fbpx
 

Category: Security Assessments

Ethical Hackers Find Oracle Vulnerability

CNN recently interviewed two hackers Bryan Seely Ben Caudill, who discovered an unsettling security hole, uncovering intimate details like children’s school records, including detailed bus route information; arrest and prosecution information from a major Midwestern city; and the real names and numbers of intelligence agents visiting a major American port.

Enact and Redact: Data Redaction feature of Oracle Advanced Security Enterprise Option in 12c

With today’s growing concerns regarding the security on BYO devices (BYOD) such as smartphones, tablets, and laptops; it is critical to ensure sensitive data is not exposed. Enacting security policies and procedures that help remove or reduce these concerns is mandatory in today’s world. Data Redaction is a new feature of the Oracle Advanced Security Enterprise Option introduced with version 12c. It is still a feature that must be licensed separately from Oracle Database Enterprise Edition 12c, but it goes […]

Cloudy with a Chance of Storms: Adobe Breach

With Adobe’s release of its Creative Cloud, news of a security breach couldn’t come at a worse time. Adobe’s focus is getting customer’s to buy into the cloud through its VIP license program. Adobe’s VIP license program is subscription based, this allows customers to stay cutting edge with receiving all of Adobe’s currently releases. Customer’s that chose not to go into the Creative Cloud, will stay at Creative Suite 6, without the ability to upgrade that version. Customers, if they […]

Big Brother made me do it!

Our personal favorite hacker, Albert Gonzalez, said that the government knew about his theft of 130 million credit and debit card numbers from Office Max, TJX, Heartland Payment Systems and Dave & Busters. In fact, he filed a 25-page petition seeking to overturn his 20-year sentence. The Secret Service declined to give comment. Within 5 years, Gonzalez collected $2.8 million. Now, he is saying that it was all government sanctioned. By all means, let’s pass the buck.

SANS 20 Critical IT Security Controls #2: Inventory all Software

Most companies do a pretty good job of keeping an inventory of all their hardware such as servers, work stations, laptops and PD As. However, companies don’t usually put the same type of effort into tracking software that’s installed on their systems. Of course, there are many strong reasons for this, including the fact that it’s not easy to keep update with all the different types of software you need to use today. Hackers are always looking for vulnerable software […]

SANS Critical IT Security Controls #1 – Inventory your devices

Cyber attackers are constantly devising ways to hack into computer systems. You may have several test and development databases lying around across your in a semi-protected fashion. Or, your company may have recently bought and assigned a bunch of laptops. It’s essential that you patch ALL the computing devices in your environment, regardless of the purpose those devices may serve. In order to do this, however, you must first know the devices that your company owns. Even a small company […]

In Archive