“Bow-Chicka-Bow-Wow!” – Privacy Failure of Photobucket Can Make You a Porn Star! August 13, 2012
Posted by Chris Mark in cybersecurity, Data Breach.Tags: cybercrime, cybersecurity, data breach, fuscking, mark consulting group, Photobucket, privacy, security
add a comment
For those who like to use the popular photo sharing site Photobucket to share (ahem)..”private” pictures may want to take action immediately. According to an article on CNN, a privacy flaw in the way Photobucket allows users to share photos resulted in hackers gaining access to numerous R rated and even explicit photos of users. Photobucket allows users to share photos using direct links. This means that even if the user does not intend to share a photo, if a person can deduce the URL then the unencrypted file can be directly accessed. This is a hack known as “Fuscking” and it has been used to access numerous files. (more…)
“August 2012 TransactionWorld Magazine” – Chris & Heather Mark’s Articles August 13, 2012
Posted by Chris Mark in cybersecurity, Data Breach, Industry News.Tags: compliance, cybersecurity, data breach, data security, mark consulting group, mastercard, PCI DSS, security, visa
add a comment
Chris and Heather Mark both have articles in the August 2012 issue of TransactionWorld Magazine. Chris’ is titled: “The Impact of the Fortress Mentality & Today’s Compliance Strategies” while Heather’s is titled: “After the Compromise; Security Incident Response and Mitigating the Damage”
One note. I apparently forgot to update my bio with the Editor in Chief so the article erroneously references me as the Executive Vice President of Data Security and Compliance for a payment processor. You can visit Mark Consulting Group at the following: www.MarkConsultingGroup.com
“I know it’s true because I got it from the Internet!” – Reuters Hacked by Pro-Assad Group to publich Propaganda August 6, 2012
Posted by Chris Mark in competitive intelligence, cyberespionage, cybersecurity.Tags: assad, cybersecurity, data breach, data security, mark consulting group, propaganda, reuters, risk, Twitter
add a comment
Reuters acknowledged that on August 3rd, their blogging platform was hacked and a false, pro-Assad post was published. “Reuters.com was a target of a hack on Friday,” the company said in a statement. “Our blogging platform was compromised and fabricated blog posts were falsely attributed to several Reuters journalists.” Additionally, Reuters Twitter account was hacked and used to tweat several false, and pro-Assad messages. While this type of propaganda has been going on for as long as news has been published, the ease of which a person or group can publish on the Internet coupled with the speed at which it can spread creates new challenges for companies. Imagine a situation in which a company is hacked and fraudulent financial data is released before an IPO? As the US Presidential elections ramp up, we are seeing increasing numbers of stories and claims that can only be categorized as propaganda. In fact, unless you clicked on the links above and checked the underlying domains, you have no real confidence that this particular post is true, or accurate. 😉
It is important for companies to monitor the news that is being distributed about the organization. I have worked at an organization where we found someone who had intentionally published misleading and malicious information in an attempt to promote a competitor. While it did not require hacking a news system to publish the story, it is yet another area that exposes companies to unnecessary risk.
“The Fortress Mentality & Data Compromises” – Chris & Heather Mark in August 2012 TransactionWorld Magazine July 31, 2012
Posted by Chris Mark in cybersecurity, Data Breach.Tags: Chris Mark, compromise, data breach, data theft, Heather Mark, mark consulting group, mastercard, PCI DSS, transaction world, visa
add a comment
This month’s TransactionWorld magazine includes an article by me (Chris Mark) titled: “The Impact Of the Fortress Mentality and Today’s Compliance Strategies”. The article discusses, among other things, the Global Payments breach, PCI DSS compliance, and provides an overview and opinion on today’s focus on compliance with static standards as opposed to risk based information security. One important note. I neglected to send an updated BIO to the editor so it still references my position at ProPay. I have not worked at ProPay for over a year 😉 You can read more about my company Mark Consulting Group at www.MarkConsultingGroup.com.
Heather Mark is also in this month’s TransactionWorld with an article titled: “After the Compromise: Incident Response Plans and Mitigating the Damage” Heather speaks about data compromises and provides good insight into strategies companies can employ to minimize the impact of such breaches.
Oil Giants Hacked by Anonymous in “Save the Arctic Phase2” July 16, 2012
Posted by Chris Mark in Data Breach, Industry News.Tags: anonymous, bp, cybercrime, cybersecurity, data breach, exxon, InfoSec & Privacy, mark consulting group, savethearctic, security
add a comment
According to CyberWarNews.com Anonymous set its sites on oil giants Shell, BP, Gazprom, and Rosneft in what has been dubbed “Save the Arctic Phase 2”. This comes on the heels of phase one in which account details including administrator accounts, passwords and other server info was stolen from Exxon and released.
According to the messages posted on pastebin, the account were used to sign the petition on savethearctic.org and, more disturbingly, for phishing attacks. Hacktivism is a growing concern for all companies. Whether it be to combat the perceived unfair distribution of wealth of capitalism, support of US defense industry, or environmental issues, hacktivists are increasingly active against corporations.
Global Security, Privacy, & Risk Management 