News

WPA 2 Krack or Key Reinstallation Attack

Black wifi router in an office background. 3d illustration

By Stacy High-Brinkley

How does the hack happen?

“When a device joins a protected Wi-Fi network, a process known as a four-way handshake takes place. This handshake ensures that the client and access point both have the correct login credentials for the network, and generates a new encryption key for protecting web traffic. That encryption key is installed during step three of the four-way handshake, but the access point will sometimes resend the same key if it believes that message may have been lost or dropped. Vanhoef’s research finds that attackers can essentially force the access point to install the same encryption key, which the intruder can then use to attack the encryption protocol and decrypt data.” – Time.com

Now what? We all use Wifi at home and business in some form or fashion. These are the steps you
need to take and be ready to take when the patches are released.

Update all devices especially Android and Linux devices, this includes any smart devices including TVs. The only way a hacker can hack your wifi router is if they have access to it, for instance my router is in the middle of house and a little harder to get to than if it was near a front window. Call your provider to see if they have a firmware update for your router. Take any devices off of your wireless network that host critical data until all systems are patched.

Avoid public Wi-Fi at all costs, including Google's protected Wi-Fi hotspots until Google says otherwise. Only connect to secured services, this means web pages that use HTTPS in the URL. You should contact any company whose services you use and ask if the connection is secured using TLS 1.2, and if so your connection with that service is safe for now.

If you have a paid VPN service that you trust you should enable the connection full-time until further notice. Resist the temptation to rush and sign-up for any free VPN service until you can find out if they have been vetted and will keep your data secure. Most don’t.

Use a wired network if your router and computer both have a spot to plug in an Ethernet cable. This exploit only affects 802.11 traffic between a Wi-Fi router and a connected device.

Remember that we live in a connected world, we need to stay vigilant at all times. Once all of the
patches are released for your all of your devices in your home and or business take a day off and start patching!

Read More →

Equifax Data Breach: Are you one of the 143 million hacked?

cask-cyber-secutiry

With the latest Equifax data breach information coming out last week, over 143 million Americans’ financial and personal identifiable information (PII) is now in the hands of cyber criminals. Additionally, credit card numbers from approximately 209,000 U.S. consumers and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers were also accessed by cyber criminals. This data breach denotes a real threat to the economic security of the U.S. and is becoming alarmingly more frequent.

Cyber criminals exploited an Equifax U.S. website application vulnerability to gain access to the data between mid-May through July 2017 to the below information:

  • Names
  • Social Security Numbers
  • Driver’s License Numbers
  • Credit Card Numbers
  • Dispute Documents
  • Birth Dates
  • Addresses

Cask strongly recommends for all to visit Equifax’s below website to determine if the above data breach impacted your credit data.

https://www.equifaxsecurity2017.com/potential-impact/

 

To find out how to further reduce the risk of having exploited vulnerabilities within your own company’s computing environment, let us help guide you and your company to become more proactive and aware of cyber threats. Contact info@caskllc.com.

Read More →

Cask + NAVSUP Launches ServiceNow

#NAVSUPBSC Team celebrates successful test pilot for ServiceNow.
#NAVSUPBSC Team celebrates successful test pilot for ServiceNow.

At the end of June, Cask, along with our strategic partner, Vintun LLC, implemented a successful ServiceNow test pilot for NAVSUP Business Systems Center (BSC) to automate the process of onboarding new Contractor Service Support (CSS) personnel. Our ServiceNow experts have automated a previously manual process that could take up to 120 days, and have reduced it down to an average of 24.5 days.

Cask LLC provides IT professional consulting services to assist customers establish strategies to drive success in key areas of interest such as HR, Finance, and Risk Management. Once these strategies are developed, Cask continues to work with the customer to implement these strategies through integrated solutions.

To read more about how Cask has helped NAVSUP BSC modernize their processes by leveraging the ServiceNow platform, click the link to the article below. If your company is looking for assistance with modernization efforts to achieve your business goals, letstalk@caskllc.com!

For more information click here.

Read More →

Cask and Vintun are Approved for the Mentor-Protégé Program

Cask_Vintun-program

Cask is excited to announce our participation in the Mentor-Protégé program as a mentor to Vintun. With Cask’s 13 years of experience and Vintun’s quick and impressive track record, the partnership is a powerful combination.

The mentor protégé program was established to provide small businesses with technical and management assistance, financial assistance, developmental assistance through subcontracts, assistance in performing prime contracts through JV agreements, trade education, increased small business opportunities in the federal market, ability to compete for more contracts, improve small business development, provide new potential for evaluation credit on subcontracts awarded to protégés, and facilitate the protégé’s ability to transition from the 8(a) program to a successful small business.

For More Information, Contact Us at:
caskllc.com  |  busdev@caskllc.com  |  866.535.8915

You can also visit the SBA site at, SBA.gov or you can go right to the Mentor-Protégé page here.

Read More →

2016 Best Places to Work

This year the Washington Business Journal honored 86 companies as Best Places to Work in the D.C. area. Cask ranked as #3 Best Place to Work in the D.C. Area ( in Large company size category.) How did we earn this designation? By scoring the highest among hundreds of employers that participated in Omaha, Nebraska-based Quantum Workplace’s annual employee engagement survey. Read here to find out more about these companies — and the ways they go about building great teams.

Read More →

5 Reasons to Attend Geek Week- ISACA Atlanta Conference

Geek Week

 

Cask is proud to be a sponsor of the upcoming Geek Week- ISACA Atlanta conference. The 8th annual Geek Week Conference is Atlanta’s premier IT audit, security and governance training event!
The conference takes place August 8th-10th with a 2 Day Certification Review Course following on the 11th and 12th at the Cobb Galleria Centre.

Top 5 Reasons to Attend:

  1. Learn up to date industry best practices on IT Governance, Audit, and Security.
  2. Obtain up to 18 CPE Credits through sessions offered to support your CISA, CISM, CRISC, CGEIT, and other industry related certifications.
  3. Attend networking events throughout the week to engage with peers across all industries.
  4. Listen to sessions from industry leaders including a closing KeyNote by Kevin McCarthy, CEO of 360 Narrative Group.
  5. Receive a special gift for referencing this post when you stop by the Cask table in the Exhibit Hall!

REGISTER HERE for Geek Week 2016. We look forward to seeing you at this upcoming conference!

If you would like to learn more about how Cask can help you with Audit, Governance, and Security work visit our page.

 

Read More →

Cask Teaching Pre-Conference Workshops at Knowledge 16

The annual ServiceNow conference, Knowledge, is coming up soon and expecting to draw 10,000 IT Professionals dedicated to transforming IT service and service relationships across their enterprises. Join Cask at Knowledge16 – May 15th-20th at Mandalay Bay in Las Vegas. Cask will be teaching 2 Pre-Conference Workshops at this years Knowledge Conference as well as exhibiting at the event.

REGISTER FOR ONE OF CASK’S PRE- CONFERENCE WORKSHOPS (more…)

Read More →

Cask Sponsors AFEA FITARA Implementation Symposium

Cask sponsors AFEA FITARA Implementation Symposium focused on helping government organizations implement the FITARA regulation and OMB Guidance.

Cask is a sponsor of the inaugural Association for Enterprise Information (AFEI) FITARA Implementation Symposium being held at the Army Navy Country Club in Arlington, VA on Tuesday, June 30, 2015.  AFEI is hosting this series to help Government agencies and their industry partners understand more about how the legislation affects them, examine the challenges they will face, and help agencies take steps to implement FITARA using an agile and outcome driven approach.  The events will showcase best practices and benefits, and help agencies develop a road map to successful implementation and demonstrable results.  The events will also provide industry a better understanding of how to support agency efforts. (more…)

Read More →

Numerify and Cask Partner to Bring IT Business Analytics Solutions to Customers Worldwide

CUPERTINO, Calif. — Numerify, a provider of cloud-based, IT business analytic solutions, today announced four new additions to the Numerify Partner Program: Cloud Sherpas, Cask LLC, Kloves, and Aspediens. Each of these partners, who also implement or consult on IT service, asset, business and project management solutions, have recognized that market demand has increased significantly for IT analytics solutions and have partnered with Numerify, a leading business analytics solution provider for ServiceNow, to deliver on that need. “The strategic partnerships that we announced today gives Numerify the ability to meet increased customer and market demand globally, helping us grow and scale the business,” said Steve Erbst, VP of Worldwide Sales at Numerify. “More importantly, our joint customers will have trusted advisors and integrators that can effectively map their business goals to the right analytics solution to help them conduct the business of IT.” Numerify is proud to partner with the following companies:

(more…)

Read More →

Cask Receives Letter of Recommendation from the Government of Romania

Cask received a Letter of Recommendation from the Government of Romania for our work on their new Legislative Affairs System.

“The Government of Romania, acting through the General Secretariat of the Government and the Chancellery of the Prime-Minister, together with the Romanian Parliament has the good fortune of working with CASK LLC […] on a very important project for the entire legislative process in Romania, funded by USTDA and specifically dealing with planning and ultimately guiding the implementation of an “Information system for tracking the legislative process” (SILEX) needed to align and/or improve the current operational processes within each organization participating in the project and the overall legislative function.”

To find out more information, please refer to Valet News. To find out more information about the VALET Program please refer to ExportVirginia.org

Read More →