“I can’t log in to Aanval”

“I can’t log in to the console. I entered the correct username and password and even received the ‘Authentication success’ message, yet I’m directed back to the login page.”

Prognosis and Remedy: Login issues like this are database/MySQL related. Generally when this occurs MySQL is not running. If MySQL is running, then the database tables are missing or corrupt, or more often the disk is full.

For more Aanval Tips, Tricks, and Troubleshooting assistance, visit our wiki.

Did you know? Aanval is the longest running and most refined Snort front-end, and has been in continual development since 2003. To take Aanval for a Test Drive, visit www.aanval.com/download.

Cybercrime and Data Breach Weekly News Roundup: April 5-11, 2013

In this week’s breach roundup, read about the latest security incidents reported by organizations in the higher education, healthcare, and government industries.

Hackers Access College Application Records

According to DataBreach Today, “Hackers using an international IP address recently unlawfully accessed an online database containing student admissions records for Kirkwood Community College in Cedar Rapids, Iowa.

The hackers accessed archived admissions records for individuals who applied to take Kirkwood college-credit classes, the college reports. The information spanned from February 2005 to March 13, 2013.

Although the college hasn’t disclosed the number of individuals affected by the March incident, local ABC television affiliate KCRG is reporting 125,000 personal records were compromised in the hacker attack.

Information stored in the records may have included applicant names, birthdates, race, contact information, and Social Security numbers, according to an FAQ on the college’s website. No financial data or academic records, including grades and financial aid information, were stored in the system.

The college is offering affected applicants free identity protection services.”

Source: http://www.databreachtoday.com/college-breach-leads-roundup-a-5671

Hospice Breach Affects More Than 5,000 Patients

Healthcare Informatics reported that “Hospice of Alamance Caswell and LifePath Home Health have notified approximately 5,370 current and past patients, or their next of kin, about a breach of unsecured personal patient protected health information after an incident occurred at their office.”

On Feb. 24th there was a break-in at their main office building in Burlington, N.C., officials said. During the break-in, three laptops were stolen that are used in connection with the provision of care to patients in their own homes. Although the patient database stored on the laptops was fully encrypted to conform to industry standards, the laptops also contained unencrypted e-mails that contained limited patient health information about a small percentage of patients. The laptops have not been recovered at this time.

According to officials, the perpetrators also had access to rooms that contain paper medical and billing records. The police investigation did not reveal any evidence that any record was touched or viewed, and no records were taken. These paper medical records contained personal information, including name, address, phone number, date of birth, Medicare or other health insurance number, prescribed medications, and full or partial Social Security numbers.

Although it does not appear that the files were viewed, Hospice has said there is no way of knowing whether the files were actually viewed. As of this date Hospice has not received any indication that the information has been accessed or used by an unauthorized individual.

“Hospice of Alamance Caswell understands the importance of safeguarding our patients’ personal information and takes that responsibility very seriously,” Peter Barcus, executive director, said in a statement. “We will do all we can to work with our patients or their loved ones whose personal information may have been compromised and help them work through the process. We sincerely regret that this incident has occurred, and we are committed to prevent future such occurrences. We appreciate our patients’ and families’ support during this time.”

Source: http://www.healthcare-informatics.com/news-item/hospice-breach-affects-more-5000-patients

Medical Records of 2k Patients Left Unprotected on Contractor’s Server

SC Magazine disclosed that “thousands of patients of a New York state hospital had their medical records exposed when they were left unprotected on a third-party server for several months.”

How many victims? More than 2,300.

What type of personal information? Medical records, including handwritten doctors’ notes that typically include diagnoses, test results, and emergency department records.

What happened? On Thursday, Glens Falls Hospital announced that an outside contractor, which stores medical records for the hospital, left the data of patients on an unprotected server between November and mid-March. A forensic audit led hospital officials to learn of the breach.

What was the response? Notifications were sent to victims. In addition, the hospital set up a call center for patients with inquiries.

Details: Auditors concluded that some patient records may have been accessed or downloaded by intruders. A hospital spokeswoman said Social Security numbers, addresses, and financial information were not on the unsecured server.

On March 14th the server was taken offline and, since discovering the incident, the hospital fired the contractor, Portal Healthcare Solutions.

Quote: “There’s no way to tell how the records were accessed, or even if any actually were,” Darlene Raynsford, a Glens Falls Hospital spokeswoman, said.

Source: www.poststar.com, The Post-Star, “Glens Falls Hospital alerts patients of possible information breach,”

Laptop Stolen From S.C. Medical Center Contains Data on 7k Veterans

According to SC Magazine “A Department of Veterans Affairs (VA) laptop containing the sensitive data of several thousand patients was stolen in South Carolina.”

How many victims? 7,405.

What type of personal information? Names, birth dates, and partial Social Security numbers.

What happened? The VA sent notification letters to affected patients last week, after discovering the laptop was stolen in February. The theft occurred at the respiratory therapy department of the William Jennings Bryan Dorn VA Medical Center in Columbia, S.C.

What was the response? The VA is offering one year of free credit monitoring to affected patients and has directed individuals with questions to call Lisa Boxton, the Dorn VA privacy officer.

Details: Law enforcement has begun a criminal investigation, though VA officials believe no patient information has been misused. Since the incident, the hospital has secured all laptops that are connected to medical devices.

Quote: “Any time a veteran’s personal information may be compromised, we take the matter very seriously,” said Rebecca Wiley, the medical center director. “We are reaching out to each veteran who may have been impacted.”

Source: www.wistv.com, WIS News 10, “Dorn VA warns patients of possible security breach,”

About Tactical FLEX, Inc.

For nearly a decade, Tactical FLEX, Inc. has taken great pride in providing best-of-breed security solutions to every type of organization around the world. Our wide spectrum of customers demonstrates our sincere commitment to an industry that remains at the forefront of the digital evolution of the world. Information security is our business and our customers are our greatest asset. Tactical FLEX, Inc. is a trusted security vendor protecting more than 6,000 organizations within every industry in more than 100 countries. Our product Aanval® is the industry’s most comprehensive Snort and Syslog Intrusion Detection, Correlation, and Threat Management console on the market. Aanval supports both Snort and Suricata, as well as virtually any Syslog data source, and is designed specifically to scale from small single-sensor installations to global enterprise deployments.

We invite you to visit our Industry Focus page at http://www.aanval.com/industry to find out how our products and services can aid securing your valuable assets and information.

Learn more about Aanval SAS™ by visiting http://www.aanval.com. Aanval® is also available for download as a free Community edition for testing and evaluation at http://www.aanval.com/download.

Ten Things You May Not Know About Aanval IDS Console

#1 Aanval was publicly released in 2004 and is considered the longest running Snort interface under continuous development on the market today and the industry’s leading Snort, Suricata, and Syslog Intrusion Detection, Correlation, and Threat Management console. There are three key contributing factors to Aanval’s popularity and global success: situational awareness, false-positive reducing event validation, and multiple source event collection, correlation, and archiving. Learn more about Aanval at http://www.aanval.com.

#2 Aanval currently protects more than 6,000 customers within every industry worldwide including government security, defense organizations, technology corporations, financial services organizations, educational institutions, healthcare providers, biotechnology manufacturers, energy companies, law firms, and many others. View who’s using Aanval at http://www.aanval.com/customers.

#3 Aanval is an enterprise grade IDS solution created for all business sizes and has the unique technological capability to automatically scale to meet the needs of its environment. Aanval is built to scale from small single-sensor installations to global enterprise deployments.

#4 A major focus of Aanval is performance and scalability. Aanval is built with an accelerated real-time event processing system that handles as many as 1,500 events per second and scales beautifully with hardware to process as many as 5,000 events per second. Supporting millions and billions of Snort, Suricata, and Syslog events is fully automated and continues as long as storage space is available. Aanval is further designed to correlate event data and logs from hundreds of vendor products and solutions including Snort, Suricata, Cisco, Barracuda Networks, Sourcefire, and Apple.

#5 Aanval is uniquely and completely written in standard HTML and Javascript, and more importantly void of Adobe Flash. The completely re-written codebase enables Aanval to work in every browser and across every mobile platform.

#6 While many organizations continue to struggle to achieve network visibility, Aanval SAS (Situational Awareness System), the latest version of Aanval, is armed with a one-of-a-kind situational awareness engine that provides an in-depth event and architecture analysis of the host network. Aanval can quickly build detailed summaries of the network’s security posture and current risks as well as provide Security Analysts with the resources they need to identify actual risks and make critical decisions. Delivering actionable security intelligence from an organization’s circumstances and conditions is the pure essence of Aanval’s true situational awareness.

#7 Aanval SAS is also the combination of the most advanced IDS features coupled with powerful offensive tools to shore up defenses such as Network Host Scanner, Rogue Host Detection, and Offensive Reconnaissance that take full advantage of Nmap, the industry’s most well-known and accomplished port scanning utility to perform both automated and on-request network reconnaissance. View product screenshots and details at http://www.aanval.com/aanval.

#8 Aanval continues to support both the information security and open source Snort and Suricata communities by providing users with a free non-commercial version of Aanval that allows full functionality of a single-sensor device. Aanval is designed to work with all versions of Snort and Suricata. Aanval may be downloaded for testing and evaluation at http://www.aanval.com/download.

#9 Commercial Aanval is unlimited for the number of sensors (Snort, Suricata, or Syslog sensors) and also includes telephone and remote support for the product, and console maintenance. With annual unlimited sensor capacity, organizations of all network sizes are no longer limited by sensor cost and can now monitor every aspect of their environment. Explore Aanval SAS Product Comparison Matrix by visiting http://www.aanval.com/aanval.

#10 Aanval Appliances are pre-configured, turn-key deployments of Aanval designed for organizations that need a drop-in solution or possibly have little or no IDS/IPS experience. Aanval Appliances can be configured in an array of configuration options that include Aanval, Snort, Suricata, Nessus, Nmap, Metasploit, and just about any other popular security tool and system. Learn more about Aanval Appliances at http://www.aanval.com/appliances.