×
[searchandfilter taxonomies="search"]
Home / Blog / Sony Knew About Security Vulnerability Before Breach

Sony Knew About Security Vulnerability Before Breach

By Chris Heller • December 13, 2014

Really? This has us scratching our heads….no editorializing necessary.

An audit by PriceWaterhouseCoopers over the summer warned Sony – “Security incidents impacting these network or infrastructure devices may not be detected or resolved timely.”

The audit, performed by PricewaterhouseCoopers, found one firewall and more than 100 other devices that were not being monitored by the corporate security team charged with oversight of infrastructure, but rather by the studio’s in-house group, which was tracking activity on logs.

Auditors found that since transitioning from a third-party vendor in September 2013, Sony Pictures had failed to notify the corporate security team to monitor newly added devices, such as web servers and routers. Studio management told the auditors its corporate security team is focused on bolstering devices on the perimeter of Sony’s networks and that it hasn’t applied “the same level of rigor” for other, non-security devices such as routers and web servers.

THIS IS PRICELESS….the irony is that the confidential report was among Sony’s General Counsel Leah Weil’s email correspondence,which hackers released to public file-sharing networks earlier this week. It included recommendations for bolstering security.

Related Articles.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / How Data Masking Helps Prevent Cyber Attacks

How Data Masking Helps Prevent Cyber Attacks

By Chris Heller • December 9, 2014

Data Masking could have helped prevent recent, high-profile destructive cyber attacks.

How?

By scrambling or removing sensitive data from production and non-production systems, Data Masking can prevent compromised privileged user account information from being used to gain access to sensitive data such as Social Security Numbers.

Greg Wendt, GreyHeller’s Executive Director of Security Solutions and Services, said “I’m consistently amazed that more organizations haven’t implemented Data Masking or Two-Factor Authentication.”

Cyber criminals using compromised privileged user account information to access databases would not be able to actually see the data had it been masked. Further, combining Two-Factor Authentication with Data Masking would impose even tighter security on that sensitive data, ensuring that access only occurs once the Two-Factor Authentication challenge was successfully passed, often with an SMS message or secure ID token.

According to Mr. Wendt, “privileged user access is a huge threat vector that can be properly managed with masking and Two-Factor Authentication.”

Privileged users are often defined as systems and database administrators in the information technology department who maintain systems and databases that contain sensitive information.

GreyHeller’s software product – ERP Firewall – contains powerful Data Masking and Two-Factor Authentication capabilities and is used by major commercial and higher education institutions to protect their sensitive data from cyber attack.

Additional Resources:

About GreyHeller

San Ramon, California-based GreyHeller serves Oracle® PeopleSoft customers globally across all industries, helping them secure and mobilize their PeopleSoft investment. GreyHeller’s software solutions – PeopleMobile®, ERP Firewall and Single Signon  – are in production at nearly 100 PeopleSoft customers. PeopleMobile® renders PeopleSoft responsive across any mobile device and desktop. ERP Firewall and Single Signon protect PeopleSoft customers from criminal and inadvertent breach. For more information about GreyHeller, please visit www.greyheller.com.

Related Articles.

How to Use PeopleSoft Data Masking and Logging to Detect Security Threats
How to Use PeopleSoft Data Masking and Logging to Detect Security Threats
Security threats exist at the application, transaction, and data level. Unfortunately, default PeopleSoft data masking and logging capabilities are insufficient…...
March 22, 2022
Learn More
How Appsian Solved Unique SAML Integration & IdP Configuration
[Customer Story] How Appsian Solved University of Nebraska’s Unique SAML Authentication & IdP Configuration
The University of Nebraska uses PeopleSoft Campus Solutions for its student information system and wanted to streamline authentication for students,…...
March 3, 2022
Learn More
An overview of China's newly enacted data security law that increases the comprehensive legal framework for companies doing business in or with China
Unpacking China’s New Data Security Law and Privacy Legal Framework
If you’re a multinational enterprise (MNE) that does business in or with China, you’re likely aware of the Data Security…...
September 9, 2021
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Allocation of risk in a data breach

Allocation of risk in a data breach

By Chris Heller • December 6, 2014

We’re getting closer to a tipping point where organizations are going to have to prove conclusively to their customers, lenders, investors, shareholders that they are doing everything they can to secure their sensitive systems/data.

A federal judge recently rejected Target’s bid to dismiss lawsuits by financial institutions that claim Target had played a “key role” in allowing its computer systems to be compromised.

Apparently, Target had installed a $1.6 million advance breach detection systems from FireEye but failed to heed the alarms until after debit/credit card info of 40 million customers and personal info of 110 million customers was stolen.

What this means is that banks can go after merchants if they can prove the merchant was negligent in securing its systems.In the past, liability for breaches was governed by a complex series of agreements between merchants, payment processors and credit card companies.

Separately, consumers are pursuing class-action suits against Target.

If these bank and consumer class-action lawsuits are adjudicated for the plaintiffs, any organization that has its customers/employees/vendors sensitive data compromised could be subject to costly legal action.

And certainly the cost of that legal action will be far greater than the implementation and proper monitoring of security technology.

Related Articles.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Fluid UI– How to Deploy Safely & Securely– Webinar Recording

Fluid UI– How to Deploy Safely & Securely– Webinar Recording

By Chris Heller • December 4, 2014

GreyHeller’s Executive Director of Security Solutions, Greg Wendt, leads a demo-intensive session showing how organizations can deploy fluid transactions safely using the following techniques:

  • Location-based security
  • Two Factor Authentication
  • Field level masking
  • Logging and Analysis
  • Utilization of Mobile Device Management solutions

Related Articles.

How Appsian Solved Unique SAML Integration & IdP Configuration
[Customer Story] How Appsian Solved University of Nebraska’s Unique SAML Authentication & IdP Configuration
The University of Nebraska uses PeopleSoft Campus Solutions for its student information system and wanted to streamline authentication for students,…...
March 3, 2022
Learn More
An overview of China's newly enacted data security law that increases the comprehensive legal framework for companies doing business in or with China
Unpacking China’s New Data Security Law and Privacy Legal Framework
If you’re a multinational enterprise (MNE) that does business in or with China, you’re likely aware of the Data Security…...
September 9, 2021
Learn More
Access Governance is Critical for Preventing Phishing Attacks
Access Governance is Critical for Preventing Phishing Attacks
The news is flooded with stories about cybercriminals successfully engaging in phishing and social engineering aimed at exploiting people’s COVID-19…...
May 18, 2020
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / GreyHeller Presents A Two-Part Webinar

GreyHeller Presents A Two-Part Webinar

By Chris Heller • November 24, 2014
 
2-Part Webinar Series Fluid UI – An Early Look
Join Larry Grey, GreyHeller’s President, and Chris Heller, CIO at GreyHeller, for an early look at Fluid UI with a two-part webinar series on mobility, design and security.
Fluid UI – Under the Covers
Dec. 3rd  11am (PST) In this demo-intensive session, we will use a live HCM 9.2 environment to show techniques for deploying Fluid UI:
  • The user interface of delivered fluid transactions and landing pages
  • Co-existence between fluid and non-fluid pages
  • Techniques for developing fluid pages
  • Techniques for modifying fluid behavior
  • Incorporating fluid into a corporation’s branding and corporate identity
Fluid UI – How to Deploy Safely & Securely
Dec. 4th  11am (PST) Fluid UI capabilities allow organizations to provide an unprecedented level of self service functionality to employees across a wide range of browsers and mobile devices.  As organizations look to deploy these functions to new locations and on new devices, the question of security becomes critical.  In this demo-intensive session, learn how organizations can deploy fluid transactions safely using the following techniques:
  • Location-based security
  • Two Factor Authentication
  • Field level masking
  • Logging and Analysis
  • Utilization of Mobile Device Management solutions
We hope to see you there!We encourage you to forward this e-mail to colleagues who may also be interested in attending.Can’t make the webinar? Register above for one or both of the webinars to receive a copy of the recording and to be added to our webinar invite list.

Related Articles.
2-Part Webinar Series Fluid UI – An Early Look
Join Larry Grey, GreyHeller’s President, and Chris Heller, CIO at GreyHeller, for an early look at Fluid UI with a two-part webinar series on mobility, design and security.
Fluid UI – Under the Covers
Dec. 3rd  11am (PST) In this demo-intensive session, we will use a live HCM 9.2 environment to show techniques for deploying Fluid UI:
  • The user interface of delivered fluid transactions and landing pages
  • Co-existence between fluid and non-fluid pages
  • Techniques for developing fluid pages
  • Techniques for modifying fluid behavior
  • Incorporating fluid into a corporation’s branding and corporate identity
Fluid UI – How to Deploy Safely & Securely
Dec. 4th  11am (PST) Fluid UI capabilities allow organizations to provide an unprecedented level of self service functionality to employees across a wide range of browsers and mobile devices.  As organizations look to deploy these functions to new locations and on new devices, the question of security becomes critical.  In this demo-intensive session, learn how organizations can deploy fluid transactions safely using the following techniques:
  • Location-based security
  • Two Factor Authentication
  • Field level masking
  • Logging and Analysis
  • Utilization of Mobile Device Management solutions
We hope to see you there!We encourage you to forward this e-mail to colleagues who may also be interested in attending.Can’t make the webinar? Register above for one or both of the webinars to receive a copy of the recording and to be added to our webinar invite list.
-->

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Cyber Criminals Targeting University Payroll Systems

Cyber Criminals Targeting University Payroll Systems

By Chris Heller • November 18, 2014

August 26, 2014 – San Ramon, CA – According to a recent advisory issued by Research and Education Networking Information Sharing and Analysis Center (REN-ISAC), Higher Education faculty and administrators are being targeted with sophisticated spearphishing attacks. Cyber criminals harvest credentials and then alter victims’ payroll bank account information to re-route direct deposits to bank accounts controlled by the cyber criminals.

Tactics, techniques and procedures (TTP’s) of the cyber criminals include:

  • Altering direct deposit account information
  • Spoofed to appear as if message came from the appropriate department, e.g. HR for “salary increase” lures or IT department if “mailbox exceeded”
  • Spoofed login screens that are a close replica of legitimate login screen
  • Targeting of faculty and staff
  • Using university images within e-mails text
  • Spoofed institutional-specific prompts for additional credential information, e.g., PINS, bank account numbers.
  • URLs mimicking legitimate (and accessible) portal URLs
  • Use of the “salary increase” approach seems to coincide with end of the fiscal year.

The phishing e-mails have contained official institutional images, often via an HTML image link direct to the resource.

“Higher Education is a honey pot for the bad guys. We know of dozens more institutions that have been spearphished than are mentioned in the REN-ISAC report,” according to Greg Wendt, GreyHeller’s Executive Director of Security Solutions.”

GreyHeller’s Security Suite complies with REN-ISAC’s recommended prevention techniques:

  • Redacting or masking of sensitive data
  • Implementing Two-Factor Authentication at the transaction layer
  • Limiting self-service functions by location – on- or off-campus
  • Detailed and specific logging of the most critical events

“Our recent Security webinar series focused on helping organizations mitigate cybercrime. How to implement Two-Factor Authentication and Logging/Analysis and Incident Response contain information that will thwart the bad guys,” stated Mr. Wendt.

Recordings of the webinars can be found on GreyHeller’s website. The full REN-ISAC advisory can be found here.

About GreyHeller

San Ramon, California-based GreyHeller serves Oracle® PeopleSoft customers globally across all industries, helping them secure and mobilize their PeopleSoft investment. GreyHeller’s software solutions – PeopleMobile®, ERP Firewall and Single Signon  – are in production at nearly 100 PeopleSoft customers. PeopleMobile® renders PeopleSoft responsive across any mobile device and desktop. ERP Firewall and Single Signon protect PeopleSoft customers from criminal and inadvertent breach. For more information about GreyHeller, please visit www.greyheller.com.

Related Articles.

An overview of China's newly enacted data security law that increases the comprehensive legal framework for companies doing business in or with China
Unpacking China’s New Data Security Law and Privacy Legal Framework
If you’re a multinational enterprise (MNE) that does business in or with China, you’re likely aware of the Data Security…...
September 9, 2021
Learn More
Access Governance is Critical for Preventing Phishing Attacks
Access Governance is Critical for Preventing Phishing Attacks
The news is flooded with stories about cybercriminals successfully engaging in phishing and social engineering aimed at exploiting people’s COVID-19…...
May 18, 2020
Learn More
December is Prime “ERP Data Breach” Season… Be Prepared!
Establishing security best practices for your PeopleSoft applications is always a work in progress. As newer, more advanced threats come…...
November 28, 2018
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Webinar Recording: GreyHeller and Fluid UI

Webinar Recording: GreyHeller and Fluid UI

By Chris Heller • November 17, 2014

OHUGlogoTM[2]

On November 5, 2014, OHUG sponsored the webinar: GreyHeller and Fluid UI– The Best of Both Worlds.

GreyHeller’s Responsive Design technology for Mobile and Desktop has been very well received by PeopleSoft customers. PeopleTools 8.54 Fluid UI makes PeopleSoft 9.2 pages responsive for Mobile and Desktop. GreyHeller’s Responsive Design technology has been built to be complementary to Fluid UI.

To see a recording of the demo, please visit:  http://ohug.org/p/do/si/topic=82&type=0

Related Articles.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Secure Yourself Today for Tomorrow!

Secure Yourself Today for Tomorrow!

By Greg Wendt • September 17, 2014

Ethical Hackers at Rhino Security Labs released information about serious security holes within Oracle applications this week. Millions of records were at risk across numerous state and federal agencies, colleges and ports.

There are several causes of an event like this. Lax security and poor change control policies are at the forefront. Isn’t it time to stop “hoping” that you do not get hacked? Utilizing the ERP Firewall for multi-factor authentication could have stopped access like this before it started.

Oracle released the patch for this issue more than two years ago. Two years and it is still an issue in production systems around the world. Maintenance and security go hand in hand. If your organization cannot stay current on maintenance – then you owe it to you customers to implement the ERP Firewall to protect their data. If your organization stays current with maintenance you still owe your customers the same protection level of the ERP Firewall.

As the article states, “This is somewhat bigger than, than some of the major data breaches we’ve seen in the credit card industry,” said Caudill. “Even though there’s many fewer records here, only a few million, we’re talking about Social Security numbers, date of births, everything you need for identity theft, as opposed to credit card theft.”

Securing your applications is not an option it is mandatory. Make the call today, because it is not just your job your saving it is your identity.

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
7 Benefits Of Automating User Access Reviews In PeopleSoft
7 Benefits Of Automating User Access Reviews In PeopleSoft
When PeopleSoft users transition to different roles or offboard, their previous roles and accounts in the system often remain intact.…...
May 6, 2022
Learn More
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / GreyHeller Presents a FREE Webinar Series

GreyHeller Presents a FREE Webinar Series

By Chris Heller • August 18, 2014
Join us for a series of informative webinars hosted by Larry Grey, President, Chris Heller, Chief Technology Officer and Greg Wendt, Executive Director, Security Solutions & Services.

MOBILIZE PEOPLESOFT

Mobilizing PeopleSoft — Campus Solutions Sept. 10, 2014   11am-Noon (PDT) Learn how to mobilize your entire PeopleSoft application in 90 days or less, including customizations.
Mobilizing PeopleSoft — HCM  Sept. 17, 2014   11am-Noon (PDT) Learn how to mobilize your entire PeopleSoft application in 90 days or less, including customizations.
Mobilizing PeopleSoft — Financialsand Supply Chain Sept. 24, 2014   11am-Noon (PDT) Learn how to mobilize your entire PeopleSoft application in 90 days or less, including customizations.

SECURE PEOPLESOFT

How to Implement Two-Factor Authentication Oct. 1, 2014   11am-Noon (PDT) Learn how to use 2FA to protect your data, determine which functions are right for you and how 2FA will benefit your constituents
Logging and Analysis & Incident Response Oct. 8, 2014   11am-Noon (PDT) Learn how to implement a full circle logging practice, use logs for performance tuning, incident response and more!
We hope to see you there!We encourage you to forward this e-mail message to colleagues who may also be interested in attending.Can’t make the webinar?Register for more information and to be added to our webinar invite list.

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
7 Benefits Of Automating User Access Reviews In PeopleSoft
7 Benefits Of Automating User Access Reviews In PeopleSoft
When PeopleSoft users transition to different roles or offboard, their previous roles and accounts in the system often remain intact.…...
May 6, 2022
Learn More
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

  1. Pages:
  3. 1
  4. ...
  5. 22
  6. 23
  7. 24
  8. 25
  9. 26
  10. 27
  11. 28
  12. ...
  13. 34
Request a Demo

Start your free demo

"Learn how you can reduce risk with rapid threat protection, audit response and access control. All from a single, comprehensive platform"

Trusted by hundreds of leading brands