Category Archives: Hacking

Bernard Montel, Tenable: Navigating the latest cybersecurity trends

As organisations worldwide continue to grapple with an ever-expanding threat landscape, understanding the latest cybersecurity trends has never been more crucial. Ahead of Cyber Security & Cloud Expo Europe, Bernard Montel, EMEA Technical Director and Security Strategist at Tenable, shed light on the shifts in cybersecurity over the past five years and offers valuable insights… Read more »

The post Bernard Montel, Tenable: Navigating the latest cybersecurity trends appeared first on Cloud Computing News.

The Hacked Landscape: Protecting Your Organization from Modern Threats

Security is one of, if not the, top concerns among IT professionals. Every week it seems a new, widely publicized breach occurs. Some vendors claim to have a silver bullet solution that is a cure-all for every security need. But is that the case? In this video, I talk about the current “hacked landscape,” how preventative measures to keeping information safe has changed, and the approach organizations should be taking to security.

 

 

Interested in speaking more with Dan about security? Reach out!

 

By Dan Allen, Solutions Architect

Google Drive vulnerable to undetectable phishing campaign, experts claim

Hackers used Google Drive to mount a barely detectable phishing attack

Hackers used Google Drive to mount a barely detectable phishing attack

Google Drive has been subject to a phishing attack that used JavaScript code obfuscation and compromised websites in order to steal end-user account credentials using Google services.

Elastica researchers explained attackers deployed a JavaScript encoding mechanism to obfuscate web page code that could not be easily read, and used fake SSL credentials to gain entry to Google’s services. Attackers were able to reach a wide network of end-users by exploiting Google Drive to host malicious Web pages, where attack victims were directed.

The hackers used Gmail to distribute emails containing links to unauthorized web pages hosted on Google Drive, and then stored stolen credentials through a third-party domain.

Although the malicious pages were reported to Google, Elastica said they have yet to be removed.

“In this particular incident, attackers were able to circumvent tight security controls and target Google users specifically to gain access to a multitude of services associated with Google accounts,” said Aditya K Sood, architect of Elastica Cloud Threat Labs.

“While the cloud offers unprecedented benefits to its users, it is challenging the traditional security model and necessitating a modern, flexible security stack designed to provide protection in a perimeterless world.”

Because the pages were hosted on Google Drive, which uses SSL to encryption, standard security methods like IP blacklisting and intrusion detection weren’t effective.

Rehan Jalil, chief executive of Elastica said these issues will likely keep cropping up as cloud usage grows.

“Security and risk professionals are quickly learning that legacy security solutions are no longer effective for cloud applications,” Jalil said.

Telstra’s recent buy Pacnet suffers IT security breach

Pacnet's IT network was hacked earlier this year

Pacnet’s IT network was hacked earlier this year

Telstra’s recently acquired datacentre and cloud specialist Pacnet suffered a security breach earlier this year whereby a third-party managed to get access to its IT network, the telco revealed this week.

Telstra was quick to point out that while the breach occurred on Pacnet’s IT network (which isn’t connected to Telstra’s) before its acquisition of Pacnet was finalised in April, it did do and has since done all it can to try and understand the reasons for the breach and its potential impact on customers.

The company has alerted customers, staff and regulators in the relevant jurisdictions.

Group executive of global enterprise services Brendon Riley said the investigation is ongoing, and that the company will apply its own tried and tested security technologies and techniques to Pacnet’s network.

“Our investigation found a third party had attained access to Pacnet’s corporate IT network, including email and other administrative systems, through a SQL vulnerability that enabled malicious software to be uploaded to the network,” Riley said.

“To protect against further activity we rectified the security vulnerabilities that allowed the unauthorised access. We have also put in place additional monitoring and incident response capabilities that we routinely apply to all of our networks.”

He said the firm is alerting customers of the potential impact of the breach, and hopes that the extra precautions the company has put in place will restore confidence in the firm.

The company has so far declined to comment on the scope or volume of data exposed to hackers.

Telstra seems keen to pre-empt any privacy-related regulatory challenges, something the company has had to deal with in recent years – which, it was eventually found, was due in part to its own negligence.

Last year for instance the firm was fined by the Australian Information Commissioner for making the personal details of almost 16,000 customers accessible via the internet between February 2012 and May 2013 after several spreadsheets containing customer data dating back to 2009 was found through Google Search.

Telstra’s recent buy Pacnet suffers IT security breach

Pacnet's IT network was hacked earlier this year

Pacnet’s IT network was hacked earlier this year

Telstra’s recently acquired datacentre and cloud specialist Pacnet suffered a security breach earlier this year whereby a third-party managed to get access to its IT network, the telco revealed this week.

Telstra was quick to point out that while the breach occurred on Pacnet’s IT network (which isn’t connected to Telstra’s) before its acquisition of Pacnet was finalised in April, it did do and has since done all it can to try and understand the reasons for the breach and its potential impact on customers.

The company has alerted customers, staff and regulators in the relevant jurisdictions.

Group executive of global enterprise services Brendon Riley said the investigation is ongoing, and that the company will apply its own tried and tested security technologies and techniques to Pacnet’s network.

“Our investigation found a third party had attained access to Pacnet’s corporate IT network, including email and other administrative systems, through a SQL vulnerability that enabled malicious software to be uploaded to the network,” Riley said.

“To protect against further activity we rectified the security vulnerabilities that allowed the unauthorised access. We have also put in place additional monitoring and incident response capabilities that we routinely apply to all of our networks.”

He said the firm is alerting customers of the potential impact of the breach, and hopes that the extra precautions the company has put in place will restore confidence in the firm.

The company has so far declined to comment on the scope or volume of data exposed to hackers.

Telstra seems keen to pre-empt any privacy-related regulatory challenges, something the company has had to deal with in recent years – which, it was eventually found, was due in part to its own negligence.

Last year for instance the firm was fined by the Australian Information Commissioner for making the personal details of almost 16,000 customers accessible via the internet between February 2012 and May 2013 after several spreadsheets containing customer data dating back to 2009 was found through Google Search.

The Hacking Industry isn’t Just Getting Bigger, it’s Getting Smarter

In this video, Solutions Architect Dan Allen talks about the growth and evolving sophistication of the hacking industry. There was a large uptick in data breaches in late 2013 and throughout 2014. Dan discusses the importance of having visibility into your environment to address breaches as quickly as possible and to make sure they got resolved properly.

 

http://www.youtube.com/watch?v=pM4vw_Tyzjg

 

 

Interested in learning more? Reach out to us!

Let’s Hope Not: Least Favorite 2013 Prediction is “Hacking-as-a-Service”

Among all the pundit predictions for the coming year in cloud computing the one that caught my eye was this one by BusinessInsider’s Julie Bort in an article entitled “5 Totally Odd Tech Predictions That Will Probably Come True Next Year

1. Bad guys start offering “hacking as a service”

Security company McAfee says that criminal hackers have begun to create invitation-only forums requiring registration fees. Next up, these forums could become some sort of black-market software-as-a-service. Pay a monthly fee and your malware is automatically updated to the latest attack. Don’t pay, and it would be a shame if something happened to your beautiful website …

HaaS? Let’s hope not.