• HOME

  • ABOUT

  • SOLUTIONS

  • PAPERS AND PUBLICATIONS

  • CONTACT

  • Blog

  • More

    washingtoncybercenter.com

    © 2023 by Marketing Solutions. Proudly created with Wix.com

    Cybersecurity and Connected Vehicles

    December 11, 2019

    Cybersecurity, the Holiday Season and the Grinch

    December 6, 2019

    Cybersecurity, Vendors and Stolen Laptops

    December 2, 2019

    Cybersecurity and Dental Services

    November 29, 2019

    Cybersecurity and IT Firms

    November 25, 2019

    Cybersecurity and Small Town Attacks

    November 22, 2019

    Cybersecurity and Online Gaming

    November 18, 2019

    Cybersecurity, Backup Services and Ransomware

    November 15, 2019

    Cybersecurity, PLCs and DoS

    November 4, 2019

    Cybersecurity and Student Loans

    November 1, 2019

    Please reload

    Recent Posts

    I'm busy working on my blog posts. Watch this space!

    Please reload

    Featured Posts

    Cybersecurity and Employee Gaming

    May 20, 2019

    |

    Charles Parker II

    All is relatively well here at Woesnotgone Meadow, where everyone has above average bandwidth.

     

    In the Meadow, we are working towards more of a green future. We are recycling, and starting to use
    solar panels. There are other projects in the works. We do use electricity from the grid to power our computers, lights, stoves, microwaves, and other services at home and work. Margie is the local manager for the power company, and she
    generally manages all of the things we need to be done individually and for the Meadow, so we know it is done right and timely. Fortunately, we have not had a problem with this. Another electricity provider appears to not have been so
    lucky.

     

    Eskom is the largest electricity utility in South Africa. In this case, when a third party detects an issue on your system, and reports this vulnerability to you, seemingly someone in the company would thank the researcher and start working on closing the issue. This does not seem too outlandish or out of the realm of reality. This did not quite happen in a recent case with Eskom. The security researcher detected the vulnerability. This was located in Eskom’s information system with

    its database. This issue had been open for weeks. A company may not listen to someone without evidence. This issue was documented to other parties with a screenshot. The specific vulnerability operations at that time had not been disclosed. This may be from the Trojan Azorult, downloaded from a game. With this specific issue, the user who “allegedly” downloaded the Trojan had also been identified. The end result and detectable issue was the vulnerability was leaking customer data.

     

    The researcher informed them multiple times of the vulnerability and its effects. A news organization also had informed Eskom. There also had been direct messages on Twitter to Eskom. Still no action on this significant issue. After everything else failed, the issue was posted in a public forum (Twitter).

     

    The user’s data being exposed was the alarm for the researcher to focus on. The vulnerability was leaking the customer’s full name, type of credit card, partial credit card number, and credit card CVV.

     

    When you receive a gift, generally you don’t ignore this, especially the ones of this type. To receive this data early before the industry at large would have saved them a mass amount of time, money, overhead if they would have acted upon this. This also highlights the need for more user education. It should be obvious, however, the users should not load games on business computers.

     

    Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest version.

     

    Resources

    Abrams, L. (2019, February
    9). Power company has breach due to downloaded game. Retrieved from https://www.bleepingcomputer.com/news/security/power-company-has-security-breach-due-to-downloaded-game/  

     

    Dissent. (2019, February 6). Eskom data leak exposes sensitive customer information-security researcher. Retrieved from https://www.databreaches.net/eskom-data-leak-exposes-sensitive-customer-information-security-researcher/

     

    Finnegan, C. (2019, February 7). Eskom data leak may have exposed personal details of a number of customers. Retrieved from http://thechiefobserver.com/1304/eskom-database-flaw-may-have-exposed-personal-details-of-a-number-of-instances/

     

    NAVVA. (2019). Eskom data leak exposes sensitive customer information-security researcher. Retrieved from https://navva.org/africa/africa/eskom-data-leak-exposes-sensitive-customer-information-security-researcher/

     

    Vermeulen, J. (2019, February 6). Eskom data leak exposes sensitive customer information-security researcher. Retrieved from https://mybroadband.co.za/news/energy/295030-eskom-data-leak-exposes-sensitive-customer-information-security-researcher.html

     

    About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

    Share on Facebook
    Share on Twitter
    Please reload

    Follow Us

    I'm busy working on my blog posts. Watch this space!

    Please reload

    Search By Tags

    December 2019 (3)

    November 2019 (7)

    October 2019 (7)

    September 2019 (9)

    August 2019 (10)

    July 2019 (8)

    June 2019 (9)

    May 2019 (10)

    April 2019 (9)

    March 2019 (10)

    February 2019 (8)

    January 2019 (9)

    December 2018 (8)

    November 2018 (9)

    October 2018 (9)

    September 2018 (7)

    August 2018 (9)

    July 2018 (9)

    June 2018 (11)

    May 2018 (6)

    April 2018 (9)

    March 2018 (9)

    February 2018 (8)

    January 2018 (6)

    December 2017 (8)

    November 2017 (7)

    October 2017 (10)

    September 2017 (9)

    August 2017 (10)

    July 2017 (8)

    June 2017 (10)

    May 2017 (8)

    April 2017 (7)

    March 2017 (8)

    February 2017 (7)

    January 2017 (8)

    December 2016 (11)

    November 2016 (14)

    October 2016 (14)