Request Demo

Company

TrACE Shield

TrACE Identity

TrACE Vigilance

TrACE Platform

Solutions

Partners

Support

Blog

+1-303-423-4500

Contact Us

Analytics

Big Data

Billing

Business

Business Intelligence

Cloud Computing

Cognos 10

Collaboration

Consulting

Cybersecurity

Data Warehouse

Dedicated Servers

Domain Names

Domino

Hosting Support

Java

Linux

Mac OS X

Managed Hosting

NetApp

News

OpenBSD

Perl

Services

SpamExperts

Technology

Testing as a Service

Uncategorized

VMware

Windows

This summer of 2020, the long awaited 8GB version of the Raspberry PI 4 came out.

Along with that hardware update came other goodies:

USB Gadget Image Builder (to have a fully functioning local network with you iPad Pro over USB C: 

This summer of 2020, the long awaited 8GB version of the Raspberry PI 4 came out. Along with that hardware update came other goodies: USB boot: USB Gadget Image Builder (to have a fully functioning local network with you iPad Pro over USB C: 

Tinkering with Raspberry Pi 8GB

Cybersecurity is complex and affects business.  If you are an executive, have you considered whether you are fulfilling your fiduciary duty through cybersecurity strategy?  If you are a CISO, have you taken a methodical approach to every increasing cybersecurity topic?  If you are a non-IT person, have you wondered whether your enterprise information is secure?

100% security does not exist and cybersecurity is a journey: even if you truly minimize the threats today, these are ever-evolving.  Individual hackers get the power they didn’t dream of from IaaS (Infrastructure as a Service).  Organized hacking groups – state or private – execute hacking as a well-run software project: they do reconnaissance, design, plan, execute and lessons learned in a well-oiled project loop.  

It’s not only commercial proprietary information worth hundreds of millions which can get stolen, but government secrets causing prime ministers to resign.  The latest downfall has been Nawaz Sharif, the prime minister of Pakistan, whose downfall was caused by the country’s Supreme Court based on the information from the leaked Panama Papers.  While it may be argued that it’s good for some of the confidential information saw the light of the day, let’s also remember the Sony employees whose confidential records – social security numbers, medical records etc. – were published after the Sony hack in December 2014 or the massive WannaCry attack which paralyzed many companies, incl. UK’s National Health Service, putting life of patients at risk.  Ransomware has evolved to the point that some ransomware “providers” sell their products and even provide customer service to hackers who prefer to pay for 3rd party software than to write their own.

How should we minimize the likelihood of a successful security breach?

The old rule stating “your system is as secure as its most vulnerable component” still stands.  The challenge is that there are many components, and in the software area solutions contain subcomponents which may be difficult to identify.   A rule of thumb is to go through different areas of your environment, identify both the threat and its impact and then prioritize what to protect first. “Saving” on security measures is a classic component of being penny-wise and pound-foolish, as recovering from a security attack can be costly in financial terms or in reputation, as seen by some retail vendors.

Upgrade all of the operating systems, RDBMS and applications to the latest releases, execute regular patching policy and implement regular monitoring

Enforce adequate login policy with frequent mandatory password changes

Educate staff (webcast, testing which each staff member has to pass, simulated phishing attacks etc.)

Establish management dashboards and reporting

Make sure you have an adequate backup policy and your backups can be successfully restored

Consider Disaster Recovery (DR) for vital applications

Simulate incident response and monitor incident response performance

Implement security policy across the enterprise

Create KPIs to monitor the rationalized operations

Create regular “lessons learned” sessions based on real or simulated incidents and make sure your security policies are updated with these findings

Understand compliance obligations: as an example, if you are taking credit card payments you need to be PCI compliant.  If you store personally identifiable information, with health care data, you need to be HIPAA compliant. If you store data of EU customers, you need to comply with GDPR. Ignorance of the law will not be an excuse and will not decrease your liability.

If your environment has been compromised, you may need to execute “step 0” – establish a new environment and gradually migrate components from the old environment in a secure manner.  Independent tools like Bitsight may help give you a better picture of your security situation.

What components do you need to examine and what are the examples of actions you may need to take?

Network:  conduct perimeter analysis – e.g. network sniffing, log analysis, data flow diagram, network diagram.

Create a Bill of Materials (BOM) per application.  BOM is defined as a table of a list of components – application name, release version, a list of subcomponents within the application (this can be other commercial or open source components) together with their release number, list of ‘external’ applications components and release numbers (e.g. RDBMS, operating systems).  Each component should be identified as “supported” or “not supported” by the supplier.  The support expiration date should be listed for the existing version and the latest “production” version of each component stated in another column.  Old components or subcomponents are often vulnerable to attacks, as witnessed by the hundreds of thousands of servers successfully compromised by WannaCry virus.

If you find that many of the applications are vulnerable, prioritize them.  A good example is 3 categories – vital to a business, important but not critical and the rest.  Harden the applications in this priority order.

Create an inventory of compliance for each application.

Segment your network so that applications are isolated, and vital applications are protected. The segmentation will also reduce the compliance burden.

Implement Identity Management.  Leaks of internal data can be more devastating than external attacks due to volume and importance, as seen on many occasions.

A Russian cybersecurity expert once said, “if I stop seeing attacks, it means that the attackers are already in.” Cybersecurity is everyone’s responsibility given the increase in cybersecurity crime.  It’s not a question of “if” you will be hacked, but “when.”  Being prepared consists of 2 steps: a) minimizing the chance of a successful attack, b) being able to recover quickly if such an attack succeeds. Examples provided in this blog illustrate the complexity of the task, yet being prepared optimizes cybersecurity expense and time, and it is critical to success. NewPush can help on this journey through cloud and cybersecurity offerings.

Cybersecurity is complex and affects business.  If you are an executive, have you considered whether you are fulfilling your fiduciary duty through cybersecurity strategy?  If you are a CISO, have you taken a methodical approach to every increasing cybersecurity topic?  If you are a non-IT person, have you wondered whether your enterprise information is secure? […]

Cybersecurity In Your Environment: How Concerned Are You?

Automated updates for the core OS has been available for several years now on Macs, and Apple has added the ability to update automatically apps you have added from the AppStore as well. However, if you have installed open source apps with Brew, chances are that you may forget to update them regularly. This is likely to create vulnerabilities on your system, allowing attackers to get in undetected by most antiviral and anti-malware software.

To close this loop, a very simple tool can be installed, similar to the auto-update function at the OS level. Here is the “cookbook recipe” to follow:

brew update
brew upgrade
brew install terminal-notifier
brew tap domt4/autoupdate 
brew autoupdate –start –upgrade –enable-notification

install the terminal notifier incase you don’t have it yet

start the autoupdate to run on a regular basis

Don’t be like the picture below ? (Curtesy of xkcd.com)

Automated updates for the core OS has been available for several years now on Macs, and Apple has added the ability to update automatically apps you have added from the AppStore as well. However, if you have installed open source apps with Brew, chances are that you may forget to update them regularly. This is […]

Set up automatic updates for Brew on Mac OS X

Remote work has become the new norm all over the world. While giving employees remote access to the company’s network helps keep the business going during these unprecedented times, ensuring secure remote work comes with challenges. 

The COVID-19 healthcare crisis has compelled many companies to adopt work from home policies. This shift that had to be managed almost overnight by most businesses brought many security compromises and generic strategies that may prove inadequate in the long run. Millions of employees started handling sensitive work data outside their office for the first time. In the absence of a controlled office environment, working remotely makes data more vulnerable, especially for companies without solid work-from-home (WFH) plans. 

Malicious outsiders can easily take advantage of the chaos, targeting vulnerable or sensitive infrastructures amid the pandemic. Insider threats, including social engineering attacks, sharing data - accidentally or intentionally - outside the company, using unauthorized devices, and physical theft of company devices, are also more likely to happen.  Employees, freed from the restrictive policies of company networks, might take security practices less seriously and endanger the data they take home with them. Companies cannot control who comes and goes in the home of an employee, whether third-parties have access to a work device or employees choose to work in public places such as parks or cafes. 

Here are some practical steps you can take to safeguard your sensitive data with a WFH workforce.

Virtual Private Networks (VPNs) are one of the most recommended precautions for remote workers. Touted as privacy and security must-haves, VPNs are an easy and cost-efficient way to protect your company’s network connections and data. By deploying a VPN, organizations can ensure that data moves securely between the company’s core systems and employees’ devices. VPNs add an extra layer of security, encrypting the transmitted data, hiding the IP address, and masking the location of the sender. Some VPNs offer military-grade 256-bit encryption of your data. By preventing others from accessing your connection, a VPN can keep transmitted information anonymous and secure. Using a VPN is especially useful when connected to public WiFi, often less secure and usually not password-protected. 

Encryption is also an essential part of secure remote work for both data stored on devices (aka data at rest) and data on the move (aka data in transit). In the case of data at rest, encryption is an especially useful preventive measure against cyberattacks. It can also ensure that if devices are stolen or forgotten while outside the office, data can’t be accessed by unauthorized people. Hard drive encryption has become a standard tool, and it is included in the most popular operating systems: BitLocker in Windows and FileVault in macOS. Individual files can also be encrypted through these tools, allowing companies to add an extra layer of security to sensitive data files. As these native encryption tools don’t require any additional investment, companies are strongly encouraged to request their employees to use them. 

When in transit, data is in its most vulnerable state; as it travels, both inside and outside, the company is exposed to many risks, such as human error, network failures, insecure file-sharing, or malicious actions. And, with the rise of remote work, data travels more than ever before. By setting up a VPN, data sent over the internet is automatically encrypted and, thus, protected. However, this is not the only situation when data in transit needs encryption. Removable devices, and USBs in particular, are an easy pathway for data loss as they are easy to conceal, steal, and lose. Some Data Loss Prevention (DLP) solutions provide USB encryption, allowing organizations to automatically deploy an encryption solution to all USBs connected to a company computer. This way, it can be effectively ensured that any sensitive data copied onto USBs will be encrypted. 

Another way of ensuring your data security in the age of WFH is by applying data protection policies on the endpoint. This way, data protection software is installed directly on devices rather than at a network level, and policies will stay active regardless of the location of a device.

Endpoint DLPs such as Endpoint Protector by CoSoSys can support remote compliance by focusing on special categories of data such as Personally Identifiable Information (PII). These solutions are deployed on each endpoint, providing content discovery, preventing data leakage through storage devices, and safeguarding data when a device is outside the corporate network. By applying policies directly to sensitive data, DLP tools help companies monitor and control the transfer and use of personal information remotely, ensuring that it is not sent to people without access or uploaded to unauthorized third party services. 

In these challenging times, cybersecurity has also become a priority for businesses. Guided by these steps, organizations can ensure both efficiency and security in distributed offices. Thus, employees can work from home productively while keeping company data secure.

Written by Beata Berecki, Endpoint Protector by CoSoSys

A summary of measures taken to protect data when employees are working remotely.

How to Safeguard Data When the Majority of Your Workforce is Remote?

IBM makes it very easy to get the model number and the serial number of an AIX system or a VIOS on thier Power Series:

You don’t even need to be root to run the commands.

IBM makes it very easy to get the model number and the serial number of an AIX system or a VIOS on thier Power Series: $ uname -M # model number IBM,NNNN-NNN $ uname -m # serial number HHHHHHHHHHHH You don’t even need to be root to run the commands. More useful AIX commands.

DRAFT CONTENT TEST IBM Power Systems Model and Serial

Did you know that in the U.S someone falls victim to identity theft once every two seconds?

In 2017 alone, 60 million Americans were affected by identity theft, with the annual cost of this kind of fraud in the U.S being a staggering billion.

Of course, it is not just individuals who are at risk of having their identity stolen, businesses are just as vulnerable. Plus, if your business does become a victim of identity theft, not only can you lose money, you can also lose your livelihood and the trust of your customers.

Fortunately, there are steps that you can take as a business to protect yourself against identity thieves.

Keep reading to find out what they are and to ensure your business stays as safe and secure as possible.

Business identity theft, also known as commercial or corporate identity theft, is when someone or a group of people illegally impersonate a business for criminal gain. Unlike with personal identity theft that only affects an individual, business identity theft can impact your whole business, from your employees to your customers.

It is worth noting that business identity theft is not the same as a breach of sensitive company information or the same as an employee or consumer theft. It directly involves the impersonation of your business.

How can you safeguard your business from identity theft?

If you want to keep your business data secure, you need to ensure that you are informed and knowledgeable about your company’s credit reports, that way you will be able to immediately notice if something is amiss.

Using biometrics to protect your identity as a business is a highly effective way of keeping yourself safe from increasingly sophisticated online criminals. Using a wide variety of techniques including fingerprint scanners, voice detection, facial recognition and retina recognition, the biometric authentication industry is estimated to be worth a whopping .5 billion by 2023.

Stay up to date with digital security practices

This is particularly important for small and midsized businesses that may not survive a security breach of this kind.

Some of the best security practices that you should be adopting include:

If you receive any invoice for a service or for goods that you did not order and never received, this should instantly set alarm bells ringing. The same goes for if you receive a duplicate bill that you have already paid.

One of the more common phishing scams involves someone impersonating a CEO or other senior executive and requesting a wire transfer to an unknown account. If you regularly perform wire transfers or work with vendors overseas, you need to be particularly careful of this.

As a business owner, business identity theft is something that you should be taking extremely seriously.

Do not put off securing your data, as your customers, employees and business will be at risk if you do.

Follow the above practices, stay vigilant, and above all else, be consistent in your efforts.

Did you know that in the U.S someone falls victim to identity theft once every two seconds? In 2017 alone, 60 million Americans were affected by identity theft, with the annual cost of this kind of fraud in the U.S being a staggering billion. Of course, it is not just individuals who are at […]

Business Identity Theft: How You Can Protect Your Business

If you are in SecOps, you probably have seen the threat of CryptoMiners running on compromised hosts. This article may not be for you, but if you would like to dive deeper inside of the working of crypto-mining you will find a few resources here to get you started.

For the example I use the Moonlander 2 ASIC USB stick as you can pick one up form Amazon for as little as as of March 2020, and it has all the features needed to work with a Raspberry PI. It allows to mine LTC (Litecoin.org).

sudo apt-get install -y build-essential git autoconf automake libtool pkg-config libcurl4-openssl-dev libudev-dev libusb-1.0-0-dev libncurses5-dev raspberrypi-kernel-headerscdmkdir minerscd minerssudo unzip Linux_3.x.x_4.x.x_VCP_Driver_Source.zipcd Linux_3.x.x_4.x.x_VCP_Driver_Sourcemakesudo cp -a cp210x.ko /lib/modules/4.19.0-6-amd64/kernel/drivers/usb/serial

Another example is the GekkoScience Bitcoin SHA256 Stick Miner, which lets you test how to mine BTC (bitcoin.org). 

I use the Raspberry PI, as it is a very low cost environment you can build with your children at a very young age. You can do a lot more with it then just teaching about Bitcoin, Blockchain, and mining.

The resources below have all the documentation necessary to get started.

The Moonlander device tends to lock up after a successful run with and the miner isn’t detected on successive runs with the status message: 

------------------------------------------NO DEVICES FOUND: Press 'M' and '+' to add------------------------------------------

The solution is to remove the driver (cp120x) and unplug / plug back in the USB stick:

check if the driver is re-registered by running  the output should look like 


Moonlander 2 USB Stick getting started instructions

GekkoScience Bitcoin Miner Setup on Linux / Raspberry Pi

Raspberry PI dependencies for building kernel modules

If you are in SecOps, you probably have seen the threat of CryptoMiners running on compromised hosts. This article may not be for you, but if you would like to dive deeper inside of the working of crypto-mining you will find a few resources here to get you started. For the example I use the […]

Tinkering with CryptoMining

This is an undocumented feature as of this writing, but on Windows you can upload a background image to MS Teams here:

This is an undocumented feature as of this writing, but on Windows you can upload a background image to MS Teams here: %AppData%\Microsoft\Teams\Backgrounds\Uploads   Stay tuned for Mac OS X

Your own background in MS Teams

Sport is a universal activity that is respected around the world. The top sports players make more than most academics and even business people, and they draw in crowds. As an institution in healthcare, having a good sports team can be a boon for your institution. It can bring in more funding, more patients, and national recognition. Using sports as a means to bring in more money for healthcare is a great means of buying better and more equipment and having the money to help support those in need of medical treatment.

Staff needs to be paid, doctors and nurses need the right equipment, and to be frank, employees in healthcare need a means of getting out and having fun. The industry of healthcare can be a difficult place to work, and so sports can not only help with funding but also provide an outlet.

Exercise is a staple to a healthy lifestyle, which is why you can do so much for your community and their health by managing a local sports team through volunteer efforts. Sponsor these teams through simple and affordable means – offer water stations, customize jerseys, and even bring some healthy snacks to the games and rally the community together. You can become an institution for your community and bring everyone together through the universal love of sport. As this would be for fun, all managerial positions and players will need to be volunteers. Thankfully, there are likely many people who would love to have fun and exercise while doing so, both youth and adults, so all you need to do is get people together and work with them from there.

In order to really bring in funding for your institution, however, you are going to have to partner up with other organizations. Managing a professional sports team is expensive, and as a medical institution who needs its funding to go towards its practice, managing, training, providing the venue for a team will come with a lot of upfront costs. That is why you should instead partner with an established team, where they can do charity games where the proceeds of the tickets go to you. Similarly, you could sponsor them, so that your institution’s logo is on their jersey’s and so that your brand is made known to the public. Work with notable rising sports stars like Rishin Patel who is not only a stand-up doctor but also a sportsman, and you can spread the word about your business and about health.

Marketing your sports team is just like marketing anything else. When you first start out it is best that you localize your efforts. This means holding local fundraisers, hosting charity games, volunteering, getting local businesses to sponsor your teams and players, and so on. Sports have the uncanny ability to bring a community together, meaning if you succeed in making your sports department a success, you can supplement your funding and provide better healthcare and health programs to everyone in your community.

Bring your community together, help them get active, and bring in more funding for your healthcare clinic – it’s a great solution for your business and the families you take care of.

Sport is a universal activity that is respected around the world. The top sports players make more than most academics and even business people, and they draw in crowds. As an institution in healthcare, having a good sports team can be a boon for your institution. It can bring in more funding, more patients, and […]

How Healthcare Can Use Sports as a Means of Funding

During long working days, a lunch break is something that everyone looks forward to. Whether it be to step outside and get some fresh air or to regain their energy after a long morning in the office, it is something that is integral to having a positive working day. Yet it could be that you are not using your lunch break effectively, which can lead to you being more tired after lunch, rather than re-energized.

To have a productive lunch break, the first step is to acknowledge that it is called a break for a reason; to not relax would indeed be counterproductive to the working day. If you are struggling to find ways to make the most of it, make sure you follow some key tips.

During the morning, your brain and body will have worked off all the food you ate for breakfast. This can result in your focus slipping and stress levels climbing, both of which won’t bode well for you in the workplace. As soon as you clock off for lunch, you should make sure you eat a meal rich in antioxidants, natural energy, and vitamins. To save your money on this, you can always prepare it before you come to work. This will also ensure you know exactly what is going into your body, and what each ingredient can do to help you stay on track.

One thing that many employees struggle to do it relax and take a step back at lunch. In fact, it is easy to feel guilty that you are not doing work, even when it is your lunch break. If you come back to work feeling more tired than you did before your break, that is a sure sign you need to learn to relax. One of the best ways to do this is by socializing with colleagues who have lunch at the same time, or by playing online games to take your mind off any stress. Choosing a trusted site such as https://www.unibet.co.uk/blog/football will enable you to place bets, play games, and keep up to date on the world of sports.

Being cooped up in an office for hours on end can make you feel uninspired when you need to be feeling the opposite. Sometimes, people need to take a step out of the building to feel refreshed for the next few hours. The best way to do this is by taking a walk in your local park, where you can soak up all the oxygen that your brain needs. If you have been feeling stressed throughout the day, this is also perfect for helping you stay calm, and also allows you to reassess how you feel more logically.

If you are somebody who can’t relax on your lunch break, then you can put your time to good use by brainstorming ideas for how you can improve in the business, and to see what new ideas you can bring to the table. Though it can be tempting to let your mind spiral with excitement, you should combine these brainstorm sessions with enough time for a true break so you can collect yourself before work starts for the afternoon.

During long working days, a lunch break is something that everyone looks forward to. Whether it be to step outside and get some fresh air or to regain their energy after a long morning in the office, it is something that is integral to having a positive working day. Yet it could be that you […]

How to Have a Productive Lunch Break

In recent years, healthcare providers and insurance plans have come under fire from criticism of every political angle. The biggest issue among patients is whether they are paying the right amount for the best quality of care; when such a large sum of money must cover medical fees, it is no surprise that they want more for their money. One of the best ways to reassure patients, and show that healthcare is looking out for them, rather than taking money from them, is to be transparent with them every step of the way. From the moment talk of costs comes into the equation, to the time they must go under anesthetic for a procedure, transparency is key.

Be honest about what costs a patient may incur

A lot of healthcare providers don’t sit down with patients to discuss costs before any medical processes go underway. In fact, patients are usually hit with a hefty medical bill that comes through the post a few weeks after everything has settled down. Not only can this cause stress for the patient, but can lead to a feeling of distrust between either them and the health insurance provider, or the hospital directly. As an insurer, any hidden costs should be talked about before any appointments are carried out, and hospitals should strive to give the best quality treatment for the price they are suggesting.

Let them know which medication has been used

Sometimes, a patient may not be aware of what kind of medication they have been given after an operation, or to control any health conditions. In the wake of the opioid epidemic that is sweeping the nation, there have been calls for better transparency over the medication that is issued to patients daily. Combatting this is as simple as printing out and going through proposed medical treatment with each patient to see if they are happy with it.

Much of a patient’s anxiety surrounding medical procedures is that they are unsure of the risks and benefits that can come about from a few hours on the operating table. They might not know which aesthetic is going to be used, or what exactly is going to be done to their body during the operation. Although sometimes knowing these facts can cause patients to panic, most of the time it is healthier to let them know, so that ambiguity can be removed from the process. Often, visiting trusted professionals like Rishin Patel Insight will make it easier for doctors to soothe any worries if a patient is aware that they won’t be in any pain.

When a patient is confronted with challenges in their health, they may often feel as though there is only one hospital or healthcare provider to turn to. Although initial appointments will usually have to be made at the local center, patients can still choose who they would like to see for any future appointments in areas such as physiotherapy or mental health therapy. Showing them that they have a choice in who they can see allows you to offer them the best care and support they need, rather than having it chosen for them.

In recent years, healthcare providers and insurance plans have come under fire from criticism of every political angle. The biggest issue among patients is whether they are paying the right amount for the best quality of care; when such a large sum of money must cover medical fees, it is no surprise that they want […]

Blog Category: Cybersecurity

Recent Posts

Blog Category: Cybersecurity

Recent Posts

Categories