Cyber Security

Security convergence is the consolidation of traditionally disparate risk management spheres of influence, Physical Security, Information Security and Compliance into a unified view of risk. Find Out More.

Compliance

We maintain extensive partnerships with regional accounting and audit firms. Find Out More.

NESP_Color

New England Safety Partners helps small and medium sized business with comprehensive Risk Management services in cyber securityphysical security and compliance management.

Please contact us for details. 

****

Proud Sponsor of the Boston Chapter of InfraGard

ig_logo

NESP consultants had a very thorough understanding of the PCI-DSS requirement. (The word ‘encyclopedic’ comes to mind.) This was very helpful in areas where the written standard leaves room for interpretation. In those situations, they helped us to assess our risk and to develop practical solutions.

They brought strong operating systems and networking expertise. They quickly earned the respect of, and collaborated effectively with, our technical staff. Consistently their recommendations were technically sound.

Information Security Staff Member, Large University

Working with technology and people can be messy and a sometimes befuddling proposition. NESP exercised effective people skills in balance with deep understanding of project technical issues to yield positive results for ITG.

CEO, Interactice Tactical Group

NESP was a strong business partner on information security issues particularly as they related to our employees, data security, data access and data controls. They were instrumental in putting a robust information security program in place for the organization, and for educating senior management on the criticality of security awareness. They demonstrated strong technical expertise, but also had the ability to align with business demands/appetite.

VP HR, Property and Casualty Insurance Company

Patch Tuesday Lowdown, July 2019 Edition

Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Among them are fixes for two zero-day flaws that are actively being exploited in the wild, and patches to quash four other bugs that were publicly detailed prior to today, potentially giving attackers a head start in working out how to use them for nefarious purposes.

read more

Who’s Behind the GandCrab Ransomware?

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.

read more

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Microsoft Azure and Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware attacks targeting CSP employees and contractors.

read more

Tracing the Supply Chain Attack on Android

Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the offending vendor uses the nicknames “Yehuo” or “Blazefire.” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware.

read more

Microsoft Patch Tuesday, June 2019 Edition

Microsoft on Tuesday released updates to fix 88 security vulnerabilities in its Windows operating systems and related software. The most dangerous of these include four flaws for which there is already exploit code available. There’s also a scary bug affecting all versions of Microsoft Office that can be triggered by a malicious link or attachment. And of course Adobe has its customary monthly security update for Flash Player.

read more

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments Web site exposed personal, financial and medical data on nearly 12 million Quest patients.

Just a few days ago, the news was all about how Quest had suffered a major breach. But today’s disclosure by LabCorp. suggests we are nowhere near done hearing about other companies with millions of consumers victimized because of this incident: The AMCA is a New York company with a storied history of aggressively collecting debt for a broad range of businesses, including medical labs and hospitals, direct marketers, telecom companies, and state and local traffic/toll agencies.

read more

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “Eternal Blue,” a hacking tool developed by the U.S. National Security Agency (NSA) and leaked online in 2017. But new analysis suggests that while Eternal Blue could have been used to spread the infection, the Robbinhood malware itself contains no traces of it.

read more