Tuesday, 2 October 2012

UK InfoSec Review for September 2012

Glasgow City Council has lost 750 devices over the last five years according to an IT audit
  • The Council incurred significant national and local media criticism following discovery of 56 unencrypted laptops and 487 desktop PCs, also thought to be unencrypted, are unaccounted for. These were also lost from an office in the City Chambers which contained about 17,000 bank details. A reported theft in May, which the Information Commissioner is aware of, led to the audit of all the council's IT hardware and revealed that almost 750 devices that are unaccounted for.
Microsoft release emergency Security Patch for remote code execution flaw within Internet Explorer
  • Microsoft released an emergency patch for the zero-day flaw in Internet Explorer on 21stSeptember 2012.
IPad led BYOD leaves gaping holes in enterprise security
  • Sophos warn many firms are leaving themselves open to attack based on the findings of Sophos' Warbike research.
  • Quest Software issue BYOD data warnings stating BYOD creates large holes within organisations due to the unstructured nature of the network access.
Go Daddy suffers four-hour outage following take down by Anonymous Hacker
  • Anonymous has claimed responsibility for a hack on hosting provider and registrar Go Daddy that caused it to have major service issues
Research highlights 20 per cent of IT staff access unauthorised executive data
  • Almost 40% of IT staff can get unauthorised access to sensitive information, and 20% admit to accessing executives' confidential data, according to research. IT professionals are allowed to roam around corporate networks unchecked, according to a survey of more than 450 IT professionals by security software firm Lieberman Software.
Antisec releases over a million Apple #UDID after Java-enabled FBI breach
  • Over a million Apple Unique Device Identifiers (UDIDs) have been posted online after hackers claimed to have obtained them from an FBI breach.
  • The AntiSec hacking group said it had 1,000,001 Apple Devices UDIDs linking to their users and their push notification service tokens. It said: “The original file contained around 12,000,000 devices. We decided a million would be enough to release. We trimmed out other personal data [such] as, full names, cell numbers, addresses, zipcodes, etc. Not all devices have the same amount of personal data linked.

No comments: