The TeamSHATTER blog is now part of Spiderlabs – Anterior
The TeamSHATTER blog is now part of Spiderlabs – Anterior
Posted 3 years ago

Many of you are probably already aware of the acquisition of Application Security, Inc. by Trustwave. As part of the acquisition, we are pleased to announce that TeamSHATTER is combining…

TeamSHATTER’s Analysis of the October 2013 Oracle CPU
TeamSHATTER’s Analysis of the October 2013 Oracle CPU
Posted 4 years ago

It’s the second Tuesday in October, so it is Oracle Critical Patch Update (CPU) time. The October 2013 CPU contains 127 fixes across Oracle’s Database, Fusion Middleware, Enterprise Manager, E-Business…

TeamSHATTER’s Analysis of the July 2013 Oracle CPU
TeamSHATTER’s Analysis of the July 2013 Oracle CPU
Posted 4 years ago

It is Oracle Critical Patch Update (CPU) time, so lace up your patching gloves. The July 2013 CPU contains 89 fixes across Oracle’s Database, Fusion Middleware, Hyperion, Enterprise Manager, E-Business…

PreviousNext
RSS

RSA Blames Breach On Two Hacker Clans Working For Unnamed Government

yield hacker

Two separate hacker groups whose activities are already known to authorities were behind the serious breach of RSA Security earlier this year and were likely working at the behest of a government, according to new statements from the company’s president. RSA President Tom Heiser, speaking at the RSA conference in London this week, said that the two unidentified hacker groups had not previously been known to work together and that they possessed inside information about the company’s computer naming conventions…

Click for complete article >>

Trick, No Treat: New Halloween Scams Hit the Web

halloween scam malware

Halloween is still a few weeks away, but online criminals are getting a head start on the holiday with a batch of new scams aimed at infecting your computer and stealing your personal information.  Researchers at the security firm Websense spotted one scam in which malware authors are spreading a rigged Web page called “Free Halloween skeleton templates.” The crooks manipulated Google’s search engine to make their phony page appear near the top of searches for “Halloween skeleton templates.” It’s…

Click for complete article >>

111 Arrested In Massive ID Theft Bust

ID Theft Ring

Prosecutors call it the biggest identity theft bust in U.S. history. On Friday, 111 bank tellers, retail workers, waiters and alleged criminals were charged with running a credit-card-stealing organization that stole more than $13 million in less than a year-and-a-half. “This is by far the largest — and certainly among the most sophisticated — identity theft/credit card fraud cases that law enforcement has come across,” the Queens County District Attorney’s office said in a statement announcing the arrests. The credit…

Click for complete article >>

White House Issues ‘WikiLeaks’ Order to Secure Classified Data

Wikileaks Order White House

More than a year after thousands of classified and sensitive U.S. government documents were leaked to the secret-spilling site WikiLeaks, the White House has issued an executive order designed to improve the security of classified networks and prevent further leaks. The so-called “WikiLeaks Order” (.pdf) was issued by President Obama on Friday and largely focuses on establishing committees, offices and task forces to work on implementing a balance between the needs of federal agencies to access classified data and the…

Click for complete article >>

Stanford Hospital Points Finger At Contractor For Data Breach

Stanford Data Breach Contractor

Stanford Hospital & Clinics this week blamed a third party billing contractor for a data breach that exposed the personal data of some 20,000 patients. Stanford release a statement blaming the contractor just a week after it was hit with a $20 million lawsuit related to the breach, which the Palo Alto, Calif. health care provider disclosed in September. The lawsuit was filed in Los Angeles Superior Court Sept. 28 by one of the affected patients, Shana Springer, who is…

Click for complete article >>

Fail A Security Audit Already — It’s Good For You!

Audit Fail Safer Data

Failing an audit sounds like the last thing any company wants to happen. But that’s because audits are seen by many as the goal of a security program. In reality, audits are only the means of testing whether enforcement of security matches the policies. In the broader context, though, an audit is a means to avoid a breach by learning the lesson in a “friendly” exercise rather than in the real world. If the audit is a stress-test of your…

Click for complete article >>

Hacker Group Anonymous Threatens to Attack Stock Exchange

new york stock exchange anonymous

A digital flier released by someone claiming to be the hacker group Anonymous in which they ask others to join them this coming monday to hack the NYSE website and remove it from the internet. The FBI is investigating threats purportedly from the hacking collective that calls itself Anonymous to bring down the New York Stock Exchange on Monday by hacking into its computer system. Members of the notorious hacker group appear to be threatening to bring the Occupy Wall…

Click for complete article >>

GAO: Federal Network Security Breaches Spike 650 Percent

federal cyber security

Reports of network security incidents at federal agencies have soared 650 percent during the past half-decade, jeopardizing the confidentiality and integrity of sensitive government information, federal auditors charged in a congressionally mandated report. The most prevalent types of cyber events included infections from malicious code — 30 percent of incidents; violations of acceptable use policies; and intrusions into networks, applications and other data resources, states a Government Accountability Office report released on Monday. GAO auditors are required by law to…

Click for complete article >>

Midsize Firms Easy Pickings For Data Thieves

small businesses target of data theft

When it comes to protecting one’s house against intrusion, the common wisdom is to think like a burglar. Helping executives at midsize firms address people risks, such as benefits, workers comp and professional liability; property and liability risks, including insurance and loss control; and operational growth risks such as M&A and product development. Criminals are adept assessors of risk: The house on the block without a fence, a dog and an alarm system vs. other homes that have such security…

Click for complete article >>

Keeping Privileged Users Under Control In Oracle DatabaseTeam Shatter Exclusive

privileged users

As I have mentioned in my previous post Harnessing Privileged Database Users, Relational Database Management System (RDBMS) software is not designed to provide sufficient protection against database users that hold certain privileges such as like system privileges. These privileges are usually granted to database and application administrators — and also it is not rare to find them granted to normal and application user accounts even on production databases. In this article I will discuss some practical actions that can be…

Click for complete article >>
Powered by