News

Blockchain for Dummies

Want to learn more about blockchain? Click on the link below for a simple, easy-to-read article recently published on LinkedIn.

Blockchain Explanation Your Mum Could Understand

Digital Identity Tracker February 2017

Read the full article

MARK YOUR CALENDARS: NY CYBERSECURITY REGULATIONS TO GO INTO EFFECT

If your organization is regulated by the New York Department of Financial Services (NYDFS), March 1, 2017 is an important date to mark on your calendar. On that day, absent further modification, the NYDFS’s modified Cybersecurity Regulations will take effect and will impose substantial cybersecurity obligations on banks, insurers and financial institutions that operate in the state of New York. The reach of these regulations, however, is not just limited to traditional financial services entities. As currently proposed, the regulations also apply to colleges, universities, and religious and philanthropic entities that are permitted under N.Y. Insurance Law to issue charitable annuities. If your organization is regulated by NYDFS, maintains or has access to personal information, and (i) has 10 or more employees (including independent contractors), (ii) more than $5 million in gross annual revenue in each of the last three fiscal years, and (iii) has more than $10 million in year-end total assets, it will be required to comply with the Cybersecurity Regulations.

The full article can be found at the following link:

http://www.pepperlaw.com/publications/mark-your-calendars-ny-cybersecurity-regulations-to-go-into-effect-2017-01-25/

Major Exploit Still Affecting Philadelphia Companies

Layer 8 Security has an on-going relationship with local and federal law enforcement that allows us to know in advance when certain threats will be prevalent. We receive notices and bulletins from the FBI and other intelligence sources on a consistent basis. In some cases, dissemination is limited; however, in this case a wide dissemination is allowed. We are glad to send this alert to keep you and your company safe.

Recently, several Philadelphia businesses have fallen victim to the OpenSSL cybersecurity exploit known as Heartbleed, which created a news frenzy in 2014. We’re extremely surprised that there are still companies that haven’t patched or updated their assets to defend themselves against this exploit.

According to our sources, there are nearly 200,000 servers and Internet-connected devices running out-dated OpenSSL software still vulnerable to Heartbleed. The initial analysis of the Heartbleed vulnerability found over 600,000 devices which led to one of the largest media blitzes to fix a technology bug. The bug can be exploited to reveal chuncks of memory to any client that connects to the server.

What this means for you:

While you likely have heard about Heartbleed years ago, the threat still exists. A “bad guy” could use the Heartbleed exploit to remotely execute malicious code on your servers which results in a compromise of sensitive data. Organizations need to verify that their assets (Cloud servers, data, backup systems, etc.) do not run a vulnerable version of OpenSSL, and if they do, patch them immediately. Also, this should act as a good reminder to review policies and procedures on asset maintenance.

If you have questions regarding these alerts, please contact us at contact@layer8cybersecurity.com or 800.530.9121

Related Links

ZDNet – Heartbleed: Serious OpenSSL Zero Day Vulnerability Revealed

Layer 8 Security – Cybersecurity Training and Education & Penetration Testing

 

CYBER SECURITY UPDATE:

At a recent seminar on cyber security, an associate from the FCC informed the audience that the National Institute of Science and Technology (NIST) had published a framework to reference when companies are addressing the issue of cyber security. A link to that website is provided below. This is a topic that is becoming more relevant every day, and we are pleased to provide this information to you for your perusal and use.

Cyber Security Framework