Tuesday, December 30, 2014

Top data breaches of 2014 and lessons

May - eBay [1, 2]
  • 145 million
  • The problem has been exploited at least from February
  • Information compromised - encrypted passwords, usernames, emails, DoBs, phone numbers, postal addresses
  • How - eBay allows sellers to use active content such as Javscript and Flash. Hackers have embedded password harvesting scripts in listings and used XSS attack to gather information from logged in users
  • Lessons  - If you allow active content in your web site, you need to have preventive (such as limiting what is allowed) as well as risk mitigation techniques (detection, monitoring, etc.) in place. If not, it is better to block active content.

September - Home Depot [1]
  • 56 million
  • Information compromised - credit and debit card numbers
  • How - resulted from the compromise of a third-party vendor
  • Lessons - Organizations should evaluate the security measures taken by third-party vendors and also have intrusion detection in place.

September - JPMorgan Chase [1, 2]
  • Attack discovered in July and disclosed in September
  • 76 million households (83 million accounts)
  • Information compromised - names, addresses, phone numbers and email addresses
  • How - Hackers got access via a neglected server which is not upgraded to two factor authentication
  • Potentially took 2 months to notice unusual activities after the initial attack
  • Lessons - Security is only as strong as the weakest link in your system. Make sure you do not leave any unguarded holes in your network. Cannot emphasize more of the need for better and faster detection techniques in place.

December - Sony Pictures [1]
  • Number of people affected is still not known
  • Attack initially detected in November
  • Information compromised - unreleased movies, company emails, executive salaries, personal information, internal strategy information
  • How - wiper malware (still it is not known how it got into the system). It is likely that lapses in internal security measures may resulted in this attack.
  • Lessons - Never take security lightly. Internal security measures and auditing should always be a top priority.

24 comments:

Blogger said...

BlueHost is ultimately the best hosting company for any hosting services you might need.

gowsalya said...

I wish to show thanks to you just for bailing me out of this particular trouble.As a result of checking through the net and meeting techniques that were not productive, I thought my life was done.Digital Marketing Training in Chennai

Digital Marketing Training in Bangalore
Digital Marketing Training in Pune

Mouni yoga said...

Very good brief and this post helped me alot. Say thank you I searching for your facts. Thanks for sharing with us!
AWS Training in chennai

AWS Training in bangalore

ragul ragul said...

I appreciate your efforts because it conveys the message of what you are trying to say. It's a great skill to make even the person who doesn't know about the subject could able to understand the subject . Your blogs are understandable and also elaborately described. I hope to read more and more interesting articles from your blog. All the best.
Blueprism training in annanagar

Blueprism training in velachery

Blueprism training in marathahalli


AWS Training in chennai

Ezhil K S said...

I simply wanted to write down a quick word to say thanks to you for those wonderful tips and hints you are showing on this site.

Data Science Training in Chennai
Data science training in bangalore
Data science online training
Data science training in pune

simbu said...

I really enjoy simply reading all of your weblogs. Simply wanted to inform you that you have people like me who appreciate your work. Definitely a great post I would like to read this

java training in jayanagar | java training in electronic city

java training in chennai | java training in USA

Anonymous said...

Great content thanks for sharing this informative blog which provided me technical information keep posting.

angularjs Training in chennai
angularjs Training in chennai

angularjs-Training in tambaram

angularjs-Training in sholinganallur

angularjs-Training in velachery

Anoushka Sakthi said...

Your article increases the curiosity to learn more about this topic. Keep sharing your information regularly for future reference.



Selenium Training in Chennai
selenium Classes in chennai
ios developer course in chennai
ios classes in chennai
JAVA Training Institutes in Chennai
Java Courses in Chennai

Anbarasan14 said...

Thanks for sharing this useful information. Keep doing regularly.

Best TOEFL Coaching Institute in Tambaram
TOEFL Course in Tambaram East
TOEFL Centres in Pallavaram
TOEFL Centres in Shollinganallur
TOEFL Training at Padur
TOEFL Classes in OMR
TOEFL Classes in Navalur

sandhiya arav said...

This information is impressive. I am inspired with your post writing style & how continuously you describe this topic. Eagerly waiting for your new blog keep doing more.
AWS Training in Chennai
aws training in bangalore
AWS Course in Chennai
aws course in bangalore
AWS Training centers in Chennai
aws certification training in bangalore

Priya Rajesh said...

This is exceedingly helpful information, very good work. Thanks for sharing and let me wait for further updates.
Data Science Course in Chennai
Data Science Training in Chennai
DevOps certification in Chennai
DevOps Training in Chennai
AWS Training in Chennai
AWS course in Chennai
Data Science Training in Velachery
Data Science Training in Tambaram

luckys said...

whatsapp group links

priya said...

Impressive. Your story always bring hope and new energy. Keep up the good work.
Microsoft Azure online training
Selenium online training
Java online training
Java Script online training
Share Point online training

sasitamil said...

The site was so nice, I found out about a lot of great things. I like the way you make your blog posts. Keep up the good work and may you gain success in the long run.
devops online training

aws online training

data science with python online training

data science online training

rpa online training

mohit aggarwal said...

redbox tv apk

Lucky Patcher said...

movies123

Lucky Patcher said...

solarmovie

whatsapp plus themes said...

sports whatsapp groups

Wrold Of Trends said...

안전토토사이트

Geo News TV said...


Thanks for sharing this article. Really helpful for me.
Geo News
Free Forex Signals
Daily Bitcoin Predictions

Thomas said...

https://vodafonecustomercarenumber.hatenablog.com
https://vodafonecustomercarenumber.hatenablog.com
https://mpcustomercareno.blogspot.com
https://mpcustomercareno.blogspot.com
https://myairtelcustomercarenumber.blogspot.com
https://myairtelcustomercarenumber.blogspot.com

parvina said...

Thanks for this article.You can visit my website:sky force reloaded game

Yunus Ali said...

I Love your article. You can visit my website : my ten minute email

amit tavva said...

keep up the good work. this is an Assam post. this to helpful, i have reading here all post. i am impressed. thank you. this is our digital marketing training center. This is an online certificate course
digital marketing training in bangalore / https://www.excelr.com/digital-marketing-training-in-bangalore