Haiti EarthQuake Relief Live Breaking News From Major News Wires

Haiti EarthQuake

Subscribe to Haiti EarthQuake: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Haiti EarthQuake: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Haiti EarthQuake Authors: Jason Bloomberg, Ben Bradley, XebiaLabs Blog, Steve Mordue, Mark Campbell

Related Topics: Drupal Developer, CMS Journal, Agile Digital Transformation, Haiti EarthQuake

Blog Feed Post

Cybersecurity Lessons Learned From ‘Panama Papers’ Breach

In the weeks since the revelation of the Panama Papers, the world of the rich and powerful has been reeling. A single cyberattack against Mossack Fonseca, a quiet Panamanian law firm, has sent a tsunami around the world, toppling one world leader so far, with more turbulence to come.

The attacker absconded with a vast trove of information, consisting of millions of documents, emails, and other information – so much information, in fact, that journalists and other investigators have been poring through it for over a year.

panamahttp://intellyx.com/wp-content/uploads/2016/04/panama-260x101.jpg 260w, http://intellyx.com/wp-content/uploads/2016/04/panama-50x19.jpg 50w, http://intellyx.com/wp-content/uploads/2016/04/panama-600x233.jpg 600w, http://intellyx.com/wp-content/uploads/2016/04/panama.jpg 640w" sizes="(max-width: 400px) 100vw, 400px" />Still a mystery: the identity or identities of the attackers. Perhaps an insider with access to secret passwords? Or maybe a skilled attacker, well-versed in the intricacies of cyberespionage?

In all probability, neither profile is accurate, because the Mossack Fonseca attack was dead simple. So simple, in fact, that a teenager with no hacking knowledge other than basic googling skills could have done it.

Furthermore, the security mistakes Mossack Fonseca made were appallingly common. So common, in fact, that it’s fair to say most of the readers of this article work for organizations that are making at least one of the same mistakes.

Do you think the same thing that happened to Mossack Fonseca and its clients can’t happen quite so easily to your organization? Here’s your wakeup call: it already has. You probably just don’t know it yet.

What are you going to do about it?

The Mossack Fonseca Attack: Dead Simple

The attacker’s point of entry: older versions of popular open source web server software Drupal and WordPress. In the case of WordPress, a particular plugin was the likely culprit. “We think it is likely that an attacker gained access to the MF [Mossack Fonseca] WordPress website via a well-known Revolution Slider vulnerability,” according to Mark Maunder, Wordfence Founder and CEO. “This vulnerability is trivially easy to exploit.”

Read the entire article at http://www.forbes.com/sites/jasonbloomberg/2016/04/21/cybersecurity-lessons-learned-from-panama-papers-breach/.

Intellyx advises companies on their digital transformation initiatives and helps vendors communicate their agility stories. As of the time of writing, Certes Networks is an Intellyx customer. None of the other organizations mentioned in this article are Intellyx customers. Image credit: LWYang.

Read the original blog entry...

More Stories By Jason Bloomberg

Jason Bloomberg is a leading IT industry analyst, Forbes contributor, keynote speaker, and globally recognized expert on multiple disruptive trends in enterprise technology and digital transformation. He is ranked #5 on Onalytica’s list of top Digital Transformation influencers for 2018 and #15 on Jax’s list of top DevOps influencers for 2017, the only person to appear on both lists.

As founder and president of Agile Digital Transformation analyst firm Intellyx, he advises, writes, and speaks on a diverse set of topics, including digital transformation, artificial intelligence, cloud computing, devops, big data/analytics, cybersecurity, blockchain/bitcoin/cryptocurrency, no-code/low-code platforms and tools, organizational transformation, internet of things, enterprise architecture, SD-WAN/SDX, mainframes, hybrid IT, and legacy transformation, among other topics.

Mr. Bloomberg’s articles in Forbes are often viewed by more than 100,000 readers. During his career, he has published over 1,200 articles (over 200 for Forbes alone), spoken at over 400 conferences and webinars, and he has been quoted in the press and blogosphere over 2,000 times.

Mr. Bloomberg is the author or coauthor of four books: The Agile Architecture Revolution (Wiley, 2013), Service Orient or Be Doomed! How Service Orientation Will Change Your Business (Wiley, 2006), XML and Web Services Unleashed (SAMS Publishing, 2002), and Web Page Scripting Techniques (Hayden Books, 1996). His next book, Agile Digital Transformation, is due within the next year.

At SOA-focused industry analyst firm ZapThink from 2001 to 2013, Mr. Bloomberg created and delivered the Licensed ZapThink Architect (LZA) Service-Oriented Architecture (SOA) course and associated credential, certifying over 1,700 professionals worldwide. He is one of the original Managing Partners of ZapThink LLC, which was acquired by Dovel Technologies in 2011.

Prior to ZapThink, Mr. Bloomberg built a diverse background in eBusiness technology management and industry analysis, including serving as a senior analyst in IDC’s eBusiness Advisory group, as well as holding eBusiness management positions at USWeb/CKS (later marchFIRST) and WaveBend Solutions (now Hitachi Consulting), and several software and web development positions.