The PCI Security Standards Council (PCI SSC) has looked to clear up confusion surrounding the emergence of cloud computing by releasing a set of guidelines regarding the safe usage of this technology earlier this month.
In a statement released earlier this month, the PCI SSC – which is the authority behind the Payment Card Industry Data Security Standard (PCI DSS) – explained that businesses would be able to use this resource as a guide for selecting safe cloud solutions and cloud providers.
There are a number of elements that relate to the early stages of the Software/System Development Lifecycle (SDLC) that should be considered in regards to security. Unfortunately, for a number of projects, our company becomes involved at the final stages of the process, which often results in highlighting a lack or ineffective due diligence at the early phases. It is difficult to manage a project where the software is found out to be inherintly insecure and often leads to excessive launch delays, greatly increased budget requirements for additional resolution or even an outright cancelling of an expensive project.
While many people hate the analogy of “buying a car” when it is applied to IT, it is actually particularly relevant for product selection. In both cases, you have to be wary of products being rebadged, inferior internals within the product, whether it performs well in a test drive, an inability to easily conduct ongoing maintenance and poor after-purchase support.
A product that carries the supposed weight of a large multinational corporate has absolutely no bearing on its quality. Keep in mind that large corporates typically tend to conduct company acquisitions today rather than gamble on developing a product from scratch internally. The quality of the product is usually directly dependent on the company who authored the software – whom you may not have even heard of.
An Australian online investment website, Funds Focus, part of Wealth Focus owned by Sulieman Ravell, was temporarily shut down after being hit by a massive distributed denial of service (DDoS) attack.
The Russian masterminds that were behind the attack demanded the owner ransom money to stop the malicious operation that prevented the company from performing its tasks.
Also: http://www.scmagazine.com.au/News/286905,melbourne-it-hit-with-ddos-legal-threat.aspx
The Fairfax-owned tradingroom.com.au is the latest financial services related website to be hit with a distributed denial-of-service attack (DDoS).
DDoS attacks make online services unavailable by flooding them with millions of requests for page views at once. They are used to cause business disruption to the targeted site, either by protest – known as hacktivism – or financial gain.
AUSTRALIA’S second-biggest online broking business, ANZ Bank’s ETrade, was forced to shut down over the Christmas-New Year period by a ”malicious” cyber attack offshore.
The shutdown was prompted by thousands of emails bombarding the broking site, in a denial-of-service attack. The lockout was first noticed by ETrade customers trying to access the site overseas, as the bank shut off access to all overseas users. It is understood that, as risk assessments were performed on individual countries, access was restored.
Computer hackers penetrate database of Netfleet, possibly accessing addresses and credit card numbers.
In an email to clients, Netfleet said: ”There appears to have been a security breach of our database … this may have resulted in unauthorised access to some of your customer account information, such as your name, email address, billing address, phone number and a cryptographically scrambled version of your credit card and expiry date.”
One of the Defence Materiel Organisation’s (DMO) websites has been compromised by hackers, while Panasonic Australia has taken its website down after one of its subdomains was also hacked and then defaced.
http://www.zdnet.com/defence-panasonic-hacked-and-defaced-1339339331/
International hacking group Anonymous took at least 10 Australian government websites offline briefly in a series of escalating attacks over proposed changes to privacy laws.
http://www.foxnews.com/tech/2012/07/24/anonymous-hackers-cripple-australian-govt-websites/
Anonymous hackers defaced the South Australian Web site for Australia’s far-right Family First Party.
http://www.esecurityplanet.com/hackers/anonymous-hackers-target-australian-right-wing-party.html
The McAfee Threats Report for the fourth quarter of 2012 has been released, and it is a document that may be of interest to any organisation concerned about vulnerability management and cyber security.
According to the report, one of the biggest digital security concerns of the last year has been the terrifically rapid growth of mobile malware threats.
Securus Global 