Staff of the Securities and Exchanges Commission (SEC) have left highly sensitive information from exchanges open to hacking and other cyber attacks because they miserably and negligently failed to secure their data and devices to the required standards. This statement came after inside information was leaked to the News Agency Reuters.
Although the news agency did not say whether or not resultant cyber attacks occurred they speculated that the chances of such a breach occurring were high, given the fact that the data was inadequately secured, and sometimes not secured at all!
The devices in question were devices belonging to employees in the offices of the SEC’s trading and markets division, who are ironically in charge of overseeing the legitimacy of transactions which take place, and whether or not these transactions comply with regulations. Some of these devices were brought to a Black Hat conference, where security experts come together to discuss the latest news in Cyber Attacks and Hacking.
For more information please go to:
The hacker who supposedly gained access to millions of tax returns utilized two hacking methods in order to breach the database ( according to a State investigation ).
Marshall Heilman suggested that the hacker succeeded in fooling a Department of Revenue user into inadvertently opening a malicious file which then allowed the hacker access to the system. Although this has not been the proven method of attack, it is the one suggested by the government officials responsible for investigating this breach.
The hacker succeeded in gaining access to the system by exploiting unsecured third party software, according to Heilman. The hacker then used a phoney credential and remotely accessed the database and proceeded to steal millions of records.
Search engine giant Google has recently severed ties with SSP, the British Software group after google’s integrity was compromised after an “unauthorized attack”, which aimed at exploiting the personal information of millions of users.
SSP’s software is used primarily to connect insurance brokers to price comparison sites; google compare, gocompare.com, comparethemarket.com and moneysupermarket.com.
Currently, the size of the breach, type of data acquired as a result of the security flaw is unknown, although it is speculated to be sensitive data and the quantity is suspected to be high.
The SSP made a statement that it had been ” “been alerted to a security vulnerability following an unauthorised attack performed on the integration between Google Compare and SSP”.
Google, then came out with this statement on the matter: “As soon as we became aware of this problem, which occurs on certain broker websites that use SSP software, we suspended those brokers. We have raised this issue with SSP and have asked them to address it immediately.”
SSP is currently regarded as a pretty big player in the world of the online insurance market and it’s customers are some of the biggest fish in the online insurance market, but this current string of events is probably a massive blow for the organization.
For more information please go to:
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.