One of the IT security best practices in desktop usage is to run a computer on the least privilege required. This means, an end user should log into his PC / laptop as a standard user and not as an ‘administrator’. This is applicable to both, home and enterprise environment. The advantages of such least privilege computing are listed below. Continue reading “Why ‘Administrator’ privileges should not be given to end users?”
Security firm releases tool to audit SAP’s HANA
A new tool from security vendor Onapsis aims to secure SAP’s in-memory database HANA, the German company’s fastest-growing data processing product.
Onapsis, a Boston-based company that specializes in SAP security, will incorporate the tool into its X1 suite, which scans for vulnerabilities and configuration problems in SAP deployments.
HANA is a cornerstone of SAP’s strategy to compete with Oracle and IBM. Available as a cloud service and an appliance, it’s designed to process analytical and transaction workloads much faster for SAP’s ERP, CRM, supply chain and business intelligence applications.
Read More at Network World
Mexican ATMs fall prey to new cyberattack
Mexican ATMs have become the target for physically installed malware called “Ploutus.” The malware was designed to take over the ATM at the software level and make it dispense cash on command.
Read the full article at ATM Market Place
Metasploit website Hacked just by sending a spoofed DNS change request via Fax to Domain Registrar
A group of Pro-Palestine hackers was able to hijack the Metasploit website simply by sending a fax to the Domain Registrar.
Read the full article at The Hacker News
Backdoor found in D-Link router firmware code
A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device’s settings, a serious security problem that could be used for surveillance.
Craig Heffner, a vulnerability researcher with Tactical Network Solutions who specializes in wireless and embedded systems, found the vulnerability.
Read the full article at Network World
Google Malaysia Site Hijacked
The Google domain for Malaysia was hijacked on October 10th, redirecting visitors to a page that said a group called Madleets from Pakistan had performed the attack.
MYNIC, the company that administers the country TLD for Malaysia, confirmed the attack in a statement issued Friday morning, saying that its internal incident response team had resolved the problem within a short time of learning of the attack.
Read the full article at Threat Post
Despite looming end of life, study shows XP remains primary OS
Examining data from one million devices, Fiberlink, a mobile management firm, examined the often forgotten part of mobility in the workforce — laptops. While IT and security vendors focus on Google’s Android, Apple’s iOS, tablets, and smartphones, Lenovo’s ThinkPad and Dell’s Latitude chug along, remaining a stable fixture in the workplace. According to Fiberlink, almost 50 percent of the laptops observed in their study are running Windows XP.
Read the full article at Network World
Microsoft Admits That Third-Party Antivirus Is More Effective Than MSE
When Microsoft Security Essentials started falling behind in effectiveness tests, LifeHacker stopped recommending it.
Microsoft is now officially saying that they’ve shifted their focus and establishing MSE as a "baseline."
Adobe Breached, Acrobat and ColdFusion Code Stolen Along with 2.9M Customer Records
Adobe announced it has been breached and attackers may have accessed source code for a number of products, and stolen 2.9 million customer records.
Read the full article at Threat Post
Selection of cloud service provider made easy
Cloud computing has started gaining momentum. More and more organizations are moving to the cloud by the day. While doing so the user organization (tenant) will have to ensure that the cloud service provider has the capability to meet the tenant’s requirements in terms of data security, availability, compliance, scalability and convenience. Continue reading “Selection of cloud service provider made easy”