How to Easily Modernize Access to Your PeopleSoft Applications

Over the course of 2020, how and where we work has rapidly changed. More employees than ever before are working from home. In fact, according to CNBC, “42% of U.S. workers who did not telecommute previously are doing so now.” This new reality requires that organizations offer secure, remote access to critical work apps and services. As part of this, common applications like Oracle PeopleSoft are getting a second look. Business critical applications for managing employee lifecycles, tracking purchase orders, or performing other functions come with inherent risk because of the sensitive data they contain. Securing these applications to ensure that only the right people have access is critical. Unfortunately, organizations with legacy identity and access management (IAM) systems struggle with this. 

Experts Discuss: Where Data Security and Data Privacy Meet

A few weeks ago, comforte AG  hosted an online webinar featuring Forrester. The focus of that presentation was the intersection point between data privacy and data security. The overall goal was to emphasize the impact on businesses large and small and how to put data security into practice.

Social Media Platforms Latest Channels used to Leak Sensitive Data

Threat actors are using social media accounts to expose and sell data that has been compromised. While information found on many of these platforms has traditionally been disclosed by enterprises and individuals with intent, cyber criminals are taking information acquired by means of scams and data breaches and promoting their sale on various social platforms not always monitored by security teams.   Last month, just underone million sensitive records were exposed in the United States due to breaches. This data is highly coveted by threat actors and can include, but is not limited to, driver’s license numbers, social security numbers, passport details, and even access to your bank account. All of this information is considered personally identifiable information (PII) and is the data needed to either act as a link to or identify a particular individual.  Compromised PII can lead to a number of different headaches, and should cyber criminals choose to use that information for malicious purposes, the results could be devastating. Depending on the nature of the data, individuals could find their information used to conduct identity fraud, blackmail, or positioned to conduct fraudulent purchases.  While a great deal of this breached information might find itself as part of a data dump on the dark web or on a paste site, we have seen recent examples of threat actors using social media to make stolen PII public. Although we can only speculate the motivation behind using a previously underutilized platform like Facebook or Twitter as a means of exposure, it is clear that organizations suffering from data breaches, and the individuals affected by it, should anticipate that their information may now be publicized on platforms traditionally not used in the past. In the first example, a Facebook user posts an extensive list of information targeting a single individual, including personal and financial data. Included is the victim’s credit card information, home address, and social security number, opening the door to a series of financial fraud opportunities as well as identity theft. The IP address is also compromised, potentially allowing the cyber criminal direct access to the victim’s device.   The second example uses Twitter to expose sensitive debit card information associated with a large financial institution. While the Tweet does not publish the account holder’s name, it does expose the card number, expiration, and CVV number.  According to Verizon’s Data Breach Investigations Report, 86% of today’s data breaches that expose sensitive data are financially motivated. That means if PII for your enterprise has been compromised and exposed on any of these channels, there’s a good chance it involves a cyber criminal looking to cash in on the stolen information. While the distribution of PII in the examples above still appears to be limited, the presence of leaks on social media indicates that organizations should be actively monitoring for and responding to sensitive data leaked by bad actors on these channels.

*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Jessica Ellis. Read the original post at: https://info.phishlabs.com/blog/social-media-platforms-latest-channels-used-to-leak-sensitive-data

Minneapolis Police Department Hack Likely Fake

As protests continue to proliferate across the globe in the wake of George Floyd’s death, the Minnesota Police Department is making news for something else: A supposed hack, perpetrated at the hands of the Anonymous hacktivist group. According to Troy Hunt at Have I Been Pwned (HIBP), the group of allegedly ill-gotten email addresses and passwords has been circulating in multiple forums, with most of them attributing the credential leak to Anonymous, which is a loose affiliation of individuals that carry out hacking to send political messages. According to multiple social-media posts, Anonymous supposedly carried out the breach/leak in response to the MPD’s role in Floyd’s death.

Kent PPE Firm Hit with £800,000 Ransom

A gang demanded an £800,000 Bitcoin ransom in a cyber attack on a firm owned by Kent County Council and leaked its data on the dark web. Kent Commercial Services (KCS) delivers services and supplies to public authorities, including protective equipment during the Covid-19 crisis. No ransom was paid and no personal data relating to taxpayers was stolen, KCS said. The Information Commissioner said KCS had been given data protection advice. KCS chief executive John Burr said: “The timing of this attack is particularly malicious and challenging given the current Covid-19 pandemic.”

Why Fast Feedback Is Critical For Developer Success

In their book Agile Testing: A Practical Guide for Testers and Agile Teams (2008), Lisa Crispin and Janet Gregory wrote that one of the most important factors for success in software development is feedback. ???Feedback is a core agile value. The short iterations of agile are designed to provide constant feedback to keep the team on track.??? The message still rings true: constant feedback is critical to successful deployments. The faster the better.

Overcoming GEOINT Workforce Hurdles to Unlock the Power of Artificial Intelligence

June 2, 2020 • The Recorded Future Team

We live in a world in which threats are constantly growing and morphing. Geospatial intelligence (GEOINT) links events to geography through visual depictions and deep analysis. This empowers leaders to understand what is happening, where it’s happening, and why it’s happening — so they can take decisive action to protect citizens.

20 Tips for Certification Success

Over the years, it has been my experience that industry certifications have become standard for job consideration and/or advancement for many technical positions. This is, of course, in addition to having experience in the particular field.