Cyber Security

Security convergence is the consolidation of traditionally disparate risk management spheres of influence, Physical Security, Information Security and Compliance into a unified view of risk. Find Out More.

Compliance

We maintain extensive partnerships with regional accounting and audit firms. Find Out More.

NESP_Color

New England Safety Partners helps small and medium sized business with comprehensive Risk Management services in cyber securityphysical security and compliance management.

Please contact us for details. 

****

Proud Sponsor of the Boston Chapter of InfraGard

ig_logo

NESP consultants had a very thorough understanding of the PCI-DSS requirement. (The word ‘encyclopedic’ comes to mind.) This was very helpful in areas where the written standard leaves room for interpretation. In those situations, they helped us to assess our risk and to develop practical solutions.

They brought strong operating systems and networking expertise. They quickly earned the respect of, and collaborated effectively with, our technical staff. Consistently their recommendations were technically sound.

Information Security Staff Member, Large University

Working with technology and people can be messy and a sometimes befuddling proposition. NESP exercised effective people skills in balance with deep understanding of project technical issues to yield positive results for ITG.

CEO, Interactice Tactical Group

NESP was a strong business partner on information security issues particularly as they related to our employees, data security, data access and data controls. They were instrumental in putting a robust information security program in place for the organization, and for educating senior management on the criticality of security awareness. They demonstrated strong technical expertise, but also had the ability to align with business demands/appetite.

VP HR, Property and Casualty Insurance Company

Secret Service Warns of Chip Card Scheme

The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When the unsuspecting business receives and activates the modified card, thieves can start draining funds from the account.

read more

Your Hump Day Reading List for April 4, 2018

It’s Wednesday, and this week I have a particularly good selection of articles for your perusal!
 
On this week’s Training Talk: Active Killers
Tomorrow evening, April 5, be sure to tune into Training Talk on Personal Defense Network. My special guest expert this week is Joshua Gideon, and we’ll be talking about active killers: what can we do to stop them? We’ll be looking at the factors that motivate mass killers, some of the “red flags” that might …

The post Your Hump Day Reading List for April 4, 2018 appeared first on www.GrantCunningham.com.

read more

Dot-cm Typosquatting Sites Visited 12M Times So Far in 2018

A story published here last week warned readers about a vast network of potentially malicious Web sites ending in “.cm” that mimic some of the world’s most popular Internet destinations (e.g. espn[dot]cm, aol[dot]cm and itunes[dot].cm) in a bid to bombard hapless visitors with fake security alerts that can lock up one’s computer. If that piece lacked one key detail it was insight into just how many people were mistyping .com and ending up at one of these so-called “typosquatting” domains.

On March 30, an eagle-eyed reader noted that four years of access logs for the entire network of more than 1,000 dot-cm typosquatting domains were available for download directly from the typosquatting network’s own hosting provider. The logs — which include detailed records of how many people visited the sites over the past three years and from where — were deleted shortly after that comment was posted here, but not before KrebsOnSecurity managed to grab a copy of the entire archive for analysis.

read more

Panerabread.com Leaks Millions of Customer Records

Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.

The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com. The St. Louis-based company, which has more than 2,100 retail locations in the United States and Canada, allows customers to order food online for pickup in stores or for delivery.

read more

You can find perspective in some odd places

It must be said that I’m not really a travel bug. Don’t get me wrong; I’m no hermit, but I don’t have the intense wanderlust many people do. I can appreciate it, even envy it to an extent, but I’ve never had it.
So it was something of an oddity for me to be reading an interview with globetrotter Anthony Bourdain titled “All the Things You’re Doing Wrong When You Travel”. It’s an interesting piece, full of little tidbits …

The post You can find perspective in some odd places appeared first on www.GrantCunningham.com.

read more

Coinhive Exposé Prompts Cancer Research Fundraiser

A story published here this week revealed the real-life identity behind the original creator of Coinhive — a controversial cryptocurrency mining service that several security firms have recently labeled the most ubiquitous malware threat on the Internet today. In an unusual form of protest against that story, members of a popular German language image-posting board founded by the Coinhive creator have vented their dismay by donating tens of thousands of euros to local charities that support cancer research.

On Monday KrebsOnSecurity published Who and What is Coinhive, an in-depth story which proved that the founder of Coinhive was indeed the founder of the German image hosting and discussion forum pr0gramm[dot]com (not safe for work). I undertook the research because Coinhive’s code primarily is found on tens of thousands of hacked Web sites, and because the until-recently anonymous Coinhive operator(s) have been reluctant to take steps that might curb the widespread abuse of their platform.

read more

Omitting the “o” in .com Could Be Costly

Take care when typing a domain name into a browser address bar, because it’s far too easy to fat-finger a key and wind up somewhere you don’t want to go. For example, if you try to visit some of the most popular destinations on the Web but omit the “o” in .com (and type .cm instead), there’s a good chance your browser will be bombarded with malware alerts and other misleading messages — potentially even causing your computer to lock up completely. As it happens, many of these domains appear tied to a marketing company whose CEO is a convicted felon and once self-proclaimed “Spam King.”

read more

Your Hump Day Reading List for March 28, 2018

Another Wednesday, another collection of great articles to inform and educate about self defense, family protection, and preparedness!
 
Jump on in, the GPS water is fine!
There was a time when I was a die-hard GPS hater, but as the technology improved (and I learned how to use it most effectively) I changed my mind. There are times when compass triangulation doesn’t work, and times when GPS doesn’t work, so knowing how to do both (and how to …

The post Your Hump Day Reading List for March 28, 2018 appeared first on www.GrantCunningham.com.

read more

How fast should you shoot?

For at least a decade I’ve subscribed to the idea that a teacher needs to be open to change, and that in fact one of the best ways to gauge the quality of a teacher is to ask what he (or she) has changed their mind about. If they’re learning, if they’re growing, they’ll experience evolution in their viewpoint. If they’re evolving, they should be able to point to something they teach now that they didn’t used to, or …

The post How fast should you shoot? appeared first on www.GrantCunningham.com.

read more

Who and What Is Coinhive?

Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users, thanks to the tendency for Coinhive’s computer code to be used on hacked Web sites to steal the processing power of its visitors’ devices. This post looks at how Coinhive vaulted to the top of the threat list less than a year after its debut, and explores clues about the possible identities of the individuals behind the service.

read more