Just a couple days after the confetti had settled in Time Square, security researchers revealed two massive vulnerabilities that exist in virtually every pc and server in the world.


The vulnerabilities, Named “Meltdown” and “Spectre” (James Bond fans, are we?) by the researchers who discovered them, exist at the processor level. The two vulnerabilities differ in that Meltdown affects only processors designed and built by Intel while the Spectre flaw is so deeply embedded in modern chip architecture design that it affects virtually all modern processors regardless of manufacture.

Patching Things Up

Researchers, manufacturers and cloud service providers have been feverishly working to develop patches for Meltdown. The good news is that it does appear that patches are on their way for both Windows and Linux machines and that this vulnerability will be fixed before it can wreak havoc on cloud computing providers, hosting providers, businesses and individuals. – I suspect this means that PC users around the world will be getting a Windows update dropped in their lap shortly. Oh and according to some sources, expect your PC to run upwards of 30% slower once the patch is in place!

As for Spectre, early indications are that nothing short of changes to fundamental chip architecture will be able to fully patch this vulnerability. This of course means a legacy vulnerability may well exist for many years until PCs, phones, servers etc. are replaced as part of the normal life cycle.

2018 is Starting Off with a Bang!

Two huge vulnerabilities and the coldest holiday season on record for much of North America! Stay warm, stay inside and focus on security!


read more

According to TechRepublic.com take budgets were going to be increasing in 2017 with marked increases in security spend.

Did your organization ride this trend or buck it?

read more

What are the four questions every CEO should ask after a breach? According to an article on inc.com they are:

1. What information was impacted?

All information is not created equal or valued equally. In general, Personally Identifiable Information (PII) is valued more highly by both cybercriminals and regulators. This means that the ramifications for losing this type of information are greater than for losing other types of more generic information.

2. How many customers were impacted?

Of course, the more customers, the worse the breach in general and the more likely you are to find yourself in the press. But beyond that, the size of the breach determines how you will notify the victims and whether or not you may find yourself in a class action law suit.

3. What geographies were impacted?

Breaches are handled differently in different parts of the world. Who you must report to, how quickly you must report and what is considered personal information all varies depending upon who has jurisdiction.

4. Do we have logs?

Logs are the history of what actions took place on a database or server. Logs are crucial! They hold the entire history of the event and the more accurate and detailed the better. Without good logs your technical team is at a huge disadvantage when attempting to piece together how the breach occurred and what actions were taken in response.

Your Quick-Start Road Map

In summary, knowing what information was compromised, how many individuals were impacted, where they were impacted and how well your team and security measures responded to the breach provides you and your C-Team the information you need in a capsule summary format.

You will quickly know what types of ramifications to expect and what other resources you will need. Of course, as the event continues to unfold you will need additional, more granular information but the answers to these four simple questions will serve you well as a “quick-start road map” to your journey ahead.

The Case for Managed Security Services

If an ounce of prevention is worth a pound of cure, then Konsultek’s managed security services may be the best way to keep your organization out of the headlines and focused on your core competencies. To learn more about the advantages of managed security services, please give us a call.



read more

It’s hard to imagine but the FBI’s IC3 turns 17 this year and in the spirit of National Cyber Security Month we thought we’d take a moment to highlight this valuable resource.

The Internet Crime Complaint Center (IC3)  was established in May 2000 as a partnership between the National White Collar Crime Center (NW3C) and the Federal Bureau of Investigation. The organization gives victims of cybercrime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. IC3 provides law enforcement and regulatory agencies at all levels a central referral system for complaints involving Internet-related crimes.

Here’s How the Process Works Today

Filing a Complaint with the IC3

The IC3 accepts online Internet crime complaints from either the actual victim or from a third party to the complainant. You can file yourself, or someone can file for you (for example, your security provider). The IC3 works best when they receive complete and accurate information so before you click the big red button we suggest you follow their recommendations regarding what information to have at the ready.

Here is that list:

  • Victim’s name, address, telephone, and email
  • Financial transaction information (e.g., account information, transaction date and amount, who received the money)
  • Subject’s name, address, telephone, email, website, and IP address
  • Specific details on how you were victimized
  • Email header(s)
  • Any other relevant information you believe is necessary to support your complaint

Konsultek and the FBI

In the past Konsultek has had the pleasure of having members of the FBIs cyber crime team join us for lunch-n-learn opportunities. We have an upcoming event in the works so be sure to check our events page frequently because the FBI appearances are always extremely popular and seating goes fast.


read more

While the alarming news about the massive Equifax breach is just days old, Joshua Browder, the entrepreneur behind the robo-lawyer DoNotPay.UK has already taken action on it.

Head over to the DoNotPay website and you’ll be greeted by this splash screen:


Browder and his team have built upon their “chatbot” technology which has reportedly already helped nearly 400,000 people successfully fight traffic tickets in New York.

The national aspect of the Equifax breach introduced complexities beyond the relatively simple types of legal matters, say parking tickets in Chicago, which the bot has been helping with so far.

According to reports, his biggest challenge was determining who to sue in each state and the various indiosyncracies of each state’s system.

You can learn more details at WashingtonPost.com and get a different perspective on this approach to suing Equifax over at dailydot.com.

Security Experts, Not Lawyers

Whether using a chatbot to sue Equifax in small claims court is a good decision or not is not our area of expertise. Keeping breaches from happening is! At Konsultek we develop customized, holistic security solutions for organization of all shapes and sizes.

When you’re ready to learn how we can make a difference in your organization’s security, just give us a call and talk to one of our real experts, not a chat bot!


read more

Today is the last day to file your federal income taxes. And the looming 12:00 a.m deadline has thousands, if not millions of citizens stressing out and more susceptible to phishing scams than usual.

Every good cybercriminal knows this and they are working overtime churning out fake emails from the IRS and other taxing authorities in the hopes of snagging victims, stealing valuable information and ultimately,  making some money.

IRS Phishing PSA

For those of you who stumble across this blog post hoping to find a quick answer to the question “How do I know if this email from the IRS is real?” here is the quick answer.
The IRS will NEVER ask you to send along personally identifiable information such as your social security number or bank account details. So, if you are looking at an email that purports to be from the IRS and it is asking for this information it is a fake, phishing email and you should discard it ASAP!

IRS Issues Scam Warning

The prevalence of phishing scams this tax season prompted the IRS to issue a warning on March 17, 2017.
In the warning the IRS urged both tax professionals and taxpayers to be on guard against suspicious activity.Two scams were highlighted in the warning. In the first, which targets tax preparers, a fake email is sent to the preparer, (ostensibly from the client) asking the preparer to change the refund destination, often to a pre-paid debit card.The second scam targets users of tax preparation software or similar services. Users receive emails from these entities asking them to update their online accounts.Of course, those nostalgic for the good old days should be happy to know that telephone scams are still plentiful with the “IRS” robo-calling with urgent messages that require immediate action.

From Phishing to Malware

The purpose of these phishing emails is often not to directly collect account information but rather to install malware that can then access all the information stored on the infected device and even hijack the camera. That, according to www.zscaler.com.

The Zscaler ThreatLabZ team has detected a rise in Java-based remote access Trojan variants — jRATs — which give attackers a backdoor into a victim’s system and can be capable of remotely taking control of the system once it’s infected. Malware authors are using numerous tactics to entice unsuspecting users to open infected attachments, which arrive as malicious JAR files. Most recently, we’ve seen filenames such as “IRS Updates.jar” and “Important_PDF.jar,” claiming to contain important tax deadline information from the IRS.

Security is a 24X7X365 Job

Today it’s tax filing, tomorrow the scam will focus on something else. It appears that cybercriminals never sleep and never take a day off. Somewhere in the world there is always someone or some bot attempting to fleece unsuspecting individuals and organizations. I think we have finally “progressed” as a society to the point when we can confidently say that the only things certain in life are death, taxes and cybercrime!

read more

This week McAfee became an independent security company for the first time since it was acquired by Intel in 2010.

The newly independent McAfee has an enterprise value of $4.2 billion, down from the $7.62 billion price tag that Intel paid.

Intel will retain a 49% ownership in McAfee with the remaining 51% being owned by private equity firm TPG Capital.

McAfee, arguably the world’s oldest and one of the largest pure security firms on the planet has over 7,500 employees worldwide and a substantial war chest of security IP including over 1,200 security related patents.

The newly independent McAfee should be better positioned to help its private and enterprise level clients deal with the rapidly evolving cyber-threat landscape.

In an interview with VentureBeat, McAfee’s Chief Technology Officer, Steve Grobman said “he believes both Intel and McAfee will be able to focus on their businesses better as separate companies. He said that cybersecurity is changing fast, and the company needs to think about challenges such as ransomware, the weaponization of data, and political leaks of digital information.”

In his letter to the public dated 4/3/17, McAfee CEO, Christopher Young states “Today, a new McAfee is born. One that promises customers cybersecurity outcomes, not fragmented products. One that vows to move this industry forward by working with competitors, not just partners. And, one that offers employees a calling, not simply a career.”

Konsultek  Welcomes McAfee Back

At Konsultek we are always looking to bring our customers the best solutions on the planet. We look forward to seeing what the newly independent McAfee can bring to the market in the way of innovative and world class solutions.


read more

Yet, Consumers Implicitly Trust Them According to a CapGemini Report

According to the CapGemini report, while banks and financial institutions enjoy an extraordinary 83% positive level of trust in the cybersecurity of their systems, just 1 in 5 banking executives surveyed are “highly confident in their ability to detect a breach, let alone defend against it.”

For comparison, e-commerce firms enjoy just a 28% positive level of trust while telecom companies and retailers score a paltry 13%.

The full CapGemini Report Can be downloaded here

Trust is a HUGE Factor In Consumer Choice

According to the report authors, trust in an institution’s ability to protect private data and provide a secure environment is a significant factor for 65% of consumers when choosing which bank to do business with.

And yet, while approximately 25% of all financial institutions have reported being a victim of some level of hack only 3% of consumers believe that their own financial institution has ever been breached. It would seem that indeed there is a “trust halo” being enjoyed by banks that the numbers suggest they do not deserve.

If this halo were to become tarnished banks could be in trouble. According to the report 74% of consumers would switch their bank or insurer if they became aware of a breach.

GPDR Regulations Will Likely Drive Transparency

The GPDR regulations set to be introduced next year should drive more transparency and quicker reporting of breaches and this may result in some tarnished halos.

“When GDPR is introduced and all breaches are likely to be made public soon after they occur, many people will be in for a surprise,” said Zhiwei Jiang, Global Head of Financial Services, Insights & Data at Capgemini. “The introduction of GDPR legislation next year is a prime opportunity for business transformation for banks and insurers to become the digital fortresses consumers believe them to be.”

Konsultek Knows Security

From financial institutions to university and healthcare organizations, Konsultek builds customized security solutions that protect networks and the data they house. If you are interested in learning exactly how your network may be vulnerable just give us a call and we’ll discuss how we can find your vulnerabilities before they are found by cybercriminals and hackers.


read more

A recent survey conducted by the Pew Research Center found that roughly half are not confident that the companies and organizations they do business with on a daily basis are keeping their personal information secure.

Interestingly enough, social media sites and the federal government came in dead last when it came to cyberprotection confidence! Perhaps those surveyed never had a Yahoo mail account?

The rather comprehensive report also highlights these rather disturbing figures:

41% of Americans have encountered fraudulent charges on their credit cards.

35% have received notices that some type of sensitive information (like an account number) had been compromised.

16% say that someone has taken over their email accounts, and 13% say someone has taken over one of their social media accounts.

15% have received notices that their Social Security number had been compromised.

14% say that someone has attempted to take out loans or lines of credit in their name.

6% say that someone has impersonated them in order to file fraudulent tax returns.

And beyond these specific experiences, roughly half of Americans (49%) feel that their personal information is less secure than it was five years ago.

Think about these figures as you enjoy the Super Bowl this Sunday with friends and family. Statistically speaking, if you are enjoying your Super Bowl viewing experience with 9 other adults the Pew findings mean that roughly:

  • 4 of your fellow game watchers experienced fraudulent credit card charges
  • At least 3 of your fellow game watchers have been notified that some sensitive personal information has been  leaked
  • Probably 1 perhaps 2 have had their Social Security numbers compromised!

Protecting Networks 24X7, Even on Game Day

At Konsultek we build custom security solutions for organizations of all sizes across virtually every area of interest. When you are ready to take your security to the next level or to outsource it someone who has the experience and resources your need please pick up the phone and give us a call.


read more

Woke up today to find this gem in the mailbox. Who knew that the FBI and the Central Bank of Nigeria would be looking for me!

This email is entertaining for a couple of reasons (at least!) beyond the alleged working relationship between Mr. Comey and the Central Bank of Nigeria.

Take a look at the portions highlighted with blue text! First a warning that “you should ignore any message that does not come from the above email address and phone number for security reasons.”

Next, look at Mr. Comey’s email address. I would have thought that after all the email scandals in Washington that Mr. Comey would not be using an AOL  email address for such important and sensitive business!

Re: Urgent January Notice…….

From: James B. Comey, Jr., <fbidirector@openmailbox.org> 

Jan 18 at 12:37 PM




935 Pennsylvania Avenue, NW

Washington, D.C. 20535-0001. USA.

Attention: Beneficiary,After proper investigations, we, the Federal Bureau of investigation (FBI) discovered that your impending (over-due contract) payment with Central Bank of Nigeria is 100% legal and has been approved for release to you.

We recently had a meeting with the Executive Governor of the Central Bank of Nigeria, in the person of Mr Godwin Emefiele and other top officials of the concerned Ministries regarding your case and we were made to understand that your files have been held in abeyance pending on when you personally apply for the claim.

Investigations also revealed that a lady, by name Mrs. Joan B Melvin from New York has already contacted Central Bank of Nigeria with a power of attorney and some documents, which stipulated that you have mandated her to claim your fund of US$25,000,000.00 (Twenty Five Million United States Dollars) on your behalf due to your ill health.

In view of this, we have been urged to warn US citizens who have received information pertaining to their outstanding contract payment to be very careful and not to be a victim of ugly circumstance. In case you are already dealing with anybody or office of the Central Bank of Nigeria, you are strictly advised to STOP further communication with them in your best interest and thereby contact the real office of the Central Bank of Nigeria via the below information:



OFFICE ADDRESS: Central Bank of Nigeria,Central Business District,

Cadastral Zone, Abuja, Federal.

Capital Territory, Nigeria.

Email: central.bnk0015@aol.com

NOTE: In your best interest, you should ignore any message that does not come from the above email address and phone number for security reasons. And to enable the Central Bank of Nigeria to process and release the fund to you, you are required to re-confirm your full details such as

FULL NAMES: __________________________________

CITY: _________________________

STATE: __________________________________

ZIP: ______________COUNTRY: _______________________

SEX: _______________AGE: __________________

TELEPHONE NUMBER: _____________________

Ensure that you follow the Central Bank of Nigeria due process as enshrined in the International Banking Secrecy Act to avoid any form of discrepancy, which may hinder your fund transfer.Thanks for your understanding and cooperation as we earnestly await your urgent response.

Best Regards,

James B. Comey, Jr.,

Federal Bureau of Investigation

J. Edgar Hoover Building,

935 Pennsylvania Avenue,

NW Washington, D.C

E-mail: jjbcomeyjr@aol.com


read more