On SolarWinds Orion Platform Security Breach

2021 ◽  
Author(s):  
Lindsay Sterle ◽  
Suman Bhunia
Keyword(s):  
Security Breach

scholarly journals Mimicking Anti-Viruses with Machine Learning and Entropy Profiles

Entropy ◽  
2019 ◽  
Vol 21 (5) ◽  
pp. 513 ◽  
Author(s):  
Héctor D. Menéndez ◽  
José Luis Llorente
Keyword(s):  
Machine Learning ◽  
Classification Algorithms ◽  
Security Breach

The quality of anti-virus software relies on simple patterns extracted from binary files. Although these patterns have proven to work on detecting the specifics of software, they are extremely sensitive to concealment strategies, such as polymorphism or metamorphism. These limitations also make anti-virus software predictable, creating a security breach. Any black hat with enough information about the anti-virus behaviour can make its own copy of the software, without any access to the original implementation or database. In this work, we show how this is indeed possible by combining entropy patterns with classification algorithms. Our results, applied to 57 different anti-virus engines, show that we can mimic their behaviour with an accuracy close to 98% in the best case and 75% in the worst, applied on Windows’ disk resident malware.

Reaction of users as potential victims of information security breach

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Suparak Janjarasjit ◽  
Siew H. Chan
Keyword(s):  
Information Security ◽  
Emotional Distress ◽  
Design Methodology ◽  
Mediating Effect ◽  
Security Breach ◽  
Content Type ◽  
Perceived Intensity ◽  
Good Intention ◽  
Negative Effect ◽  
A Company

Purpose The purpose of this study is to examine whether users’ perceived moral affect explains the effect of perceived intensity of emotional distress on responsibility judgment of a perpetrator and company, respectively, in an ill and good intention breach. Design/methodology/approach Participants completed a questionnaire containing items measuring their perceived intensity of emotional distress, perceived moral affect and responsibility judgment of a perpetrator and company, respectively. Findings The results support the mediating hypothesis on responsibility judgment of a perpetrator regardless of intention. The mediating hypothesis is also supported in an ill intention breach in responsibility judgment of a company. However, the mediating effect is not observed in a good intention breach when users assess a company’s responsibility. Originality/value The findings support the notion that users use the consequentialism approach when assessing a perpetrator’s responsibility because they focus on the victims’ emotional distress and discount a perpetrator’s intent, resulting in similar mediating effect of perceived moral affect in an ill and good intention breach. The results also indicate that perceived moral affect increases the negative effect of perceived intensity of emotional distress on responsibility judgment of a company, suggesting that users may exhibit empathetic feelings toward a company and perceive it as a victim of an ill intention breach. The lack of mediating effect in responsibility judgment of a company in a good intention breach may be attributed to the diminished effect of a perpetrator’s feelings of regret, sorrow, guilt and shame for causing emotional distress to the victims.

Web Application Vulnerabilities and Their Countermeasures

2018 ◽  
pp. 1312-1342
Author(s):  
Kannan Balasubramanian
Keyword(s):  
Access Control ◽  
Web Application ◽  
Denial Of Service ◽  
Real Life ◽  
Security Breach ◽  
System Administration ◽  
Session Management ◽  
Input Validation ◽  
Gain Access ◽  
Cross Site

The obvious risks to a security breach are that unauthorized individuals: 1) can gain access to restricted information and 2) may be able to escalate their privileges in order to compromise the application and the entire application environment. The areas that can be compromised include user and system administration accounts. In this chapter we identify the major classes of web application vulnerabilities, gives some examples of actual vulnerabilities found in real-life web application audits, and describes some countermeasures for those vulnerabilities. The classes are: 1) authentication 2) session management 3) access control 4) input validation 5) redirects and forwards 6) injection flaws 7) unauthorized view of data 8) error handling 9) cross-site scripting 10) security misconfigurations and 10) denial of service.

It's Not My Fault

2019 ◽  
Vol 30 (3) ◽  
pp. 18-37
Author(s):  
Tawei Wang ◽  
Yen-Yao Wang ◽  
Ju-Chun Yen
Keyword(s):  
Information Security ◽  
Information Transfer ◽  
Large Data ◽  
Future Research ◽  
Data Set ◽  
Security Breach ◽  
Security Breaches ◽  
Personally Identifiable Information ◽  
Types Of Information ◽  
Transfer Of Information

This article investigates the transfer of information security breach information between breached firms and their peers. Using a large data set of information security incidents from 2003 to 2013, the results suggest that 1) the effect of information security breach information transfer exists between breached firms and non-breached firms that offer similar products and 2) the effect of information transfer is weaker when the information security breach is due to internal faults or is related to the loss of personally identifiable information. Additional tests demonstrate that the effect of information transfer exhibits consistent patterns across time and with different types of information security breaches. Finally, the effect does not depend on whether the firms are IT intensive. Implications, limitations, and future research are discussed.

Protecting Data through 'Perturbation' Techniques

2008 ◽  
pp. 1550-1561
Author(s):  
Rick L. Wilson ◽  
Peter A. Rosen
Keyword(s):  
Data Mining ◽  
Data Protection ◽  
Data Security ◽  
Business Environment ◽  
Perturbation Techniques ◽  
Data Perturbation ◽  
Security Breach ◽  
Individual Record ◽  
Confidential Data ◽  
Initial Support

Data perturbation is a data security technique that adds ‘noise’ to databases allowing individual record confidentiality. This technique allows users to ascertain key summary information about the data that is not distorted and does not lead to a security breach. Four bias types have been proposed which assess the effectiveness of such techniques. However, these biases only deal with simple aggregate concepts (averages, etc.) found in the database. To compete in today’s business environment, it is critical that organizations utilize data mining approaches to discover additional knowledge about themselves ‘hidden’ in their databases. Thus, database administrators are faced with competing objectives: protection of confidential data versus data disclosure for data mining applications. This paper empirically explores whether data protection provided by perturbation techniques adds a so-called data mining bias to the database. The results find initial support for the existence of this bias.

scholarly journals ASiT backs trainees through upheaval

2007 ◽  
Vol 89 (7) ◽  
pp. 242-243
Author(s):  
Elaine Towell
Keyword(s):  
Surgical Training ◽  
Medical Training ◽  
Junior Doctors ◽  
Security Breach ◽  
High Profile ◽  
Medical Careers ◽  
Recruitment System

There is no doubt that surgical training is going through a period of major upheaval. The implementation of Modernising Medical Careers (MMC) has been steeped in controversy with recent months bringing uncertainty and anger as junior doctors compete for a limited number of training places. The introduction of a new selection and recruitment system, the Medical Training Applications System (MTAS), only served to exacerbate the anger. The system, as well as being involved in a major security breach, also failed to take into account doctors' qualifications and experience and was subsequently dropped, leaving a trail of destruction and high-profile resignations in its wake.

Sign in / Sign up

Export Citation Format

Share Document