Sudo Solutions | Imperva SecureSphere | Spear Phishing | Career Opps

Web Version

Forward

TABLE OF CONTENTS

•

Solutions to the Sudo Challenge!

•

Enhancements to Imperva’s SecureSphere 10.5 Platform

•

Does Spear Phishing Work?

•

Careers with Securus Global

•

Securus Global Community

MAY 2014 EDITION

About Securus Global

Securus Global helps businesses of all sizes and across all industry sectors. When clients work with us once, we’re generally there with them for the long haul – becoming their security partner of choice.

To find our more about what we can assist you with, please email or call on (02) 9283 0255. For a description of some of our services, please visit our website: www.securusglobal.com

Solutions to the Sudo Challenge!

A few weeks ago, we posted a security challenge in our article - “How I got root with Sudo”. This post generated much discussion on social media and was focused around how to escalate privileges on real world examples of insecure configurations of Sudo.

Now that everyone’s had the time to have a go, we are ready to put some people out of their misery and publish the answers!

As we mentioned, there was more than one way to solve the challenge and at Securus, we came up with at least two ways to get a root shell; an “easy” way and an “intrusive” way. Numerous people responded with varying solutions, but overall all submissions fell into either categories.

Congrats to the 3 people found the intrusive way and the 15 who managed to find the easy way.

Enhancements to Imperva’s SecureSphere 10.5 Platform

Imperva (partner of Securus) have recently introduced new technology which enables customers to proactively define security strategies as opposed to reacting once they receive the security alerts.

By doing this, Imperva customers will be able to better protect against data access in real-time situations, as soon as suspicious behaviour is detected. The update of Imperva’s flagship SecureSphere platform confirms four major enhancements:

The ability to protect against access to SharePoint files in real-time based on business policy.
Two new feeds to ThreatRadar Reputation Services – Malicious Scanner and the Comment Spam
SecureSphere WAF for AWS is now shipping with SecureSphere 10.5.
Dramatically lowers TCO in Database Security- up to 90% fewer virtual appliances, reduce labour costs by up to 70% and reduces infrastructure costs by up to 90%.

Does Spear Phishing Work?

You often hear about the dangers of general phishing attacks as well as targeted spear phishing attacks, but there can be a feeling that mainstream media will over hype these to the point that sometimes it feels as if the world’s falling in. Recently, one of our clients chose to see how effective a spear phishing attack would be against senior management.

Securus Global were engaged to identify a number of reports to a particular individual within our client (all senior IT management), send them all an e-mail, convince them to click on a link to a “malicious” site and provide some credentials. Sounds pretty hard doesn’t it? Especially as the targets are senior management in an IT division. What could possibly go wrong?

Careers with Securus Global

As Securus Global continues to grow, we are currently looking for new Web App Penetration Testers in both our Sydney and Melbourne Offices!

More info: https://www.securusglobal.com/community/2014/04/03/hiring-penetration-testers/

Securus Global Community

Connect, Follow or Like us on social media to stay up to date with everything SG related: LinkedIN | Twitter | Facebook

Also be sure to checkout our tech team's blog and other industry news that we publish regularly on our website here: https://www.securusglobal.com/community/