Meetup Vulnerabilities: Escalation of Privilege and Redirection of Funds

What’s HOT in Application Security Vol #17

PayPal to Grant Money for Reported Vulnerabilities

Asking hackers to report security breaches they find without being rewarded doesn’t seem to work. There has to be some kind of an incentive. EBay, Amazon, Sony and now PayPal will provide security researchers who discover vulnerabilities in its website with money prizes. This encourages hackers to search for security breaches but at the same time, instead of using the vulnerabilities for illegal intentions they could make some money, disclose the vulnerabilities that they find on to their own personal blogs, and possibly make a name for themselves.

For more information, visit:

Does big data mean big risks for businesses?

Security risks must mature with the over flown amount of data collected. How are they going to protect it? And most importantly, how are they going to use it safely and legitimately? Undoubtedly, there needs to be better liability amidst key stakeholders and combined thinking throughout organizations.

From the information security standpoint, the main areas of concern surrounding big data tend to fall into the following five areas:

1. Cyber security: the temptations for cyber criminals are greater than ever. Cyber adjustability   and Alertness strategies are crucial for big data.

2. Data in the cloud: Big data in the cloud is a very enticing target for cyber criminals looking to gather information. This requires businesses to get their secure cloud sourcing strategy correct.

3. Consumerization: Businesses are presently encountered with the challenge of overseeing and securing employees’ personal devices in the corporation. Businesses must make sure that their employee acceptable usage policies are enforced and continue to manage mobile devices alongside their established security policy for the business owned devices.

4. Interconnected supply chains: There is a key role for information security in coordinating the contracting and provisioning of business relationships, including outsourcers, offshorers, supply chain and cloud providers.

5. Privacy: As larger amounts of data are created privacy concerns will become much greater with time.

For more information, visit:

Hacker compromised Global Organizations

A hacker who identifies himself as C0mrade, supposedly managed to get a hold of top classified information in airline companies, hospital management systems, banks, and more recently, a number of dealership units used by the US military for vehicles and military aircraft.

The vulnerability in the systems of airline companies, gave him access to ticket information, flight bookings, card swaps, and employee and passenger details. Two hospitals were attacked Durdans Hospital and the Sunetra Family Eye Care Center. C0mrade claims to have access to two major financial organizations Citibank and CoBank. C0mrade wrote “I have Internal Access to a couple dozen dealership units that the U.S runs for Vehicles, Military Aircraft, etc. I also have Internal Access to thousands of stores and cashier systems,”.

In every one of the incidents stated above, the hacker published data samples which he apparently acquired through inadequate security implementations.

For more information, visit:

Jump to Category