May

May 2, 2019 - Citrix

Conferencing and digital workplace software company, Citrix, revealed that hackers gained access to the company’s network between October 2018 and March 2019. Data stolen included Social Security numbers, financial information, and data of current and former employees.

May 3, 2019 - AMC Networks

1.6 million users of AMC Network’s Sundance Now and Shudder streaming services had their data left exposed through a database that was left unsecured. Names, email addresses, subscription details were compromised. 

May 9, 2019 - Freedom Mobile

Freedom Mobile, a Canadian mobile provider had an estimated 1.5 million customers’ personal and financial information left exposed on a third-party server. The types of data left exposed included names, email addresses, mailing addresses, dates of birth, and credit card information.

May 13, 2019 - Indiana Pacers

The legal team behind the National Basketball Association’s Indiana Pacers was the victim of a major phishing attack. Employee and customer names, addresses, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, medical insurance information, card numbers, digital signatures and login information. No number of affected individuals has been given by the team.

May 14, 2019 - WhatsApp

WhatsApp has experienced a security flaw that provided access to an Israeli government surveillance agency, NSO Group. NSO Group had limited access to the microphone, camera, and WhatsApp message text of the app’s 1.5 billion users. 

May 20, 2019 - Instagram

Facebook-owned Instagram, fell victim to a data breach that exposed more than 49 million Instagram influencers, celebrities, and brands’ Instagram information when an Indian-based social media marketing company left it exposed. 

May 24, 2019 - Canva

The 139 million users of Canva, a cloud-based graphic design tool, had their names, usernames, and email addresses exposed when hackers infiltrated their server. 

May 24, 2019 - First American Financial Corporation

First American Financial Corp., a leading title insurer for the U.S. real estate market, had 885 million customers’ Social Security numbers, bank account numbers, mortgage and tax records, wire transaction receipts, and driver’s license images compromised for all customers as far as back as 2003.

Other May breaches: Inmediata Health Group, Uniqlo, Wyzant, Flipboard, Checkers (the fast food chain).

June

June 3, 2019 - Quest Diagnostics

Almost 12 million patient records have been compromised when hackers took control of the payments page of AMCA, a major payment vendor for Quest Diagnostics. Data such as financial account data, Social Security numbers, and health information (ePHI) were left exposed.

June 4, 2019 - LabCorp

In the same hack, LabCorp announced that 7.7 million of its customers were impacted. 

June 6, 2019 - Opko Health

In the same attack, Opko Health had 422.600 customer and patient records compromised. 

June 10, 2019 - Emuparadise

The gaming website Emuparadise had their users’ IP addresses, usernames, and passwords exposed in a data breach. 

June 11, 2019 - Evite

More than 100 million users of the Evite event planning app have had their information put up for sale on the dark web. Information that was stolen included names, email addresses, IP addresses, and cleartext passwords. Some even had their dates of birth, phone number, or postal address exposed.

June 11, 2019 - Total Registration

Kentucky-based Total Registration, a facilitator of scholastic test registrations had their entire service compromised. Victims, who were mainly students who had registered for PSAT and Advanced Placement tests, had their names, dates of birth, grade level, gender, and Social Security number exposed. 

June 12, 2019 - Evernote

A security vulnerability in Evernote’s Web Clipper Chrome extension gave hackers access to the online data of over 4.5 million users. Exposed data includes authentication, financial, all private communications, and more.

June 20, 2019 - Desjardins

Over 2.7 million individuals and 173,000 businesses had their data stolen by a single Desjardins employee. Canada’s largest credit union, the hack resulted in the exposure of names, dates of birth, social insurance numbers, addresses, phone numbers, and email addresses of customers

Other June breaches: Oregon Department of Human Services, U.S. Customs and Border Protection, EatStreet, Dominion National

July

July 17, 2019 - Clinical Pathology Laboratories

Due to the AMCA breach that affected Quest Diagnostics, Opko Health, and Labcorp, Clinical Pathology Laboratories had 2.2 million patients’ personal and medical information exposed with an additional 34,500 patients’ credit card or banking information breached. 

July 18, 2019 - Sprint 

A still unknown number of Sprint customer accounts were hacked through Samsung.com’s “add a line” website. Some exposed information included names, billing addresses, phone numbers, device types, device IDs, monthly recurring charges, account numbers, and more. 

Other July breaches: Maryland Department of Labor, Los Angeles County Department of Health Service, Essentia Health, Fieldwork Software, Los Angeles Personnel Department

August

August 5, 2019 - Poshmark 

The online marketplace, Poshmark, has announced that they’ve been hacked. Usernames and email addresses of an unreported amount of clients have been exposed in the breach. Poshmark has nearly 50 million users.

August 5, 2019 - Stock X

The online fashion-trading platform had its over 6.8 million user accounts exposed. Data that was out there included customer names, email addresses, usernames and passwords, shipping addresses, and purchase histories. 

August 9, 2019 - CafePress

A data breach at CafePress, a custom t-shirt and merchandise company, exposed the names, email addresses, physical addresses, phone numbers, and passwords of over 23.2 million customers. 

August 15, 2019 - Choice Hotels

Hackers left over 700,000 guest records exposed in a coordinated extortion attempt on the Choice Hotel chain. Stolen information included names, addresses, and phone numbers. 

August 16, 2019 - Biostar 2

VPNMentor and independent security researchers uncovered a data breach containing over a million individuals’ facial recognition information as well as the unencrypted passwords and usernames of 27.8 million individuals exposed from Biostar 2, a biometric security platform. 

August 27, 2019 - Hostinger

Hostinger, a web hosting company sent out an email to their 14 million clients who had their information hacked through an API server. As a result, first names, usernames, email addresses, IP addresses and hashed passwords were exposed.

Other August breaches: Presbyterian Healthcare Services, State Farm, MoviePass

Before your business has its network breached, data stolen, and reputation irreparably harmed, call the security professionals at Coleman Technologies to do a full security assessment. We can help you keep your data and reputation intact. Call us today at (604) 513-9428 to learn more. 

How to Tell How Old a Computer Is

When a computer starts to get too old, it can become a problem for productivity. In fact, to help avoid this, some even recommend replacing a work computer every four years… but how do you tell how old a work computer is in the first place?

This isn’t always as cut-and-dried as one would think it should be. Some computers and laptops will have a date right on the case, neat the serial number. If there is no date provided, a quick search for the serial number might give you an idea.

You can also check the components of your computer itself, using the System Information tool. In the Search Windows box, type in “sysinfo.’ From the results, access System Information and in the window that appears, you can find plenty of information to help you date the machine. For instance, if the BIOS of the device has never been upgraded, the date will likely tell you how old the machine is, more or less. Searching for other components can help you to confirm this estimate.

As a result, you can get a better idea of whether your computer’s issues are age-related, or if there’s something else creating problems.

Signs That Say It’s Time to Replace Your Computer

There are quite a few factors that can indicate when your computer is due to be retired. While these indicators can each be a sign that something else is going on with your machine, a combination of a few of them is a fairly reliable signal that you and your device will soon have to say goodbye:

• The computer is huge. In the interest of space, many modern devices are built to be compact, taking up less space than their predecessors did. While this isn’t a hard and fast rule (powerhouse workstations often take up a lot of space out of necessity), a larger, basic-function workstation or laptop is generally an older one.
  
  
• Startup and shutdown take forever. Again, there are a few different issues that could contribute to lengthy startup and shutdown times. Too many applications may be set to automatically run in the background, or your hard drive might be almost full. However, this is another common symptom of an aging device.
  
  
• You’re encountering hardware and software limitations. If your attempts to upgrade your computer’s hardware and software - especially security software - are stymied by a lack of interoperability or support, it’s probably time to consider replacing it. This is even more so the case if your work-essential solutions can’t be upgraded any further or runs slowly, or loading your applications takes notably long and they can’t efficiently run simultaneously.
  
  
• Your computer is loud. If the fans in your device (whether it’s a desktop or a laptop) run loud, it’s a sign that your computer either needs a good cleaning or needs a good replacing. If the issue persists after a thorough cleaning has taken place, that’s a sign that your hardware is working too hard, a sure sign of age-related issues.

If you feel that your hardware is due to be replaced, reach out to Coleman Technologies. We have the contacts to help you procure the equipment you need to remain productive and offer the support to keep this equipment going. Call us at (604) 513-9428.

Create Procedures for Both Routine and Emergency Patches

Many patches are released on a predictable schedule, so as to make it easier to keep up on patches - after all, if you know that a patch is going to be released on a certain date, you can set aside time to apply that patch. There are also emergency patches that are released when a vulnerability is discovered and remediated.

As you might imagine, both are important to maintain - one, to keep your business as free as possible from vulnerabilities, and second (and perhaps more obviously), to keep your business secure in the face of an impending threat. That’s why you need to make sure you have set processes in place to ensure that all patches are tested and applied. While it may not always be a pressing security issue, it is better to be prepared for anything that the vendor is concerned about.

At Coleman Technologies, we always build out and update our procedure, and test updates before they are applied to prevent downtime and other issues. It’s all about working smarter, not harder.

Have a Controlled, but Realistic, Environment for Testing Purposes

Let me ask you a hypothetical question: someone comes up to you on the street and offers you a pill that would make you immune to the common cold, but with no peer reviews by any medical board or the FDA. So, do you take it?

I would hope you would say no, simply because you have no idea of the effectiveness of the pill without it having been tested. Patches are the same way. Without any testing, you simply don’t know how well the patch will work, or if it will interfere with another process. Before you apply any patches to your primary infrastructure, you need to have made these evaluations in a reasonable approximation of it. An effective means of doing so is to spin up a virtualized environment and stress-test the patch there, before actually applying it - just make sure you give your tests enough time to produce trustworthy results.

Keep Track of When Patches Are Released

Depending on the hardware and software you use, patches are going to be released on a different schedule. This is because different manufacturers and vendors manage their schedules differently. Just look at Microsoft and their famous Patch Tuesday (typically the second and sometimes the fourth Tuesday of each month). In order to properly keep your patches up-to-date, you need to know when to expect them.

For assistance with your business’ patch management, you can always turn to Coleman Technologies. Give our professionals a call at (604) 513-9428.

DoD Advanced Research

During the Cold War there was a constant need for coded systems to transmit data quickly. In the mid-1960s, the U.S. Department of Defense created what they called the Advanced Research Projects Agency (ARPA), which worked on integrating new technologies that would help the United States achieve its foreign policy goals. One of the scientists that was commissioned was Joseph Lickliter, who had the idea of connecting computers at important research centers. It was a way for engineers and intellectuals to collaborate on DoD-funded projects. The network, called ARPANET, was launched in 1969.

At first, growth was slow. Small packets were sent over telephone lines, but along the way there were many innovations that set the tone for the shared computing constructs that we regularly use today. One such innovation was packet-switching. Packet-switching allows a computer to connect to several other computers at once by sending individual packets of information. In this way, computers were able to constantly send and receive information. With this method each computer on ARPANET would have (what amounts to) an address book that is constantly updated. 

As the network grew, however, this packet switching model, which was beneficial, was just too slow to facilitate an accurate account of addresses on the system. So in 1973, the engineers at ARPA decided that Stanford University (a founding member) would keep a master address book that was kept up to date by network administrators. This decongested the network significantly.

By 1977, ARPANET had over 100 computers connected to it; and, with the age of personal computing starting to rear its head, changes started to come fast. It was about this time that other computing networks began to pop up. As they first started to connect with each other there was no interoperability between them, but this problem was remedied early in the 1980s with the standardization of what is called Transmission Control Protocol/Internet Protocol (TCP/IP). This was the first time the world Internet was used. 

ARPA engineers realized pretty quickly that the connecting networks that were now using the same protocol set (TCP/IP) were too numerous and were going to be unmanageable. This is when the modern Domain Name System (DNS) was introduced. They separated all addresses by domains. The first level, or top-level, domains would dictate the type of organization that a packet was being sent to. Examples include .com and .edu. Today, there are over 1,000 top-level domains out there. 

A second-level domain provided the host where data packets would be delivered. Examples that you see today are amazon.com or cornell.edu. This system provided specific data packet routing, setting the stage for the modern-day Internet. 

The Internet

By the late 1980s the DoD decided that ARPANET was a success and shut it down. It was handed off to a private company called NSFNET in 1990. In 1992, the modern Internet Service Provider (ISP) was created as the U.S. Congress passed a law allowing commercial traffic on the newly formed Internet. 

Nowadays, the United Nations has proclaimed that Internet service is now a fundamental human right. This marvel of human ingenuity would not have been possible without ARPA and ARPANET. If you would like to see more articles about technology’s history, subscribe to the Coleman Technologies blog today.

Fortunately, there is: password management systems.

What Are Password Management Systems?

A password manager is effectively what it says on the box: it’s a program that keeps track of your passwords for you. While these are available for individual users, we are more concerned with those that are meant for businesses to leverage.

These solutions have a reputation for being complicated and time-intensive to set up. However, this no longer has to be the case, and it is now more important that you find a solution that offers the features that every business needs to prioritize.

What to Look for from a Password Manager

During your search, you will want to make sure your chosen password management system offers the following features:

Security

While this may seem obvious, not all of your password management options will necessarily offer the same protections or follow the same practices. For instance, standalone password managers are inherently more secure than those tied to another solution, like a built-in one in your browser of choice.

These separate solutions usually have additional features to assist your security as you use them. Good password managers will remind you of best practices if too many saved passwords are the same or too weak and will require multi-factor authentication to be accessed in the first place. It also wouldn’t hurt to find one that also notifies you when you’re due to update some of the passwords you have saved.

It should also never save one password: the master password used to access the solution itself. That is still the user’s responsibility.

As far as behind-the-scenes security is concerned, you should find a password manager that is itself protected by a variety of security features, like encryption, role-based access, and secure cloud storage.

Storage Considerations

Determining where your credentials are kept by the password manager is another important detail to keep in mind, largely as an extension of your security considerations. Does your password manager save your passwords to the cloud, or are they kept natively on the device? Either approach has its pros and cons.

If the cloud is leveraged, your credentials will be available to you on any of your devices… but this does put your credentials in the crosshairs if that cloud solution was ever breached. If you keep your credentials stored locally, you won’t risk losing them in a cloud storage breach, but they are still vulnerable. For instance, if that device fails, there go your passwords.

Generally, this won’t have much impact on the solution you choose, as most enable either option, if not a combination of both.

User Friendliness

As difficult as your password manager should make things for cybercriminals, it should make simple for your legitimate users - starting with adding and removing them to the business’ accounts. They should find it easy to change their password as needed, and your password manager should automatically log a user into a website or application. If it senses that there are not currently credentials for that site, it should offer to save them.

Coleman Technologies has plenty of experience dealing with password security, which means we’re familiar with password managers and maintaining them. If you’d like assistance with selecting, implementing, and utilizing one in your business, let us know! We’re just a call to (604) 513-9428 away.