Ethical Hackers at Rhino Security Labs released information about serious security holes within Oracle applications this week. Millions of records were at risk across numerous state and federal agencies, colleges and ports.
There are several causes of an event like this. Lax security and poor change control policies are at the forefront. Isn’t it time to stop “hoping” that you do not get hacked? Utilizing the ERP Firewall for multi-factor authentication could have stopped access like this before it started.
Oracle released the patch for this issue more than two years ago. Two years and it is still an issue in production systems around the world. Maintenance and security go hand in hand. If your organization cannot stay current on maintenance – then you owe it to you customers to implement the ERP Firewall to protect their data. If your organization stays current with maintenance you still owe your customers the same protection level of the ERP Firewall.
As the article states, “This is somewhat bigger than, than some of the major data breaches we’ve seen in the credit card industry,” said Caudill. “Even though there’s many fewer records here, only a few million, we’re talking about Social Security numbers, date of births, everything you need for identity theft, as opposed to credit card theft.”
Securing your applications is not an option it is mandatory. Make the call today, because it is not just your job your saving it is your identity.Read more…
September 15, 2014 – San Ramon, CA – GreyHeller, a leading Mobile and Security software development firm, and a Gold level member of Oracle PartnerNetwork (OPN), today announced it has achieved Oracle Validated Integration of its PeopleMobile® Version 3.1 with Oracle’s PeopleSoft Campus Solutions.Read more…
June phishing attacks accounted for over $400 million in global losses. 57% of global phishing attacks are targeted at the U.S.
The attacks in June were a 43% increase over May attacks.
Protect your systems before it is too late.Read more…
A Russian crime ring has collected over 1.2 billion user names and passwords. The statistics within this breach are stunning. 420,000 websites, 4.5 billion records, 542 million unique email addresses.
According to the article – most of the sites are still vulnerable to the hacker’s exploits. The hackers used SQL injection attacks to gain access to this data.
The average breach cost increased 15% last year from $3.1 million to $3.5 million. These costs will continue to rise for the foreseeable future.
As a consumer, create unique user ids and passwords for EVERY site you use. Use an algorithm to make them easy to remember and make them long. An example might be concatenating two of your favorite things together with something separating them. $k11n6Fb$n0wB0@rd1ng! for example. Other techniques can be found here.
As a company, stay on the offensive. Mine your logging data, keep your defenses up to date, insist on tough security protocols over convenience and do not assume you are safe.Read more…
GreyHeller was brought in to mobilize Sandia’s highly customized Time & Labor functions after it was determined that Oracle’s mobile technology would not meet Sandia’s needs.
GreyHeller was selected after a rigorous, RFP-based evaluation of competitive mobile technologies for PeopleSoft.
Homeland Security issued a new report warning about hackers attacking remote access software. Checking in from home leaves entry for hackers. Victims of these attacks include Target, P. F. Chang’s, Neiman Marcus, Michaels, Sally Beauty Supply, and Goodwill Industries International, the nonprofit agency that operates thrift stores around the country.
The report recommends….making two factor authentication the status quo.
Seattle University got caught with scanned images on an internal drive without permissions. Seattle University donor checks exposed. Incorrect permission settings on an internal drive made it possible for anyone with a Seattle University computer account to view the information.
Two-factor authentication invoked upon accessing the drive would have prevented unauthorized access without first passing a two-factor challengeRead more…