Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Morgan Stanley Insider Case Offers New Year Insider Reminders
Oldest First  |  Newest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
1/6/2015 | 4:29:25 PM
Morgan Stanley got lucky or were they prepared?
Interesting that the the alleged perpetrator "was not very sophisticated or adept at hiding his activities." Makes me wonder if a more intreped attacker would have caused more damage.
Technocrati
Technocrati,
User Rank: Ninja
1/7/2015 | 6:58:42 PM
He's No Snowden.......

So now the financial industry has to worry about the would be hacker within ?  Already on the long rebound from the Chase debacle now Morgan Stanley ?    

From the narrative it sounds like Morgan Stanley got lucky or perhaps this person couldn't afford to flee to Russia.

Technocrati
Technocrati,
User Rank: Ninja
1/7/2015 | 7:07:35 PM
Re: Morgan Stanley got lucky or were they prepared?

@Marilyn   Cohodas -  Good question, no doubt in my mind and we can only imagine what they would do with this data and how Morgan Stanley would react to it ?   Would they use the Sony defense ?   Where we argue it is every taxpayers problem or would they use the Chase Method and not say anything for months ?

Either way it is oddly fascinating to see the "Damage Control Psychology of the Breech" evolve as we speak. 

Now if we can get someone to be accountable - we just might be getting somewhere.

Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
1/8/2015 | 9:16:03 AM
Re: Morgan Stanley got lucky or were they prepared?
With the prevailng industry view that breaches are going to happen, & the best defense is limit the exposure to your most sensitive and critical data,I'd say Morgan Stanley was both lucky and prepared. But the fact that the source of the breach was an employee "wealth manager" should be a serious wakeup call about the insider threat to all, not just the financial industry.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-35120
PUBLISHED: 2022-12-01
IXPdata EasyInstall 6.6.14725 contains an access control issue.
CVE-2022-43333
PUBLISHED: 2022-12-01
Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php.
CVE-2022-44211
PUBLISHED: 2022-12-01
In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings.
CVE-2022-44212
PUBLISHED: 2022-12-01
In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel.
CVE-2022-23737
PUBLISHED: 2022-12-01
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This vulner...