Posted on May 6, 2011 by Josh Arrington
Today marks the launch of our “IT Security Rewind” blog series, with our take on some of the week’s most significant and newsworthy industry stories. Our inaugural post highlights recent breaches and examines highly-exploitable vulnerabilities in common software and systems. Let’s take a look at this week’s Rewind:
- Above the law? When it comes to maintaining order and preserving safety, police officers are typically considered a first line of defense. Unfortunately, that doesn’t necessarily mean that their crime prevention technology is impregnable to hackers. As one security consultant proved, it is possible to exploit vulnerabilities in their equipment, specifically a police cruiser’s digital video recorder system. The consultant was able to exploit the hardcoded, default password in the system’s FTP server to gain access to the DVR’s controls and manipulate its use. Just another example in a long line of recent breaches that illuminate the vulnerabilities present in a large number of seemingly innocuous targets (think: digital copiers and scanners, video conferencing systems, and well, police cruiser cameras).
- Don’t ignore ERP: Along those same lines, enterprises beware: According to Dark Reading, another one of those often-ignored network targets susceptible to attack may be your company’s ERP system. According to the report, these systems are often ignored and left vulnerable by unauthenticated attackers that can leverage embedded credentials, like hardcoded passwords, to enter a system and steal sensitive information.
- Passwords at risk [again]: Speaking of lines of defense—how upset would you be if you proactively used a secure password storage service, but then discovered that all of that critical information may be compromised? One of those services, LastPass, is urging their users to change their network passwords after detecting a network anomaly.
No matter where or how data is stored these days, one thing is clear—you need to stay on guard.
That’s this week’s IT Security Rewind! What was your take on the news?
Grossly Underestimating the Privileged Account Security Problem Part 3: Automating Privileged Account Management and Cyber-Ark DNA™ (Discovery & Audit)
Posted on May 16, 2013
Grossly Underestimating the Privileged Account Security Problem Part 2: Defining Privilege with Cyber-Ark CMO, John Worrall
Posted on May 9, 2013
Posted on May 8, 2013
Posted on May 6, 2013
Posted on May 3, 2013
AP Hack & Social Media Accounts – Another Great Example of the Danger of Shared, “Privileged” Accounts
Posted on April 25, 2013
Posted on April 1, 2013
Posted on February 22, 2013
DoE Security Breach Proves No Organization is Immune to Advanced Threats and the Privileged “Insider”
Posted on February 15, 2013
Copyright 2013 Cyber-Ark Software - All Rights Reserved