Information Security ensures the confidentiality, integrity and availability. In any organization without security policies and appropriate security rules are at peak point of risk and the confidential information and data related to that organization are not secure in the absence of these security policies. Organization along with well-defined security policies and procedures helps in protecting the assets of the organization from unauthorized access and disclosures.
In the modern world, with the latest technologies and by using lot of different type of gadgets, millions of people interacting with each other every minute. These sixty second can be vulnerable and costly to the private and public organizations due to the presence of various types of old and modern threats all over the internet. So public internet is the most common and rapid option for spreading threats all over the world. Different type of Malicious Codes and Scripts, Viruses, Spams, and Malware are always waiting for you. That is why the Security risk to a network or system can never eliminate. It is always a great challenge to implement a security policy is effective and beneficial to the organization instead of the application of an unnecessary security implementation which can waste the resources and create a loophole for threats. Our Security objectives are surrounding these three basic concepts:
1. Data Breach
2. Google Play Hack
3. The Home Depot Data Breach.
Data Breach
eBay Data Breach
eBay announced its massive data breach in Year 2014, which contained sensitive data. The origin of eBay data breach for hackers is by compromising a small number of employees credentials via phishing in b/w February and march, 2014 In this attack, 145 million customers were estimated having data lose in this attack. According to eBay, the data breach compromised the following information including : Customer's Name, Encrypted Passwords, Email Address, Contact Number, DOB and Postal Address. So these sensitive information must be stored in an encrypted form that uses strong encryption. eBay claims that no information relating to Security numbers like credit cards information and other financial related info are claimed to be kept in a separate and encrypted format.
Google Play Hack
"Ibrahim Balic", a Turkish Hacker hacked Google Play twice. He conceded the responsibility of the Google Play attack. He acclaimed that "It was not his first attempt, even he was behind the Apple's Developers site attack. He tested vulnerabilities in Google's Developer Console and found a flaw in the Android Operating System, which he tested twice to make sure about it causing crash again and again.
Using the result of his vulnerability testing, he developed and android application to exploit the vulnerability. When the developer's console crashed, users were unable to download applications and developers were unable to upload their applicaions.
The Home Depot Data Breach
Nowadays, theft of information and data from payment card as Debit Card or Credit Card is common. In 2014, Home Depot's Point of Sale System were compromised. A released statement from Home Depot on the 8th of Sept, 2014 claimed breach of their systems.
The attackers gained the access to third-party vendors login credentials and accessed the POS network. Zero-Day Vulnerability exploited in Windows which created a loophole to enter the corporate network of Home Dept to make a path from the third-party environment to Home Depot's Network. After accessing the network, Memory Scrapping Malware was released then attacked the point of Sale terminals. Memory Scraping Malware is highly capable; it grabbed millions of payment cards information. It has taken several remediation actions against the attack, using EMV Chip-&-Pin payment cards has a security chip embedded into it to ensure duplicity with magstripe.
Comments