Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Morgan Stanley Insider Case Offers New Year Insider Reminders
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
1/8/2015 | 9:16:03 AM
Re: Morgan Stanley got lucky or were they prepared?
With the prevailng industry view that breaches are going to happen, & the best defense is limit the exposure to your most sensitive and critical data,I'd say Morgan Stanley was both lucky and prepared. But the fact that the source of the breach was an employee "wealth manager" should be a serious wakeup call about the insider threat to all, not just the financial industry.
Technocrati
Technocrati,
User Rank: Ninja
1/7/2015 | 7:07:35 PM
Re: Morgan Stanley got lucky or were they prepared?

@Marilyn   Cohodas -  Good question, no doubt in my mind and we can only imagine what they would do with this data and how Morgan Stanley would react to it ?   Would they use the Sony defense ?   Where we argue it is every taxpayers problem or would they use the Chase Method and not say anything for months ?

Either way it is oddly fascinating to see the "Damage Control Psychology of the Breech" evolve as we speak. 

Now if we can get someone to be accountable - we just might be getting somewhere.

Technocrati
Technocrati,
User Rank: Ninja
1/7/2015 | 6:58:42 PM
He's No Snowden.......

So now the financial industry has to worry about the would be hacker within ?  Already on the long rebound from the Chase debacle now Morgan Stanley ?    

From the narrative it sounds like Morgan Stanley got lucky or perhaps this person couldn't afford to flee to Russia.

Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
1/6/2015 | 4:29:25 PM
Morgan Stanley got lucky or were they prepared?
Interesting that the the alleged perpetrator "was not very sophisticated or adept at hiding his activities." Makes me wonder if a more intreped attacker would have caused more damage.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-35730
PUBLISHED: 2022-12-04
Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress.
CVE-2022-40968
PUBLISHED: 2022-12-04
Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on WordPress.
CVE-2022-35507
PUBLISHED: 2022-12-04
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...
CVE-2022-35508
PUBLISHED: 2022-12-04
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Pr...
CVE-2022-46411
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.