Tag Archives: Security Breach

The Anatomy of a Security Breach.

January 16, 2014

Securus Global’s approach to minimising your risks…

By now, you have probably read about the Target security breach: (Nothing new… this happens all the time).

At Securus Global, we are frequently asked by our clients how hackers compromise companies and in turn, what can be done to minimise the risk of it happening to their own organisation.

By hiring the likes of Securus Global to test your systems in testing, pre-production and/or post production, we’ll be able to highlight any potential exposures you have and issue advice on how to fix them and ways to make you more resistant to such breaches all together.

Better yet, we would rather help you be in a position that your risks are identified beforehand, or even not to be there in the first place.

This is why in early 2014, we’re offering client workshops to explain the anatomy of such attacks and how the hackers are attaining this information from your companies.

These are 1-2 hour informal sessions (no cost), where we talk about what we have seen in the last 10 years, how the attacks are planned and take place but most importantly, what you can do to minimise the chances of this happening to your company. Continue reading

Looking at Good Application Security – It’s Not Just about Penetration Testing

June 05, 2013

(An updated article from article Tek-Tips, originally published in 2010: http://tek-tips.nethawk.net/looking-at-what-makes-good-application-security-knowledge/ )

In 2013, there is still a growing reliance on penetration testing to identify all the flaws in the security of systems and applications. This is a flawed approach. While penetration testing is important and we believe a must-do for all new systems and applications being rolled out, if this is all you are doing, you really need to assess your whole security framework and systems development lifecycle. Penetration testing is just an assurance assessment – just one component of how an application should be reviewed/audited/tested by companies. Continue reading

LinkedIn reassures users that their information is secure

June 14, 2012

Professional social networking site LinkedIn has moved to assure users that their information is secure, following a highly-publicised security breach earlier this month.

“By now, many of you have read recent headlines reporting that 6.5 million LinkedIn hashed passwords were stolen and published on an unauthorised website,” wrote LinkedIn director Vicente Silveira, in a blog post dated June 9.

“We take this criminal activity very seriously so we are working closely with the FBI as they aggressively pursue the perpetrators of this crime.”

Silveira pointed out that no usernames were paired with the leaked passwords, and claimed that he has received no reports of accounts being breached as yet.

He also claimed that LinkedIn recently upgraded its security protocols. Stored passwords are now hashed and salted in order to provide an extra layer of protection, a commonly recognised best-practice in the security industry.

Following the breach, many experts criticised the LinkedIn team for not taking more care in guarding user information.

LinkedIn has responded by pointing out that all compromised passwords were deactivated immediately and that all users whose information was put at risk have been contacted.

However Andrew Conway, from security website CloudMark, is reporting that four per cent of affected LinkedIn users incorrectly marked that email as spam, and did not take heed of the instructions it contained.

Even minor security breaches can have a major impact on a business’s reputation. Customers expect complete security when operating in the online environment and it is the responsibility of the company to ensure its private information is safe.

Penetration testing is often a good way to fully evaluate the security protocols that your business has in place, by finding any potential backdoors and access points before they are exploited by cyber criminals.

Blogger Vincenzo Cosenza recently released his world map of social network popularity, and found LinkedIn to be the second most popular online networking option in Australia, behind only Facebook.

Lastfm investigating user password security issue

June 12, 2012

Music website Lastfm is currently investigating a potential security breach, according to a blog post released June 7.

The news follows yesterday’s report of a major hacking incident on professional social networking site Linkedin, which saw a reported six million user passwords stolen.

Lastfm has requested that all users currently registered with the site change their password immediately, to a different log-in than they use on other websites.

Businesses with concerns over the risk of unwanted access to confidential information should consider penetration testing .

This is a means of determining weaknesses in security protocols, and provides a complete analysis of the systems and applications that may need improvement.

Through this evaluation, businesses can take the necessary steps to insure information is secure and private, and greatly reduce the risk of cybercrime.

Lastfm allows users to build a music profile which provides information and recommendations based on listening habits. Both a free service and an advertisement-free subscriber’s service are available.

“We’re sorry for the inconvenience around changing your password; Last.fm takes your privacy very seriously,” wrote the Lastfm team.

“We’ll be posting updates in our forums and via our Twitter account (@lastfm) as we get to the bottom of this.”

Hackers leak confidential Linkedin passwords

June 07, 2012

Professional social networking website Linkedin.com is investigating a security breach that may have seen upwards of six million passwords compromised.

Linkedin president Vicente Silveira confirmed the incident in a blog post dated June 6, and informed affected users that they would receive an email with instructions on how to reset their passwords, followed by a further email explaining the situation.

Compromised passwords will no longer work, while non-affected users will be able to continue using the site with their current login details.

Over 160 million people use Linkedin to create business contacts, find jobs and upload resumes. Users must be accepted as contacts before they can view another person's private details.

Linkedin is yet to release official numbers, but UK Web security company Sophos is reporting 6,458,020 hashed passwords were uploaded to a Russian online forum.

While the relative usernames to those passwords were not posted, it is likely that the hacker has access to those as well.

Security breaches like this can be a major blow to business, compromising secure information and damaging client confidence.

Red cell assessments are one way to review security measures, by simulating an external attack on secure company information.

A red cell team consists of highly trained professionals, adept at using both standard and experimental methods of cyber penetration.

They can attempt to access secure information already stored on a business database, or they can seek out a faux-document that has been planted beforehand. Either way, information remains secure and confidential and there is minimal risk of downtime or productivity loss.

After the assessment is complete, a full debriefing provides clients with an evaluation of their security processes and allows them to take the necessary steps to prevent a legitimate attack.

Linkedin has apologised to users for any inconvenience caused and emphasised that it takes client security seriously.