones, a user’s latitude and longitude can be attached tothe picture you post in the metadata. That’s pretty scary. See the news story ” Tips to Turn Off Geo-Tagging on Your Cell Phone”  ( “Many people are not aware of the fact that there are geotags in photos and videos,” said Gerald Friedland, one of the scientists. A website that has been setup to show the dangers of this capability is So what can you do about this? Do you want to be stalked?  ON the IPhone, go to Settings, General, then Location Services and disable the applications you do not want to use Geo-tagging, such as Camera. Regards Gary Bahadur 888-572-2911
Enhanced by Zemanta

Data Loss, this time with Network Solution

Network Solutions, one of the largest domain registrars recently announced a data breach. Malicious code was found on its e-commerce server which may have captured transactions from thousands of websites and capturing half a million or more credit cards. The company said they found the code during a routine check. Since the breach occurred between March 12 and June 8th, how routine was the actual checks? I wonder when their last vulnerability assessment or Information security risk assessment was conducted? Data loss prevention is sorely lacking in just about every industry. Here is what the company said “At this point, we have no reports or other reasons to believe that any credit card account information has been misused and, under established practice, credit card issuing companies generally will not hold our merchants’ customers liable for any fraudulent purchases made using their credit card account numbers that are reported in a timely way to the issuer,” a statement from the company reads. All these statements around hacker breaches and stolen credit cards read the same. The process now begins where all the merchants have to be identified, then each merchant has to notify their customers. Their customer then have to work with their banks to stop credit cards, have to get credit monitoring and thus goes the Circle of Life (of data breaches) Here is the list of data breaches in 2009 alone. If you recall the breaches of Heartland Payment Systems and RBS WorldPay, the breachescaused them to be removed from the PCI security audit () list . Well that should be obvious, or should they have been rated compliant int he first place. Known non-compliance might be a better than weak compliance. The basic question is what was Network Solution not doing to have malicious software installed on key servers? Was it a breach through a web application, was it through malicious email, a browser based attack, some insider who didn’t know enough about security and clicked on the wrong thing? What routine check found it and why wasn’t this check run on a more routine basis, such as weekly or even daily? At the end of the day, security is a moving target. We can utilize encryption, vulnerability management, application security risk assessment, email filtering, backup and recovery, but all will be useless is we follow poor practices or do not have good procedures in place to take into account the human element. Most breaches are insider problems or mis-configurations or plain old stupidity. Gary Bahadur *Managed Security Services *Vulnerability Management *Compliance & Policy Development *PGP Security *FREE Website Security Test
Reblog this post [with Zemanta]
This kind of incident (see article below) seems to be happening every few months. So you purchase a product (netbook) and it comes infected. No longer do you just have to worry about it working, or if the OS will behave nicely or the drivers will work with your printer. If the manufacturer can not control malware, what hope is there? I am pretty puzzled about how the malware actually got on the machine. The article doesnt delve into too much detail, but looks like maybe a driver was infected that got placed on the machine. This seems to say the manufacturer does not use any kind of antivirus, or antimalware to test the security of the system before shipping it out. It also calls into question the security processes in place around managing software and development. A bit scary. So what are some things you can do to protect against malware (i hope you know most of these already) 1) Use a firewall – A good personal firewall will help defend your system, especially if it has the capability to monitor outbound traffic or stop unknow programs from being run or installed. Try Zonealarm, free version. 2) Run anti-virus – This is obvious. while many antivirus programs will miss a lot of malware, you need a defense in depth strategy. Try AVG or Avast. 3) Install patches – A must do. Keep your systems patched because many worms, virus, and malware take advantage of unpatched system vulnerabilities 4) Use antispyware – This is a bit different from antivirus. It can stop malicious code from running and warn you of registry changes. A good start for the beginner is SpywareGuard and  Spybot S & D. 5) Protect the browser – Browser protection software can stop activex controls from running, protect you from tracking cookies and known malware. Two examples are SpywareBlaster and IE-SpyAd 6) Stop Surfing Porn! Baha

*Managed Security Services

*Vulnerability Management

*Compliance & Policy Development

*PGP Security

*FREE Website Security Test

++++++++++++++++++++++++++++++++++++++++++++++++++++ Netbook comes with factory-sealed malware Chuck MillerMay 20, 2009 SC Magazine