Cloud Security Archives - Page 2 of 11 - The Privacy Post


Healthcare Data Security: Is Your Cloud Service Provider HIPAA compliant?

Posted by on Feb 13, 2014


Cloud service providers must comply with HIPAA guidelines. Image from

With healthcare data doubling every year, it can be extremely difficult for medical institutions to manage such a huge amount of information using traditional IT systems. This is one of the reasons why the healthcare industry is gradually moving towards the use of cloud services.  A cloud storage system allows organizations to place data on a centralized electronic system that can be accessed anytime from anywhere. Cloud services can help the healthcare industry to access and manage health records effectively in order to provide better patient care. A properly implemented cloud storage system allows hospitals to process tasks effectively and quickly, without causing a drop in performance. Cloud computing has proven extremely beneficial and cost effective for patients and healthcare providers.

Continue reading…

Cloud Security Archives - Page 2 of 11 - The Privacy Post


How Can Enterprises Ensure Security Against Cloud Security Breaches?

Posted by on Feb 11, 2014

Secure cloud storage for better security.
Image from

Cloud computing has become the driving force of today’s IT industry. More and more enterprises are moving towards this technology because of its flexibility, cost effectiveness, and easy deployment. According to the technology researchers at Gartner, the cloud services are expected to grow to $210 million by 2016. However, cloud computing is vulnerable to several security breaches and cyber attacks. The fact that the cloud hosts a tremendous amount of data makes them an attractive target for the cyber criminals. It is also extremely difficult to track or investigate cyber attacks on cloud services because of an ever changing set of users and data centers.

Continue reading…

Cloud Security Archives - Page 2 of 11 - The Privacy Post


New Security Technology “Honey Encryption” Deceives Hackers

Posted by on Feb 7, 2014

bee hive

Honey Encryption tricks hacker from getting access to your data.
Image from

Security researchers have devised a unique method to trick the hackers trying to crack encrypted information. As you may know, encryption is one of the most effective methods of protecting data. However, it is seen that in many cases intruders are successful in getting into the system by trying different encryption-cracking methods. There are several sophisticated pieces of software that are capable of deciphering secure data. Keeping these security concerns in the forefront, two security researchers, Ari Juels and Thomas Ristenpart, from the University of Wisconsin Madison, have come up with a new encryption system called “Honey Encryption”.

Continue reading…

Cloud Security Archives - Page 2 of 11 - The Privacy Post


Wookie Gone Wrong: Tor-Enabled Malware ChewBacca Infects Dozens of Retailers

Posted by on Feb 4, 2014

Chewbacca infects Point of Sale terminals of retail stores.
Image from

The Point-of-Sale (PoS) malware attacks seem to be on the rise since last year. Many retailers like Target and Neiman Marcus became victims of such attacks. Recently, the RSA brought into light another PoS malware called “ChewBacca”. In the past three months, this Trojan has stolen credit and debit card information from dozens of retailers. While the majority of the retailers are based in the U.S., the attack has also been noticed in few other countries like Russia, Canada, and Australia. Due to lack of security controls on the PoS machines, they have become the easy target of financially motivated attacker, who is able to access millions of customer’s data. Let’s take a look at how the ChewBacca malware works. Continue reading…

Cloud Security Archives - Page 2 of 11 - The Privacy Post


Security Concerns with “The Internet of Things”

Posted by on Jan 28, 2014

There have been many recent security risks with connected devices.
Image from

The Internet of Things has become an emerging trend in today’s age. As the number of devices connected via Internet grows, the risk of cyber attacks also increases. By connecting so many unsecured smart devices like TVs, refrigerators, etc. to the Internet, we are opening the doors to many malicious activities. Recently, a security research firm, Proofpoint, revealed an Internet of Things cyber attack that compromised more than 100,000 Smart TVs, refrigerators, and other smart appliances; 750,000 malicious email communications were sent out from these devices. Proofpoint noticed this attack during the holiday season, from December 23,2013, to January 6, 2014. The researchers observed thousands of malicious email messages coming a particular range of IP addresses. When they conducted further investigation, they realized that these messages are not coming from PCs, which are the most common medium for launching these attacks, but from unidentified devices running on the standard Linux platform. On pinging those devices, they found out that they were smart appliances connected within households.

According to Proofpoint, just as personal computers are compromised by botnets to launch attacks, cyber criminals are exploiting the vulnerabilities in smart home appliances by transforming them into “thingbots” to carry out malicious activities. One of the major intentions behind such kinds of attacks is to collect personal information about the victim. The more information the attackers have in their hands, the more powerful they become. Another reason why Internet connected devices have become more appealing to the attackers is because they have poor security controls and can be infected easily. The researchers of Proofpoint noticed during their investigation that the majority of the smart appliances were not configured properly or used default passwords. Unfortunately, when we talk about Internet security, most people visualize securing their laptops or tablets. We forget that other than our laptops, PCs, or Tablets, there are many more household appliances that are connected to the Internet, and it is equally important to implement security controls to protect them from attacks.

Lack of security awareness among the users of smart appliances it the most important reason why connected devices are more attractive to cyber criminals than PCs or laptops. People need to educate themselves about the vulnerabilities in the Smart appliances and implement recommended security controls to ensure protection. They should make sure that they change the default passwords of these devices before putting them to use. Users should always choose strong and complex passwords for better security, and change them on a regular basis. Often times, the industries developing these devices find it difficult to find and fix vulnerabilities compared to PCs and software appliances. They do not have the expertise or ability to patch the weaknesses in these devices. According to security expert Bruce Schneier, most common home routers run on old version of Linux operating system. The vulnerabilities may have been patched earlier, but it is extremely important to apply patches to them more frequently, because as the systems age their security vulnerabilities increases.

Implement security controls to protect smart homes from cyber attacks.
Image from

In order to apply patches the users need to manually download and apply them. It is rarely done because the users are never alerted about security updates, nor do they have the expertise to monitor the systems regularly and update patches. So, the best way to ensure protection from malicious attacks is to change your default password, and replacing them with strong, difficult-to-crack passwords. Keep your appliances connected to the Internet only as long as required; if you do not need your devices, disconnect them from the Internet. The 24/7 availability of connected devices makes them more vulnerable to attacks. Lastly, take the security precautions of connected devices just as seriously as your PCs or laptops.

Secure cloud storage service that protects your data

SpiderOak is a secure cloud storage service that protects its user data from government surveillance. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers amazing products like SpiderOakHive and SpiderOak Blue to secure consumer and enterprise data. You can sign up for this product now.


Cloud Security Archives - Page 2 of 11 - The Privacy Post


Beware: Malware Distributors are Moving Towards Cloud Computing Services

Posted by on Jan 21, 2014

malware detection

Cloud services have become an attractive place for hackers.
Image from

As has been the trend of businesses, the makers of malware are also moving towards cloud services because of its flexibility, cost effectiveness, and easy maintenance. Malware distributors are embracing cloud services as a method of hosting malicious codes and adware. They are doing so either by buying services directly from the cloud service providers, or by compromising them. By hiding behind the names of legitimate cloud service providers like Amazon and GoDaddy, they can effectively serve malware to millions of Internet users. Hackers can use the trusted IP addresses of these major cloud service providers to initiate malicious activities without getting blacklisted. The cloud enables them to quickly  and cheaply develop malware-infected sites, and bring them online. Some of these benefits of cloud computing have made cloud one of the attractive places for these malicious actors.

Continue reading…

Cloud Security Archives - Page 2 of 11 - The Privacy Post


Privacy Issues with Student Loans

Posted by on Jan 20, 2014

Students are struggling to pay their loans to achieve their career goals. Image from

Knowledge may be priceless, but a higher education is clearly not”.

- Peter Thiel, Cofounder Paypal

Over the years there has been a significant hike in the tuition fees of many U.S. universities. Students are struggling under the burden of student loans to achieve their career goals. Some of them have had to make career changes or postpone their dreams just because of the expenses of higher education. Washington Post had invited some researchers, thinkers and analysts to submit their favorite graph of 2013. The graph submitted by PayPal’s Cofounder, Peter Thiel showed how over the years the student loans have increased with respect to the income level of the majority of people.

Graph submitted by Peter Thiel. Image from

Based on the graph, it can be inferred that with the increase in tuition fees, more and more people are relying on student loans for higher education. The services providing student loans, collect so much personal data like name, address, social security numbers, bank details etc. Have we ever thought about the security of our personal data collected by these services? Sometimes data breaches are like eye-openers that remind us how valuable our information is, and why it is important to take the security of personal data seriously. Last year, a security breach at the Human Resources and Skills Development department of Canada’s federal public service (HRSD) reported that a huge amount of personally identifiable information (PII) has been missing from one of the department offices in Quebec. An unencrypted hard drive containing PII of 250 of the department’s employees and 538,000 Student Loans borrowers was stolen.

The information that was stolen from HRSD included student names, Social Insurance Numbers (SINs), contact information, date of birth, and loan balances. Social Insurance Numbers are similar to Social Security Numbers in the U.S., and extremely important to the Canadian citizens. Another interesting fact is that the stolen hard drive had student data from 2003 to 2006. That means the students who had paid these loans, and no longer customers of HRDS, were affected by the breach. Just imagine the amount of personal information that hackers had at their dispense. Information is key to hackers, and the more information they have, the more dangerous they can become. With so much sensitive data in their hands, hackers can carry out more severe attacks such as identity theft.

Canadian Security exposed thousands of student data. Image from

If the HRDS had implemented strong security controls to protect sensitive information of thousands of student loan borrowers, then the situation would have been different. Here are some of the lessons learned from this security breach:

  • Implement Strong Encryption standards: One of the key things that went wrong here is that the hard drive containing sensitive information of student loan borrowers was not encrypted. Enterprises should use strong encryption standards like AES or Blowfish to encrypt sensitive user data.
  • Use of Strong passwords: Sensitive user data should be protected using long and complex passwords. The passwords should be 8-digits long and contain a combination of upper and lower case letters, numbers, and special characters. Also, they need to be changed frequently.
  • Don’t collect or retain more than what is required:  As mentioned earlier, the stolen hard drive contained student information from 2003 to 2006; this information was absolutely not required to be retained. Only collect and store data that is required. Get rid of the unnecessary information. Personal information related to SSN, credit card, or driver’s license should not be collected unless it is extremely needed.
  • Develop Strong Security policies: Companies must develop security guidelines to sort through the requirements, develop processes for handling data, and design applications that include appropriate safeguards, such as encryption and restricted access, for each location.
  • Employee training: Employees need to be trained regarding the security of sensitive personal information. They should strictly follow the security policies of the organization to maintain the privacy and confidentiality of user data.

SpiderOak Blue for Enterprises:

Finding a truly secure third party cloud service can be a challenge as many services on the market have security gaps that leave private data vulnerable to third party attacks. One cloud storage and sync service that sets itself apart is SpiderOak Blue. This service provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy. And for the average web user, SpiderOak offers the same protections with lower costs and smaller storage space.

SpiderOak Blue protects sensitive enterprise data through two-factor password authentication and 256-bit AES encryption so that files and passwords stay private as unreadable blocks of data. Two-factor authentication is just like the process used by some financial services that require a PIN as an extra precaution along with a password in order to log in. With SpiderOak, enterprises that choose to use two-factor authentication must submit a private code through text along with their unique encrypted password. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices (SpiderOak never hosts any plaintext data). SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices. Sign up for SpiderOak today!

Cloud Security Archives - Page 2 of 11 - The Privacy Post


Bombarded by Advertisements? How Online Ads Can Take Over Your System

Posted by on Jan 17, 2014

Online advertisements

Vulnerabilities in online ads can be exploited to launch cyber attacks. Image from

Don’t you wish you could browse YouTube or Facebook without encountering those annoying advertisements? They have become impossible to ignore these days. Many websites rely on online advertisements to generate revenues. They are annoying for sure, have not caused any harm to our systems. Unfortunately, this is not the case anymore. Online ads can be manipulated to launch cyber attacks, called Distributed Denial of Service (DDoS). An intruder can simply embed an attack ad within a Web page. The attacker tricks advertising networks to accept compromised ads and display those ads on legitimate sites. When you click on one of these malicious ads, your browser gets enlisted in a botnet, which carries out denial of service attacks.

Continue reading…

Cloud Security Archives - Page 2 of 11 - The Privacy Post


The Magic Key: Google and Facebook Planning on Improving Security with Physical Tokens

Posted by on Jan 16, 2014

Physical Tokens on Google and Facebook will protect users

Google and Facebook are moving towards better security with physical tokens. Image from

Well-known technology companies like Google and Facebook are planning on bolstering the security of their users by introducing physical tokens. These physical tokens are very easy to use, and provide an additional level of protection along with your passwords. You just have to plug in the token directly to your computer ‘s USB drives and then type in your password. A correct combination of the password and the number on the physical token will give you access to your account. Both companies are planning on making their employees use physical tokens to access their accounts. John Flynn, security engineer at Facebook, said, “We’re keeping an eye on emerging authentication technology. Hardware authentication is one of those.” This latest tactic is a great move by Facebook and Google towards maintaining user privacy. Continue reading…

Cloud Security Archives - Page 2 of 11 - The Privacy Post


RAM Scraper Malware Infected Target’s Point-of-Sale terminals

Posted by on Jan 15, 2014

Target Data Breach is the result of a malware called RAM Scraper. Image from Media.cmgdigital.

Last month retail giant Target suffered a massive credit card breach that affected approximately 40 million credit and debit card accounts. As per recent investigations, the breach appears to be even worse than what was estimated earlier. The company confirmed that personal information like names, email addresses, mailing addresses, and phone numbers of an additional 70 million people were compromised in the data breach. This makes the Target data crisis one of the biggest security breaches of 2013. In an interview with CNBC, Target CEO, Gregg Steinhafel has revealed that the reason behind this massive attack is a malware that infected Target’s point–of-sale registers. Malware programs that are designed to infect the point-of–sale (PoS) systems are known as RAM scraper malware.

Continue reading…