What’s HOT in Application Security Vol #35

Securities and Exchanges Commission leaves sensitive data vulnerable to hackers 

Staff of the Securities and Exchanges Commission (SEC) have left highly sensitive information from exchanges open to hacking and other cyber attacks because they miserably and negligently failed to secure their data  and devices to the required standards. This statement came after inside information was leaked to the News Agency Reuters.

Although the news agency did not say whether or not resultant cyber attacks occurred  they speculated that the chances of such a breach occurring were high, given the fact that the data was inadequately secured, and sometimes not secured at all!

The devices in question were devices belonging to employees in the offices of the SEC’s trading and markets division, who are ironically in charge of overseeing the legitimacy of transactions which take place, and whether or not these transactions comply with regulations.  Some of these devices were brought to a Black Hat conference, where security experts come together to discuss the latest news in Cyber Attacks and Hacking.

For more information please go to:
http://www.cbsnews.com/8301-205_162-57547502/sec-left-stocks-data-vulnerable-to-hackers-report/

South Carolina Hacker Used Two Methods to Gain Access to Data

The hacker who supposedly gained access to millions of tax returns utilized two hacking methods in order to breach the database ( according to a State investigation ).

Marshall Heilman suggested that the hacker succeeded in fooling a Department of Revenue user into inadvertently opening a malicious file which then allowed the hacker access to the system. Although this has not been the proven method of attack, it is the one suggested by the government officials responsible for investigating this breach. 

The hacker succeeded in gaining access to the system by exploiting unsecured third party software, according to Heilman. The hacker then used a phoney credential and remotely accessed the database and proceeded to steal millions of records. 

For more information please go to:
http://www.greenvilleonline.com/viewart/20121108/NEWS/311080032/Report-SC-hacker-breached-database-2-ways?odyssey=mod%7Cnewswell%7Ctext%7CNews%7Cs

Google Says Goodbye to SSP due to unauthorized attack

Search engine giant Google has recently severed ties with SSP, the British Software group after google’s integrity was compromised after an “unauthorized attack”, which aimed at exploiting the personal information of millions of users.

SSP’s software is used primarily to connect insurance brokers to price comparison sites; google compare, gocompare.com, comparethemarket.com and moneysupermarket.com. 

Currently, the size of the breach, type of data acquired as a result of the security flaw is unknown,  although it is speculated to be sensitive data and the quantity is suspected to be high.

The SSP made a statement that it had been ” “been alerted to a security vulnerability following an unauthorised attack performed on the integration between Google Compare and SSP”. 

Google, then came out with this statement on the matter:  “As soon as we became aware of this problem, which occurs on certain broker websites that use SSP software, we suspended those brokers. We have raised this issue with SSP and have asked them to address it immediately.”

SSP is currently regarded as a pretty big player in the world of the online insurance market and it’s customers are some of the biggest fish in the online insurance market, but this current string of events is probably a massive blow for the organization. 

For more information please go to:
http://www.ft.com/cms/s/0/6c990f3c-29a6-11e2-a5ca-00144feabdc0.html#axzz2BiyiGMFI

The following two tabs change content below.

asaphs

Jump to Category