by Felicien | Jun 5, 2019 | Education
Are You One Of Many Affected By The LabCorp Data Breach?
Financial & Personal Information of 7.7 Million Exposed
Just yesterday we wrote about the Quest Diagnostics’ breach affecting nearly 12 million. Today we’re writing to tell you about a LabCorp breach affecting 7.7 million people. Both of these breaches were caused by a third-party; the American Medical Collection Agency (AMCA). AMCA provides billing collection services to both LabCorp and Quest Diagnostics.
AMCA has informed LabCorp that it is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card or bank account information may have been accessed. AMCA has not yet provided LabCorp with a list of the affected LabCorp consumers or more specific information about them.
In a filing with the U.S. Securities and Exchange Commission, LabCorp said the breach happened between August 1, 2018, and March 30, 2019.
A section of the filing reads:
“AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA for those who sought to pay their balance. LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers.”
The information included in the breached system includes:
Bank account information,
Credit card information,
First and last name,
Date of birth,
Address and phone,
Date of service and provider, and
Balance information.
Forensic experts are investigating the breach. It’s possible that the AMCA breach could impact other companies and millions of more consumers.
What Should You Do?
Anyone who was affected by the data breach should freeze their credit report to prevent criminals from opening credit card accounts in their name. They should also be concerned that their Social Security numbers were exposed.
If you believe that your information has been leaked, you can contact LabCorp customer service on their contact page.
by Felicien | Jun 5, 2019 | Education
For today’s tech blog we’ll tackle a topic that’s become much more visible over the last couple years. What are tracking cookies? How do they get on your devices? Can they harm your devices? We’ll answer these three questions in this post.
What Are Cookies?
Tracking cookies are a specific type of cookie, so we first need to define cookies (the non-baked-good variety). In the digital world, the term cookie describes a text file saved onto your device that contains information specific to you, the user. Every time you log in to a site and click the “remember me” box, your browser creates a cookie. Just about anything a website “remembers” about you isn’t stored on the website. It’s stored in cookies on your device. The next time you visit the website, it sees the cookie on your device and picks up where it left off.
What Are Tracking Cookies?
Tracking cookies take this concept much further. A site that uses tracking cookies will store marketing data on you. They may keep track of things like which links or stories you clicked on and especially which advertisements you clicked on.
Why do they do this? For data and advertising. Advertisers pay by the click, so websites are motivated to get you clicking on their advertisements. Remembering what you clicked last time enables a site to serve a more relevant ad to you this time. For example, if you clicked on a car advertisement last time and ignored one for beer, you’re fairly likely to do the same this time. The site will then serve up a car ad rather than a beer one.
Some firms take tracking cookies even further. Google, for example, serves ads on millions of sites. It has the ability to track your browsing and even shopping history across a wide range of sites. Google and others use this kind of information to retarget ads to you all across the internet.
How Do They Get On Your Devices?
Tracking cookies get loaded on your devices through the natural process of browsing the web. There’s no real way to stop them from loading, either. In the past few years, an initiative called Do Not Track was supposed to limit tracking cookies, but it hasn’t worked. Apple is even removing support for the feature and looking for other options.
Can They Harm Your Devices?
The good news here is that tracking cookies won’t harm your devices. That said, if you dislike them, you can get rid of them. You can delete all cookies manually in your browser’s settings, though this deletes the helpful ones (like “remember me”) along with the nuisance ones. The NAI Consumer Opt-Out can also limit tracking cookies for your accounts.
by Felicien | Jun 5, 2019 | Education
On May 17, 2019, security firm Tenable announced that one of its researchers, David Wells, had discovered a Slack bug affecting Slack’s Windows desktop client. The bug affects version 3.3.7 of the Slack desktop app, which was just last week the most current version. Read on to learn more about this bug: how it was discovered, what it can do, and how to protect yourself.
Discovery and Reporting
Wells discovered the Slack vulnerability and reported it via HackerOne’s bug bounty program. This program allows white hat hackers to receive financial compensation for disclosing previously unknown vulnerabilities so that companies can address them before serious damage is done.
Under the terms of this program, the bug was not disclosed publicly until Slack had the opportunity to release a fix. Slack has since released that fix, but the segment of its 10 million active users that haven’t yet updated may remain vulnerable.
What the Bug Can Do
Wells discovered that slack’s protocol handler, “slack://”, can do quite a bit. It even has the ability to modify sensitive application settings. Attackers could abuse this protocol by creating a “slack://” link that reroutes the user’s download location. The powerful “slack://” protocol even allowed rerouting to an attacker-owned location.
The result of that action would be that files downloaded from Slack would actually be saved to the attacker’s server. The attacker would even be able to modify those files before the reviewer had a chance to open them.
The attack can also be hidden fairly well. Slack’s “Attachment” feature allows users to change the text that displays with a hyperlink, meaning the malicious link could be disguised as “Account Report 004.docx” or any number of realistic-looking files.
Lastly, an attacker with sufficient skill could inject malware into an Office file (like a Word document or Excel spreadsheet) using this exploit. This is a real danger, because Office files are tossed around as attachments all the time. Office warns users that downloaded files can be unsafe, but users will nearly always ignore this warning when they think they’ve downloaded a document from a trusted colleague.
The Danger Level
A bad actor gaining access to all downloaded documents isn’t good, of course, but how dangerous is this bug, actually? Tenable reports that it has scores 5.5 on the CVSSv2 scale, which is a medium score. We see two reasons the bug doesn’t score higher.
One, exploiting this vulnerability requires user involvement. If you don’t click the link, the attacker gets nothing.
Two, exploiting this vulnerability in a convincing way requires compromising the credentials of a Slack group member. It’s difficult if not impossible to send a message to just anyone using Slack. You have to first be a member of the same channel. This means that this exploit is more or less limited to disgruntled channel members and attackers who’ve hacked or stolen a channel member’s credentials.
How to Protect Yourself
The good news on this vulnerability is that Slack has already patched it. All you need to do to protect yourself and your organization is ensure that anyone using Slack for Windows has updated to version 3.4.0 or later. You can check yours by looking at the “About” window in the program. If you don’t have the access needed to update your application, contact IT right away.
IT Administrators looking to update a Microsoft Install deployment should check out these instructions provided by the Slack team.
More Good News: No Real-World Impact, Yet
There’s more good news about this bug and associated exploit. Because Tenable reported the bug to Slack through HackerOne, Slack was able to address the vulnerability before it became publicly known. According to the company’s reporting on its own research, they find no evidence that the vulnerability has been exploited in the real world yet.
Conclusion
Exploits like these are discovered every day. Are you protected? If you’re not sure, give us a call. We stay up to date and we keep our clients safe.
by Felicien | Jun 5, 2019 | Education
With the adoption of technology in the personal and commercial spheres ramping up to breakneck speed, the need for clear objectives for key business personnel like CMOs has never been greater. CMOs need to know what their responsibilities are. It may seem like a question with an obvious answer, but the reality of tech and business has made the answer much less clear than it once was. It can be argued that the role of the CMO has changed dramatically in recent years, far more than it has changed at any time since CMOs first came into existence. Marketing and tech are now inextricably interwoven and are unlikely to separate anytime in the foreseeable future.
Given the importance of tech in marketing and the necessity to make marketing efforts successful for the growth and maintenance of business, CMOs must be included in the decision-making process related to digital technology. When it comes to anything to do with marketing and customer engagement, including tech decisions, the CMO needs to be consulted. What tech a business uses, how it uses it and what changes need to be made—all of these choices should be made with the input of the CMO in today’s modern business.
Marketing and Tech—Ways Businesses are Investing in Technology
Saying that spending on marketing-related technology is increasing is an understatement at this point in time. In fact, the 1% of business spending that is common for marketing technology in the past few years is expected to grow to 10% by 2025. That is a huge increase, one that gives a clear indication of why key marketing decision makers, CMOs to be specific, are going to be much more involved in making tech decisions in the coming years. Some of the areas that are primary focuses for business spending today include:
CRM
CRM or customer relationship management software is drawing heavy investment from a wide range of industries because it offers an efficient way to manage and analyze the data produced from customer interactions. A single interaction might not tell a business too much about its overall market, but a thousand interactions do begin to paint a picture. When so many interactions are added up over the years, the potential for gaining important insights into how customers behave and react to the activities of a business is huge. CRM is an area where CMOs and CIOs can come together to learn an incredible amount of information about their market.
Digital Marketing
Marketing used to fall under the category of creative work much more than it did technical work, but modern tech has greatly blurred those boundaries. Marketing teams are engaging with consumers through a variety of digital platforms—with more and more platforms popping up regularly. Keeping up with the digital marketing options and what tools are effective at any given moment is a significant task, one that requires ongoing investment from businesses. Digital marketing is only expected to take a bigger piece of the marketing budget pie in the coming years. CMOs are the leaders of marketing for their perspective businesses. They certainly need the help of CIOs to implement their ideas, but in the end, it is the CMOs who are best equipped to choose a path forward in the marketing arena for businesses.
Marketing Automation
All the digital marketing opportunities available quickly create situations where human marketing teams cannot keep up with all the tasks on their plate. Marketing automation offers tools to automate many of the basic tasks that are required for businesses to keep their customers engaged and satisfied with their experiences. Automation can reach out to share new offerings from businesses, as well as react to actions performed by customers as they reach out to companies. Automated chat options on company websites are one example of how automation has grown increasingly prevalent and essentially required for businesses that want to stay on top of all the expectations that consumers have.
CMO Responsibilities for Digital Tech Decisions
Once it becomes clear how much marketing and technology are combined in today’s business environment, it becomes obvious that the role of the CMO must include participating in tech decisions. CMOs do not necessarily always have to be the leader in the decisions a company makes regarding its technology, but in most instances, they should be included in the decision-making process.
There are a few ways to determine if a tech decision requires the CMO, including:
Does it involve marketing? If the technology decision in question has anything to do with company branding, consumer interaction, or other marketing focus, the CMO most definitely needs to be involved.
Does it involve customer interaction? The marketing team specializes in creating and developing customer relationships. If the technology involves customer relationship management, the CMO needs to be involved.
There are technology decisions that may not need the input of the CMO, or at least they do not require the CMO to lead the way. For example, deciding which servers are best for the company does not involve marketing. It is clearly a hard tech decision, which is more appropriate for the CIO.
Ideally, CMOs and CIOs should be working together to make tech decisions for the company. The more they can work together and contribute their expertise, the better the company will be able to navigate the complex future of businesses and technology.
by Felicien | Jun 4, 2019 | Education
Keeping photos and videos on your Mac is convenient. Depending on your line of work, it may even be essential. Photos and videos can eat up serious storage space, though, and today’s solid state drives aren’t always the most spacious.
Users who run into storage space limits often start paring down their photos and videos. Photo libraries transferred from phones usually end up with plenty of throwaway photos. Macbook users running MacOS Mojave may run into trouble still. They delete gigabytes worth of photos and videos, but that doesn’t make a difference in their available storage space.
Deleted, But Not Forgotten
What’s going on here? As the old saying goes, “it’s a feature, not a bug.” MacOS Mojave included numerous app updates, and the Photos app got a big behind-the-scenes overhaul. One “magic” feature is the ability to recover photos that were deleted within the app. For around 29 days, users can restore photos that they’d deleted, as long as they deleted them inside the photos app rather than in Finder.
The trick here is that Photos isn’t doing anything by magic. When you delete photos inside the Photos app, those photos don’t actually get deleted. Instead, they simply get moved to a hidden folder. If you later realize you made a mistake, you can undelete the photo. The app “magically” goes into the hidden folder, finds the photo, and moves it back to the normal location.
The Problem with the Hidden Trash Bin
This feature has a problem, though: since the photos don’t get deleted, you don’t get the storage space back. If your main goal is to gain storage space, and you’re sure you don’t need the photos back, it’s time for a workaround.
Finding and Emptying the Hidden Trash
To find and empty the hidden trash, first open the Photos app. In the sidebar, you should see a tab named Library. You’ll see a variety of entries here, including Photos, Memories, and People. At the bottom of the list you should see Recently Deleted. Click it.
In the Recently Deleted folder are all the photos and videos you’ve deleted in the last month or so. Right click on individual items to delete them permanently or use the “Delete All” button in the upper right corner if you’re sure that everything is really trash.
Find Something You Like? Click “Recover”
As you look through your Hidden Trash, you might see something you didn’t intend to delete. Right click on it and choose Recover. You may also use the Recover button in the upper right. Either method returns the item to its original location.
Conclusion
Finding the Hidden Trash is one way to alleviate storage concerns, but it isn’t always enough. For more help with storage concerns, contact us today. We’re ready to help your business’s IT reach the next level.
