Monthly Archives: December 2013

Experts say security lapses in 2013 could affect cloud adoption next year


December 31, 2013

The past year saw a number of high profile security breaches that may have had a tremendous impact on how willing businesses will be to adopt cloud-based systems, according to one expect from Netgear.

ARNnet recently published a report that discusses how the security issues noted this year could affect next year's cloud adoption. Netgear's Australia and New Zealand vice president and managing director Brad Little told ARNnet that he wouldn't be surprised if cloud adoption slowed because of security concerns.

Continue reading

Security breach of US retail giant affects 40 million


December 24, 2013

Target Corporation, one of the largest retailers in the US, recently acknowledged it had been hacked by an outside group that stole the credit card information of 40 million of the store's customers.

The company confirmed the attack in a December 19 statement, stating that an outside group had gained access to payment card data that could impact anyone who has shopped in its stores. Target said it was working closely with investigative officials as well as the financial institutions to address the issue.

Continue reading

Dumping Windows Credentials


December 20, 2013

By Sebastien Macke, @lanjelot

Introduction

During penetration testing engagements, we often find ourselves on Windows systems, looking for account credentials. The purpose of this post is to walk through some techniques to gather credentials from Windows systems while being as non-intrusive as possible.

The core principles behind the techniques described in this post are:

  • Safety – Avoid causing any downtime, by using tools and techniques which are known to be safe, and will not render a system unstable.
  • Stealthiness – Avoid detection by using tools and techniques that will trigger alerts. Refrain from uploading binaries, turning off the anti-virus, generating suspicious event logs etc.
  • Efficiency – While Bernardo’s blog attempts to cover many of the tools and techniques available for dumping credentials from a Windows host, this post focuses on the most practical way to get the job done. Continue reading

Experts explain how PCI DSS will affect penetration testing for Aussie businesses

Penetration testing services had better prepare for a surge in demand next year, considering PCI DSS compliance will require more rigorous vulnerability management measures.

According to CSO, PCI Data Security Standard 3.0 compliance will require businesses to put together clear-cut strategies for performing penetration testing functions, which will ultimately make it safer for all companies to handle valuable credit card data.

Continue reading

Study: Bots make up 61.5 per cent of all web traffic


December 18, 2013

A new report shows just how much internet has traffic has changed in only the past year, with 61.5 per cent of all website traffic now made up of bots – and many are malicious in nature.

According to research from content delivery network security firm Incapsula, the number of bots trolling the internet has risen from 51 per cent of all web traffic since last year. Moreover, the first study found that 60 per cent of these bots were malicious.

Continue reading

Online banking threats ‘will continue’


December 12, 2013

Plenty of predictions are already being made about what is in store for the cyber security market in 2014, with one group believing banking threats will continue to emerge.

The annual report from Trend Micro, titled Blurring Boundaries: Trend Micro Security Predictions for 2014 and Beyond, indicates that Android devices will be the prime target for cyber criminals.

It forecasts that the number of malicious and high-risk Android apps will reach three million by the end of next year – and other platforms will not be exempt either.

The likes of Sailfish and Firefox might be relatively new to the market, but Trend Micro anticipates that other operating systems with an Android compatibility layer will become available.

While this layer will enable Android apps to run on the operating system, the group warned that it will make it easier for cyber criminals to create threats that affect a range of different platforms.

Continue reading

Freedom of information complaints rise 17 per cent over the year


December 10, 2013

This year's annual report from the Office of the Australian Information Commissioner (OAIC) showed the number of review applications, complaints and enquiries regarding privacy and freedom of information rose 17 per cent from last year.

Australian Information Commissioner John McMillan stated that even though the higher number of complaints meant higher workloads for the office, in the end it was a "pleasing confirmation" of how the OAIC is helping Australians address privacy issues.

Continue reading

Explaining new requirements under PCI DSS 3.0


December 06, 2013

On January 1 2014, the third version of the Payment Card Industry Data Security Standard will go into effect, and although Version 2 won't expire for another year, experts are encouraging to start the switch soon.

According to DataGuidance, a preview of the new version showed there will be several new requirements. This included making penetration testing mandatory for all businesses,  large and small.

Continue reading

December 2013 Newsletter


December 05, 2013

Our latest newsletter is now available!
http://createsend.com/t/j-D0CABFE16B8020AB

Featuring:

  • Bang for Bucks Security Investment
  • The Death of New Services and Consumer Confidence
  • Social Engineering – Should you test?
  • Framework for Security Standards
  • The “Act” of Privacy – A 10 minute guide to becoming an expert…
  • Qualys Webex Training – Vulnerability Management
  • Industry Roundup
  • Securus takes on MOvember!