Category Archives: Red Cell

This is our traditional form of testing, where we will work with you to develop a testing approach and then replicate the role of the attacker targeting your company in various social engineering scenarios

Nude Celebrity Scandal, Cloud Service Security and You!


September 04, 2014

Following the slew of private celebrity photos leaked earlier this week, both end-users and organisations are understandably concerned. Invariably, user confidence in the security of online services, and the confidentiality of any data stored, has been shaken by such leaks.

This is especially worrying for organisations, as more and more enterprise services move onto remotely hosted cloud platforms, which are now home to the corporate crown jewels (emails, commercially sensitive information, intellectual property etc).

The same security issues that appear to have caused the recent iCloud breaches typically affect these cloud platforms. From a security perspective, using a cloud system is effectively outsourcing and therefore should be treated as diligently as any other outsourcing arrangement.

According to Apple, the recent celebrity photo compromise occurred due to a “very targeted attack on user names, passwords and security questions” – in other words, social engineering password resets. Continue reading

Credit Union error exposes data of 18,000 members


July 02, 2014

Members of the Stanford Federal Credit Union in California are being notified that a security breach has left their information exposed.

Around 18,000 members of the Union had data breached when an employee of the organisation inadvertently sent an email to another employee. A significant amount of sensitive data was sent, including names, member identification numbers, personal addresses, loan offers and credit information.

Continue reading

Hackers access university student and staff data

Students and staff from Butler University in Indianapolis are being notified that their personal information may have been compromised by an attack carried out in 2013.

Around 163,000 staff, alumni, faculty and students (both current and prospective) are now being contacted following a recent California law identity theft investigation. Police recently arrested an individual in possession of a flash drive containing Butler University information.

Continue reading

Metropolitan Companies announces potential breach


June 26, 2014

Metropolitan Companies is currently in the process of notifying individuals of a possible data breach, one which may have left their personal information open to a third party.

The attack was identified on April 21 when Metropolitan Companies noticed an unauthorised third party had accessed computer systems, stealing documents containing the data.  The company has not yet confirmed what information has been stolen, but is required to notify potential victims.

Continue reading

Ubisoft confirms data breach


July 04, 2013

Users of Ubisoft's Uplay site have been warned that their personal data may have been compromised following a security breach that originated from its online systems.

Hackers targeted sensitive data such as email addresses and passwords, but the company explained that it does not retain any financial information so this is not under threat.

Continue reading

ACMA: Cloud services raise security concerns


June 17, 2013

As many as 71 per cent of Australians are currently using a cloud service, leading many to express concerns about the security of their data, a new paper has found.

The research, entitled ‘The cloud: services, computing and digital data – emerging issues in media and communications’, showed that people are unsure about how their information is being managed and protected.

Continue reading