When securing enterprise systems every PeopleSoft customer knows they need strong passwords and secure networks. A good firewall is a critical first line of defense. But is your firewall as secure as you think? Ticketbleed, the latest network infrastructure vulnerability, was all over the news today. A quick internet search will turn up several valuable responses, but just for context, Ticketbleed, reminiscent of Heartbleed, is a vulnerability in the SSL/TLS layer of a wide variety of F5 firewalls and load balancers. Today’s news reminds us that even the best network and security infrastructure is vulnerable to compromise. Ticketbleed, Heartbleed, and other vulnerabilities make it very clear: network security infrastructure is not enough.
Oracle released an out of band security update today for issues within Oracle Weblogic Server. Recommendations are to apply the patch and mitigation steps as soon as possible. Read More.
After the PS_TOKEN threat vector was announced at Hack in the Box Amsterdam in May 2015, security organizations started adding specific tests for PS_TOKEN into their penetration test portfolio.
Why is identity management (IDM) such a challenging issue facing security personnel in today’s fast moving business environment? Security professionals are concerned with outside hackers, malicious insiders and accidental data loss. By not focusing on internal processes around their employees’ changing roles and responsibilities, organizations are missing a key area of risk.
A layered approach is critical to protect your PeopleSoft system against multiple threat vectors. Deploying a series of security barriers requires the bad guys to defeat all of them to breach the PeopleSoft system. A layered approached significantly reduces an organization’s daily risk, and their possible breach costs. Read More.
While some organizations believe hacks come from only external sources, these companies may be missing an even larger threat: internal, privileged users.
In recent blog posts, we’ve mentioned that PeopleSoft provides a number of security protections out of the box. In this entry, we wanted to go into more detail on this, specifically focusing on common web application vulnerabilities.
Want to sort cybercrime fact from fiction? Do you think you know the difference? Test your knowledge. In this OHUG sponsored webinar, GreyHeller will set the record straight about cybersecurity myths using data from its Annual Cybersecurity Survey, the Sans Survey and live audience polling.
As a final note, we wanted to be clear that PeopleSoft (and PeopleTools) is as secure – or more secure – than any other ERP platform. The approach of cracking encryption keys is a threat vector that can be exploited for any secure web application accessible from the public internet.