Seqrite is Quick Heal's Enterprise Security brand defined by innovation and simplicity. Our solutions are a combination of intelligence, analysis of applications and state-of-the-art technology, and are designed to provide better protection for our customers.
While market research organizations may not always attract the headlines in a manner similar to financial services and educational organizations, it would not be a misnomer to state that they remain at high risk of cyber attacks. The rationale behind that is very simple – market research organizations deal with huge amounts of data every single day. In fact, their primary mode of operation is analyzing and parsing through vast amounts of data to find correlations, trends, and corollaries.
Such a huge treasure of data makes these organizations attractive targets for cybercriminals and hackers. There is also the threat of compliance with governments increasingly becoming more aware and passing rules and regulations which control the amount of data organizations can store. Market research organizations are directly at risk of non-compliance of this. The consequences can be quite costly – in 2016, a New York-based medical research institute incurred a $3.9 million penalty due to a security breach involving an unencrypted laptop.
The need for mobile security
Hence, market research organizations must ensure that they deploy strong cybersecurity solutions, especially on the mobile front as well. The proliferation of mobile phones in today’s day and age is a reality that has to be addressed by organizations in every industry. And they offer a huge number of vectors to breach an enterprise’s defenses.
Keeping the above in mind, Seqrite’s mSuite solution offers an option research organizations can explore. It is a comprehensive and powerful tool to manage all mobile devices running on Android and iOS operating systems. The solution allows network managers to get total control over all applications installed on official devices, monitor internet usage patterns, track device location and apply company policies as per the location and time, and provide support through remote device control as well as file transfer. Organizations can remain in total control of what’s happening with their data even beyond their own network.
In terms of the specific requirements which research organizations require, mSuite is well equipped with the following features:
Virtual Fencing – Enforce digital boundaries and apply restrictions on devices with Wi-Fi, Geo and Time Fence. Multiple fence groups can be created and policy restrictions can be applied.
Network Data Monitoring – Data usage can be monitored over mobile and Wi-Fi networks. Details of data, consumer, calls, SMS, and MMS sent and received can be easily accessed.
Device Security Policies – Enhanced security is offered with multiple default policies which can be customized for compliance. Policies are framed around password, app security, etc.
Customized Reporting – Standard and custom interactive reports are generated providing graphical summaries about infection status and application non-compliance.
Apart from these, research organizations can rest easy knowing their valuable data is secure thanks to a range of comprehensive mobile security and anti-theft features including:
Anti-malware – A best-in-class, built-in antivirus is provided to keep devices safe from viruses, Trojans, ransomware and cybercrime attacks.
Anti-theft – Devices can be remotely located and locked with data wiped on lost or stolen devices. On SIM change, the devices can be completely blocked or locked.
Scan Scheduler – Admins can remote schedule a Quick Scan/Full Scan at any time and monitor the status of enrolled devices for security risks and infections.
Web Security – Seqrite’s powerful browsing, phishing and web protection is in-built within the solution with the ability to blacklist/whitelist URLs or use category/keyword-based blocking.
The above features make Seqrite mSuite a great solution for research organizations when it comes to securing their mobile cybersecurity front.
From GDPR in the European Union to now the POPI Act in South Africa, data privacy regulation is slowly making its way across the globe.
The Protection of Personal Information (POPI) Act was passed in South Africa in 2013 and will soon come into effect across the entire country. Like the GDPR in EU, it marks a wide-ranging regulation on data privacy, personal information and data consent which will have a huge impact on how enterprises do businesses across the entire country. A recent report suggested that only 34% of organizations were compliant with the Act which makes it a troubling scenario.
If you are an organization based in the country, here is some information which you absolutely need to know:
What is the POPI Act?
The short-form of the Protection of Personal Information Act, this is a legislation which was passed in 2013 but is yet to be enacted. As per the official South African government website, it is aimed at the following:
to promote the protection of personal information processed by public and private bodies;
to introduce certain conditions so as to establish minimum requirements for the processing of personal information;
to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000;
to provide for the issuing of codes of conduct;
to provide for the rights of persons regarding unsolicited electronic communications and automated decision making;
to regulate the flow of personal information across the borders of the Republic; and
to provide for matters connected therewith.
When will it come into effect?
Even though the act was passed in 2013, it is yet to come into effect due to governmental regulations. Currently, the wait is on for a Regulator to be established but most analysts feel it is not long before it comes into effect.
Who will it affect?
The act is intended to regulate how South African businesses collect, store, process and share personal information. Going by that definition, all South African businesses will be affected.
How is personal information defined?
The Act defines “personal information” as information related to an identifiable, living natural person which can include:
Information related to personal differentiators such as race, sex, gender, pregnancy, marital status, etc.
Information related to education, medical history, employment history, etc.
Identifying numbers, symbols, email addresses, physical address etc.
Personal views, opinions
Correspondence sent by the person, etc.
How will it identify businesses?
For starters, businesses have to classify what information they collect about data subjects as “personal information”. There are regulations as to how companies can handle personal information which they will have to comply with, apart from exceptions as well. “Records” and “sensitive information” must also be identified and stakeholders will have to be notified in case of any data breaches.
What are the penalties of non-compliance?
Non-compliance can invite serious penalties. It could involve imprisonment for a period of up to 10 years or a fine of up to R10 million (rand), or in some cases, both.
Keeping all this in mind, it is imperative that South African enterprises start preparing for the inevitable and set in motion processes which will ensure full compliance with POPI.
As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more
Smartphones are no longer luxuries – in today’s day and age, they are an omnipresent reality. Mobile devices do not just offer connectivity anymore, there are used for many business functions. Business emails, document reviews, editing, and video conferencing are just some of those. To support a mobile workforce, companies issue handhelds such as smartphones, tablets, and laptops that enable them to work while traveling or while sitting at the comfort of their homes. Some companies also support the ‘Bring Your Own Device (BYOD)’ concept which permits employees to access company network from their personal handhelds.
To ensure that organizations keep their defenses secure, it is imperative that they secure their company devices with mobile devices management solution. Network administrators can consider the Seqrite mSuite solution for this purpose. This is a powerful solution to increase the productivity of an enterprise by mobilizing the workforce while ensuring that enterprise data remains absolutely secure. The solution allows network managers to get total control over all applications installed on official devices, monitor internet usage patterns, track device location and apply company policies as per the location and time, and provide support through remote device control as well as file transfer. Organizations can remain in total control of what’s happening with their data even beyond their own network.
If you’re still wondering why Seqrite mSuite is the perfect solution for your mobile device management needs, here are five reasons to convince you:
Single Console Management for All Devices
Seqrite mSuite offers easy device management by offering single console management for all devices. Enrolment can be done in minutes, saving precious time with features such as remote ring, locking/unlocking, locating/tracing and wiping of devices. They can also be grouped together under one single policy applied and configured. Devices can also be tracked on a map in real time.
Comprehensive security management
Enterprise administrators don’t need to worry about security with Seqrite’s built-in antivirus that keeps data safe from Viruses, Trojans, ransomware and organized cybercrime attacks. Admins can easily schedule a Quick Scan or Full Scan on any enrolled device remotely. Seqrite mSuite offers excellent web security thanks to browsing, phishing and web protection.
Seamless App Management
Applications running on the enrolled devices can be easily managed and secured. Applications and updates can be pushed from server to devices with blacklisting and whitelisting offered. Users can download apps on demand through the enterprise app store which establishes control over the use of applications. The device can be transformed to use a single app through the kiosk mode feature.
Easy Data Monitoring & Management
It’s easy to stay in control of all critical data with Seqrite mSuite. Digital boundaries can be defined by applying restrictions on devices with Wi-Fi, Geo, and Time fFence Data usage can be monitored through mobile and Wi-Fi networks with interactive reports provided with graphical summaries. Multiple default policies offer enhanced security which can be customized for compliance.
Easy to use and customizable
Apart from the above features, Seqrite mSuite offers several features which make it easy to use and customizable. Bulk file distribution can be done from console to Android devices. The solution also includes third party SMS gateway integration for SMS notification and custom mSuite app distribution for enrolment.
Summary: Quick Heal and Seqrite users are reporting that PCs fails to boot up / Freeze after installing 9th April Windows Updates and Rebooting the system.
Users have Quick Heal or Seqrite product installed and running on their systems.
The PCs fail to boot up/Freeze after installing Windows Updates of 9-April-2019 and Rebootingthe system.
There are also some instances reported of PCs slow-down especially on Windows 10 1809.
Affected Operating Systems:
As of now we have cases reported on Windows 8.1 and below (Windows 8/Windows 7).
Few cases reported on Windows 10, Windows 2008, Windows 2012 as well.
While we have observed other AV vendors facing similar issues with Windows 2008 and 2008 R2, Windows 2012 or 2012 R2 running on their system.
Windows 10 – System slowness only.
Windows Updates causing the issue (Under Investigation):
Windows 7: KB4493472, KB4493448
Windows 10: KB4493509
Information on Windows 9-April-2019 Update Release:
For more information on Microsoft Windows 9-April-2019 release notes, click here
Those who have installed these updates but haven’t rebooted their PCs might encounter similar symptoms. As a precaution, we recommend users to uninstall the contentious Windows KB updates prior to rebooting.
Follow the steps listed here to uninstall the Windows KB Updates.
For customers affected by this issue, we recommend rebooting the PCs in Safe Mode and Uninstall the Windows KB Updates.
Follow the steps listed below to reboot the PCs in Safe mode and uninstall the KB Updates.
Once the Windows KB is uninstalled, disable “Automatic Windows Updates” by following the steps listed here.
After successful un-installation of the Windows KB updates, reboot the PC in normal mode.
Note: While disabling Windows Automatic Updates is not recommended and should be used only as a temporary measure to avoid download and installation of the contentious Windows KB updates. Once the issue is addressed, please do enable Windows Automatic Updates.
It is not necessary that all users observe these symptoms as it is potentially related to a timing issue during the boot up process and not reproducible all times.
Quick Heal / Seqrite Engineering Team is working closely with Microsoft to get this issue addressed on high priority.
This KB Article will be updated with additional information on an ongoing basis and we recommend you visit this page to get the latest updates on this issue.
Please get in touch with Quick Heal/Seqrite Technical Support Team for more information or any assistance related to this issue.
It has almost been a year now that the General Data Protection Regulation (GDPR) has come into effect. A landmark legislation in the history of data protection, GDPR has changed the way enterprises approach cybersecurity. With its many definitions and focus on data protection and security, enterprises, which deal with data belonging to EU citizens, have to be much more proactive when it comes to complying with the legislation.
The consequences of non-compliance can have very steep financial consequences with penalties for non-compliance ranging up to 20 million Euros or 4% of a company’s annual turnover, whichever is higher. Organizations hence must concentrate on sufficient endpoint management that fortifies the security of their Enterprise Mobility Management (EMM) and Mobile Device Management (MDM) systems.
An enterprise’s mobile workforce occupies the far reaches of the security perimeter and constitutes the most vulnerable threat vectors to the data protected by GDPR. That is why organizations can consider Seqrite MobiSMART, a powerful tool to secure control of critical data, to remain compliant with GDPR regulations.
Take control of your data – A key feature through which Seqrite MobiSMART can help with GDPR compliance is by offering an unhindered, easy access to data consumption in your enterprise. This can be through the single console management for all devices which offers a one-stop view into how data is being consumed in your enterprise.
Fencing and Data Monitoring – GDPR puts great importance on the distinction between personal and official data. MobiSMART offers an easy way to maintain that distinction through its fencing and data monitoring features which allow digital boundaries to be defined. Data usage can easily be monitored through mobile and Wi-FI networks.
Build-in mobile security – MobiSMART’s built-in security features helps you keep your devices secure and ensure you will not fall foul of GDPR’s compliance laws. With a best in-class anti-malware, strong anti-theft features and excellent web security, enterprises will know that their cybersecurity issues are in safe hands.
Keep control of your apps – Applications can often have malicious consequences but MobiSMART allows enterprises to stay in control of applications. Apps can be pushed from server to mobile devices with administrators possessing the ability to blacklist certain apps. Custom applications can also be pushed to the Enterprise App Store.
For those of you still struggling with enterprise-wide visibility to user activity, Seqrite MobiSMART can be a trusted resource for providing a viable and fully-functioning app workspace for your mobile workforce that’s NIST-certified secure.
One of the most complex topics in the European Union’s landmark General Data Protection Regulation (GDPR) is the Right to be Forgotten, also known as the Right to Erasure. On the outset, the concept seems simple – individuals can request for their personally identifiable data to be removed if they have provided it to a data controller, hence they can be “forgotten”.
But, in a world of connected data where information is shared across servers, people, territories and what not, the Right to be Forgotten is a complex regulation which has many enterprises tripping up after the implementation of GDPR. While the moral and philosophical effects of this rule are for a different topic, this article tries to understand this right and explain where and when it applies.
The role of personal data
The first point to keep in mind is that this is not an absolute right. The Right to Erasure or Right to be Forgotten is provided to all individuals but only if they meet certain specifications. As the specific Article 17 of the GDPR regulation says:
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
The criteria to meet
This makes it clear that an individual cannot randomly request to be forgotten. They must fit some of the criteria – i.e. their personal data is no longer necessary in relation to the reason for its collection, the consent has been withdrawn, etc. This is a point which enterprises must keep in mind when considering the right to be forgotten requests.
Furthermore, the same article also makes it clear that enterprises do not have to comply with the request in case of the following circumstances:
for exercising the right of freedom of expression and information
for compliance with legal obligations
for reasons of public interest in the area of public health
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
for the establishment, exercise or defense of legal claims.
Hence while enterprises must comply with GDPR requirements which also involved compliance with a user’s right to be forgotten, they must also work according to the clauses provided in the article. It is important that there is recognition that GDPR is more than just security compliance; it is a regulation with both legal and social consequences.
For several months, QH Labs has been observing an upswing in ransomware activity. We found a new ransomware which is written in Go lang. Malware authors are finding it easy to write ransomware in Go lang rather than traditional programming languages.
Infection of Jcry ransomware starts with a compromised website.
Fig 1 : Part of malicious script.
Flow of Execution:
Downloaded malware (flashplayer_install.exe) is Self-extracting archive. On execution, it will extract the below mentioned components in “Startup” directory to create its persistence.
Fig 2 : Extracted components and SFX instructions.
As mentioned in the above figure malware extract components and starts msg.vbs along with enc.exe(Encryptor)
This file is used to impersonate the user that, the system tried to update adobe flash player but access is denied for the user.
Fig 3 : Massage shown by msg.vbs
This executable is responsible for file encryption and it is written in Go language.
Fig 4 : Go Build ID and library strings of Go Lang found in file.
On execution, it firstly checks for the existence of “personalKey.txt” file in the current directory, to determine that system is already infected or not. If the file exists then malware considers that the system is already infected and it terminates itself. As well as it deletes msg.vbs and Enc.exe with the help of decryptor file. During encryption, it uses the combination of AES and RSA algorithm. File encryption is performed using AES 128 bit algorithm with 16-byte initialization Vector in CBC mode. Hardcoded RSA public key is found in the enc.exe file which is later used to encrypt AES key.
Fig 5 : RSA PUBLIC KEY
Fig 6: Acquire Context for Crypto operations.
To speed up the encryption, it encrypts only 1MB data for files of size more than 1 MB. After successful file encryption it appends “.jcry” extension to the filename.
Fig 7:Encrypted files with jcry Extension.
After encryption of files, it deletes all shadow copies with the help of the below command.
“vssadmin delete shadows /all”
and launch Dec.exe using Powershell command.
Fig 8: Vssadmin and PowerShell execution.
On execution of Dec.exe firstly it terminates and deletes enc.exe. Dec.exe is console application which asks the decryption key (RSA private key). After entering valid key it may decrypt encrypted files.
Fig 9 : Dec.exe.
It also drops ransom note on desktop location. To recover encrypted files it demands for 500$ as ransom and provides onion link (hxxp://kpx5wgcda7ezqjty.onion) where infected user will get private key after payment.
Work on personal devices. Employees love them. A lot of small companies and MSMEs are increasingly embracing Bring Your Own Device (BYOD) policies. But IT security is still skeptic about it. There’s a clear clash of wills here and it’s not difficult to figure out why.
Employees love working on their personal devices. The perceived benefits are quite attractive – they don’t have to carry many devices, they are much more used to their own devices so find it easier to adapt and they can work on the go, which could lead to increased productivity for an enterprise. While for MSMEs, BYOD leads to cost-savings which make for an attractive proposition – they don’t have to provide employees with work devices.
But IT security has a very valid point. When it comes to employees using their own personal devices, the line between work and personal gets very blurred. And that can have a big effect on cybersecurity, mainly because they are not able to have any oversight on them.
Lack of control
What if employees use their personal device on an unsecured WiFi which often has backdoor vulnerabilities deployed by hackers? What if they click on suspicious links or download fake applications which quietly steal all company-related data from the device?
There are more scenarios which illustrate the troubling problems personal devices used for work can bring: what if employees don’t update or patch their devices frequently hence leaving them open to hacking attempts? And very importantly, what is the procedure if an employee leaves the company or even absconds? A company runs the risk of important confidential data being irrevocably lost forever.
Yet, despite these troubling scenarios, BYOD policies and work on personal devices is becoming more and more popular. More and more enterprises are empowering employees to work on their personal devices. And so it’s important to find a way to alleviate the issues that come with this scenario.
Have a clear policy – It pays to have a clear policy outlining your policy on personal devices. Network administrators must strive to make this policy as comprehensive as possible with scenarios outlining what is appropriate usage and what is not. Compliance must be made mandatory but that doesn’t mean the policy should stay in a silo – it should be constantly evolving based on market threats and trends.
Have some red lines – Companies have shut down due to data breaches so it’s important that you don’t inadvertently become a victim due to a careless error. Hence, it’s important to have some red lines regarding usage of personal devices. What these red lines are depend on the nature of your enterprise – it could be a strict non-usage of unsecured WiFi, strict regulation of downloaded applications, no usage of cryptocurrency apps, etc.
Know what to do when an employee is leaving – This is a both an HR issues and a cybersecurity issue so should be dealt with sensitivity. The best practice is for devices to be wiped when their owner is leaving the company but an employee may object to their personal device being examined or wiped for data. Set expectations clearly especially at the joining stage about the tradeoffs employees will have to accept if they want to use personal devices.
Deploy fencing solutions – Try and invest in security solutions which provide a fencing option for personal devices. Hence, employees have clear distinctions between work and personal in their devices which helps in better cybersecurity.
Especially for mobile devices, enterprises can consider Seqrite mSuite, a small and comprehensive powerful tool to manage all mobile devices running on Android and iOS operating systems. The solution allows network managers to get total control over all applications installed on official devices, monitor internet usage patterns, track device location and apply company policies as per the location and time, and provide support through remote device control as well as file transfer
As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more
Marriott International. Hilton. Four Seasons. Trump Hotels. InterContinental. Hard Rock Hotel.
These are some of the biggest hospitality chains in the business. But there’s another detail also that connects the above names: In the last couple of years, all of them have been at the receiving end of a data breach which has given them uncountable headaches and pain.
It’s easy to see why the hospitality industry makes for such an inviting target to cyber criminals. Simply put, hotels store a huge amount of data about their customers. While a hotel may not have the same number of transactions as a retail store, the data they store about their own customers is substantially more. This includes plenty of personal and both financial data. The data on offer is detailed, rich and substantial – making it a gold mine for cyber criminals.
The risks involved
On the other hand, hotels are huge, gargantuan systems. They have thousands of endpoints on which customer data is stored and can be accessed, say through WiFi, Point of Sale (POS) devices and more. What complicates things further is they can often be interconnected (i.e. restaurant data may be connected with hotel data) which exponentially increases the risk of data breach, as hackers have many avenues to enter and steal data.
And apart from these, there are the usual security risks that come with POS transactions which are an integral part of the hospitality industry. Whether it is the lack of patches which make POS devices vulnerable to new threats or unencrypted transactions, the number of security risks involved is quite high.
Keeping all the above points in mind, it is quite clear why the hospitality industry is an appealing target for cyber criminals. And with the recent spate of attacks on some of the world’s leading hospitality chain, more and more players are waking up to the need of implementing strong, secure cybersecurity solutions. A few ways in which cybersecurity can be bolstered are:
Segregate your data – It might just seem easier and less time-consuming to put all your data and networks in one place. But it’s also a recipe for disaster and should be avoided by the hospitality industry. Keep different data in different places, especially by importance.
Create User Groups – Everyone doesn’t need to know everything. Attritions rates are always high in the hospitality industry with a number of employees coming in and leaving. This is a significant security risk and hence network administrators at hospitality groups must maintain user groups with access to only the data pertinent for each group provided.
A Back-Up Plan – For the hospitality industry specifically, the need of a back-up plan is extremely important. There are just too many variables in this industry – floating employees, thousands of endpoints, thousands of customers, inter-linkages, etc., making it humanly impossible to prevent an incident. But that incident does not need to create huge losses, if there is a strong incident response plan outlined with key data backed up and a plan of action to take in the event of a breach.
Track, Monitor, Analyze – Is there any suspicious activity going on? More data being consumed suddenly? An employee behavior that seems suspicious? These are all portents of a cybersecurity incident and in many cases, early warning and detection could help stave off a disastrous outcome down the line. But for that, network administrators must continuously keep tracking their system data for anomalies.
Hospitality companies can consider Seqrite’s Endpoint Security (EPS) solution which would provide a robust defense against the challenges outlined here. With features like Advanced Device Control, Ransomware & Malware Protection, Data Loss Prevention, Asset Management, and many others, it provides simplicity and control through a single platform providing hospitality companies with the best in cybersecurity. Seqrite has helped leading hotels in different countries with great results to improve their cybersecurity challenges.
As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more