Uncategorized

PS_TOKEN, Phishing and Peoplesoft

By Hendrix Bodden • December 2, 2015

After the PS_TOKEN threat vector was announced at Hack in the Box Amsterdam in May 2015, security organizations started adding specific tests for PS_TOKEN into their penetration test portfolio. Find out what this means to your organization. Phishing and spear phishing attacks are specifically targeting PeopleSoft systems. Monthly organizations lose money to fraudulent direct deposit transactions. Layered security within your PeopleSoft application is a must to protect against the known threats of today and the unknown threats of tomorrow. In this session, Greg Wendt, Executive Director, Security Solutions, talks about numerous takeaways learned from GreyHeller’s PS_TOKEN assessments and how a layered security model keeps you protected. Topics include:
  • Mitigation options
  • Best practices
  • Lessons learned
  • Incident Response
  • Defense-in-depth for PeopleSoft

Stay Updated

Security, Tips and Techniques

PS_TOKEN becoming standard PeopleSoft Penetration Test

By Greg Wendt • November 6, 2015

After the PS_TOKEN threat vector was announced at Hack in the Box Amsterdam in May 2015, security organizations started adding specific tests for PS_TOKEN into their penetration test portfolio.

If your organization does regular penetration tests (which you should if your PeopleSoft system is publicly available on the internet), your organization may fail and would therefore have to remediate this risk immediately.

What does this mean to you?  

More time and effort will be required to deal with test results moving forward.  Prepare for this situation today.  

GreyHeller is the leading expert in performing PS_TOKEN assessments for customers and non-customers alike.  Ensure your organization is in the most secure position by scheduling your assessment with GreyHeller today. 

Register Now

Stay Updated

Security

Click to Call for Two-Factor Authentication

By Greg Wendt • July 3, 2014

Recently, one of our Higher Education customers – a highly regarded US university – implemented another option for Two-Factor Authentication using our ERP Firewall software product.

Click to Call allows 2FA pins to be delivered via a telephone voice call.

Click to Call is based on new PeopleCode packages and several Java JAR files that interact with a third party calling system. It is invoked when a PeopleSoft user triggers an event –accessing sensitive data that GreyHeller’s ERP Firewall systems has been configured to protect – that sends the message to the external voice call system. That system then retrieves data containing the requested credentials from PeopleSoft. The user then enters the 2FA pin on the challenge screen which completes the challenge.

iScripts, JAR files, custom application packages, third party integration – sounds complicated right? Wrong. ERP Firewall seamlessly integrates from the user’s page action to the delivery of the call in less than 3 seconds.

The message can be customized to contain important information in addition to just the 2FA pin. This information could be beneficial and timely.

Click to Call joins ERP Firewall’s other 2FA challenges methods:

  • Text
  • Email
  • Time-based one time password (TOTP)
  • Duo Security
  • IVR
  • Instant Messaging
  • Biometrics.

Stay Updated