Security Breach – 23 Feb 2024

Network security is paramount in the world of IT.

Security Breach – 23 Feb 2024

Network security is paramount in the world of information technology (IT). However, cybercriminals are constantly innovating, looking for new ways to penetrate business networks to steal data or deploy ransomware. As businesses increasingly rely on digital infrastructure, safeguarding sensitive data and ensuring the integrity of network systems is vital. That’s why many organisations are choosing to do regular network penetration testing to locate and close security gaps before bad actors have the opportunity to exploit them. A comprehensive understanding of network penetration testing offers you insight into how to make a smart decision when choosing a network penetration testing solution.

Network penetration testing, or pen testing, is sometimes referred to as ethical hacking. It is a cybersecurity assessment methodology used to evaluate the security of a computer network infrastructure that involves simulating an attack on a network from an external or internal threat perspective to identify vulnerabilities and weaknesses that could be exploited by malicious actors.

In a network penetration test, testers simulate real-world cyber-attacks to identify weak points in an organisation’s network defences. The goal is to identify any problems and fix them before a real malicious hacker can take advantage. That’s why it’s considered the best way to evaluate security risks. The primary objectives of network penetration testing are:

  • Identifying security weaknesses and vulnerabilities before they can be exploited by malicious actors.
  • Assessing the effectiveness of existing security controls and measures in place.
  • Providing insights and recommendations for improving the overall security posture of the network.

 

Recent Breaches

 

Australia – Tangerine Telecom – Internet provider

Exploit: Contractor Credentials

Risk to Business: Severe: Tangerine Telecom, a challenger retail service provider, says a “legacy” customer database containing details of 232,000 current and former customers was accessed by an unknown party via exploitation of a contractor’s credentials. “Approximately, 232,000 current or former Tangerine customer accounts are impacted dating from June 2019 to July 2023,” the telco said in a statement, adding all impacted customers were quickly notified.

“The following personal information was disclosed: full name, date of birth, mobile number, email address, postal address and Tangerine account number.” While investigation of the incident remains ongoing, Tangerine said that “login credentials of a single user engaged by Tangerine on a contract basis” were utilised in order to access the database.

United States – The U.S. Department of Defence (DoD) – Federal Government Agency

Exploit: Supply Chain Data Breach

Risk to Business: Severe: The U.S. Department of Defence (DoD) is in the process of notifying 20,600 people that their personal information was exposed in an email data security mishap last winter. According to the breach notification letter sent out to affected individuals on February 1, DoD is saying that a large number of emails were inadvertently exposed after they were left unprotected by a service provider between February 3 and February 20, 2023. The misconfigured cloud email server was hosted on Microsoft’s cloud for government customers, and the problem was solved in 2023, but not before the damage had been done.    

Talk to a TCT team member today about implementing cyber security plan for your business.

Robert Brown
23/02/2024

Related Articles:
Why Access Management is Critical
Vulnerability Management