Wi-Fi Sync Removal

by , on

Keeper has removed its Wi-Fi syncing feature. We’re now auto-enabling our Cloud-based Internet Syncing feature for all users. This is great news for users – it simplifies the user experience, reduces confusion, enhances the product and increases security.

Keeper’s Internet Sync feature is the most secure way to sync information between your devices and protect your data in case your device is lost, stolen, damaged or replaced. It works instantly across all devices, computers and web browsers – and no configuration is required.

Security is our #1 priority. Keeper is a zero-knowledge security provider. Zero Knowledge is a system architecture that creates the highest levels of security and privacy by adhering to the following principles:

1. Data is encrypted and decrypted at the device level (not on the server)
2. The application never stores plain text (human readable) data
3. The server never receives data in plain text
4. No employee or intermediary can view your data
5. The keys to decrypt and encrypt data are derived from the user’s master password
6. Multi-Layer encryption provides access control at the user, group and admin level
7. Sharing of data uses public key cryptography for secure key distribution

Data is encrypted on the user’s device before it is transmitted and stored in Keeper’s digital vault. When data is synchronized to another device, the data remains encrypted until it is decrypted on the other device.

Keeper is the most secure, certified, tested and audited password management and digital vault in the world. Keeper is the only SOC2 certified password management solution in the industry and certified by TRUSTe for online privacy. Keeper uses the most secure levels of encryption and adheres to very strict internal practices that are continually audited by third parties. As a company, we do this to create the best product in our industry and most importantly, honor your security. Detailed information about our zero-knowledge security platform can be found at https://keepersecurity.com/security.html.

If you have any questions, please contact support@keepersecurity.com.

5 Tips for Safer Holiday Shopping in Stores & Online

by , on

blog post image

‘Tis the season for holiday shopping and hackers! As Black Friday and Cyber Monday approach us, the two biggest shopping days of the year, it’s imperative that consumers everywhere follow some simple steps to protect themselves and their wallets. This level of security awareness should not only apply during the holiday season but ALL the time. Remember, cyber criminals work around the clock – 24x7x365 – which is why you need to protect yourself around the clock too!

As you probably know, 2015 brought another overload of data breaches across many sectors including retail, and as a result, many consumers have had their personally identifiable information (PII) exposed. And with each breach, more PII can fall into the hands of hackers, resulting in identity theft which is never easy to clean up.

So to help consumers this holiday shopping season, we’re offering some helpful tips and reminders for keeping consumers secure, both online and in stores:

 

  1. Update your anti-virus and computer software regularly. And if you don’t have anti-virus, get it immediately. However, be careful where you download your AV from because there are a lot of fake AV scammers out there. Go to the website of the AV provider directly to download it safely and double check ratings on sites like PC Magazine and ZDNet to find the best one for you.
  2. When to use cash vs. credit? Whenever possible, use cash for your transactions in stores. Just remember to keep all your receipts either printed out or via email in case you have to make a gift exchange. When shopping online, it’s always a better idea to use a credit card versus a debit card. That way, if there are fraudulent charges made to your account, you can dispute them with your credit card provider more easily.
  3. Do not use public Wi-Fi. It’s never a good idea to use public Wi-Fi from airports, coffee shops, restaurants and more, and certainly not when you are shopping online and transacting with retailers using your credit cards. Public Wi-Fi is a great attack vehicle for online cyber criminals who can spy on your activity through man-in-the-middle attacks. Use a private home Wi-Fi connection or your own personal hotspot available inside your phone.
  4. Ensure you are using SSL-encrypted websites whenever you transact. While not foolproof, making sure you’re using a website that has the HTTPS (look for the “S” that stands for “secure” and the little padlock in the upper lefthand corner) connection in the web address. This will at least give you peace of mind that your connection is encrypted to prevent cybercriminals from eavesdropping on your traffic.
  5. Use a strong password manager and digital vault. The average person has 19 passwords to remember but 1 in 3 passwords are not strong enough. Utilizing multiple passwords (and recycling the same 3 or 4) makes it nearly impossible to keep them all straight when you’re shopping on Amazon.com, Target.com, Macys.com and more. It’s a much better idea to use a password manager like Keeper that gives you one master password to remember and uses military grade encryption to ensure any data inside the Keeper digital vault remains secure at all times. Password managers alleviate the headache of managing too many passwords and will only make your life easier.

 

Hopefully, these simple security tips will help to ensure a safer and more secure holiday for all and keep the cyber criminals locked away with the naughty elves and a lump of coal!

 

Cheers!

The Keeper Support Team

5 Things to Know About the Excellus BlueCross BlueShield Breach

by , on

data breach

Excellus BlueCross BlueShield and its parent company, Lifetime Healthcare, announced today that they were hacked and the information of 10.5M customers have been compromised.  The vulnerability was discovered when Excellus hired cybersecurity firm, FireEye, Inc., to investigate.  This news comes after Anthem and Premera BlueCross BlueShield announced they were hacked earlier this year.

Here’s a roundup of the top 5 things you need to know about the breach so far.

 

1) The stolen Excellus data is highly sensitive

Like any other healthcare company, Excellus carries medical records in their database which are be extremely valuable to a hacker – up to 10x more valuable than a credit card.  The Excellus data stolen could include name, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account information and claims information.

 

2) It took Excellus 19 months to discover the breach

The initial hack of the Excellus systems occurred on December 23, 2013, but it wasn’t discovered until August 5, 2015.  The delay in discovering the breach is very concerning and should encourage all other healthcare companies to take a close look at how they’re handling cybersecurity – both prevention and detection.

 

3) The breach affects primarily Excellus customers in upstate New York

This assumes that the breach numbers don’t rise, but the victims of the attack reside mostly in the upstate New York area, which is where Excellus, a BlueCross BlueShield affiliate, is located.

 

4) How to know if you are affected

If you are an Excellus or Lifetime customer and you were affected, you may receive a letter in the coming days with an offer for two years of identity-theft protection. If you are concerned that you were affected, you should contact one of the major credit reporting agencies (such as Equifax) and place a free credit alert on your file. Do not open any emails that claim to be from Excelllus or Lifetime – hackers have been known to use a method called phishing to steal financial or other personal information.  Wait for the letter to come in the mail.

 

5) Healthcare data breaches are an epidemic

The records compromised in the Excellus breach have been reported at 10.5M, which makes this a top 20 healthcare data breach. The state of cybersecurity in healthcare is becoming increasingly worrying, as there have been 18 reported breaches so far this year, according to the Privacy Rights Clearinghouse. A recent survey found that the vast majority of healthcare organizations have had their networks compromised in a cyberattack – 81% to be exact.  

As we’ve said many times before, we are in a cyberwar and healthcare organizations are one of the primary targets.  It’s imperative that the healthcare sector take preventionary and proactive measures to bolster its security processes, systems and measures in safeguarding its genuine, digital assets.

National Cybersecurity Awareness Month: How to Get Involved on Social Media

by , on

National Cyber Security Awareness Month (NCSAM) is coming up in October.

To say that cybersecurity is at the top of the priority list for governments, consumers and businesses is an understatement.  With the high-profile data breaches that made the news headlines over the past year, the need to be vigilant is more important than ever before.

Here are some recommended ways to get involved on Social Media from the National Cyber Security Alliance:

  • Use the hashtag #ncsam on Twitter and Facebook to post online safety and cybersecurity tips
  • Use the NCSAM logo as your profile picture for October –  Download 
  • Blog about cybersecurity throughout the month

Learn more here.

Have any other ideas for getting involved? Post them in the comments!

Dangerous Apple iOS 8 Security Flaw Uncovered, Called ‘No iOS Zone’

by , on

Professional hackers at SkyCure have discovered a major security vulnerability in iOS, that allows a malicious WiFi hotspot to launch a DDoS (Distributed Denial-of-Service) attack.  The ‘No iOS Zone’ flaw, works by exploiting the SSL security certificate of iOS 8 that leaves a device wide open.

The SkyCure CEO said,

“This is not a denial-of-service where you can’t use your Wi-Fi – this is a denial-of-service so you can’t use your device even in offline mode.”

Read more here

Security Flaw Affects All Windows Versions, Including Windows 10

by , on

Security firm Cylance has discovered a security flaw in all versions of Windows (including Windows 10) that has existed for two decades, called the “Redirect to SMB” vulnerability.  Microsoft has downplayed the vulnerability, however, in theory it could allow for the theft of usernames and passwords from millions of PCs, servers and tablets.

Read More

YouTube Security Flaw Allowed Deletion of Anyone’s Videos

by , on

A security researcher, Kamil Hismatullin, discovered a major flaw in the YouTube API that allowed people to delete any videos on YouTube.

 

He was searching for YouTube vulnerabilities to report to Google for a cash reward when he found this code:

POST https://www.youtube.com/live_events_edit_status_ajax?action_delete_live_event=1

event_id: ANY_VIDEO_ID
session_token: YOUR_TOKEN

 

In order for someone to delete the video, all they had to do was fill in the YouTube video ID.  Before fixing the flaw, Google did not check to see whether the person had permissions to delete the video.  The vulnerability has since been fixed, and the researcher received a $5,000 reward.

 

Read more here.

Slack Gets Hacked, Adds Two-Factor Authentication

by , on

The business chat application, Slack, has been hacked.  The data breach lasted about 3 days, during which hackers obtained access to usernames, email addresses and passwords.  The company said a “very small number of Slack accounts” were affected, but no specific numbers were released.  Since news of the hack, Slack has rolled out a new two-factor authentication feature.

 
Read more here.