Paladion Labs

New Age Data Security Measures for Telecom Industry

The telecom industry has seen a tremendous growth in the past decade. Increasing competition in the market has led to organizations working enthusiastically to develop new products by leveraging cutting-edge technologies.

Decrypting Recent Cyber Frauds!

Lately, the media has had its hands full with reports of massive fraud being uncovered at various financial institutions. With the rapid proliferation of electronic channels for banking, fraudsters have turned their focus on compromising security controls and processes at banks through ingenious social engineering and technology tools. One thing that is clearly emerging is that fraud is no longer an individual crime, but a collaborative effort- where likeminded criminals form fraud rings or syndicates to perpetrate systematic heists.

This paper discusses some prominent cyber frauds that were recently reported in the media, the likely modus operandi and also possible countermeasures that banks and financial institutions could put in place to minimize the impact of such incidents in the future.

Why Leading Organizations Establish IT Risk PMO? October 2012

Many organizations realize the need to deal with large, complex situations like acting upon their customers' requirements, and competition in the business which results in adopting new IT infrastructure, complying with various information security standards, securing and managing customers' data.

Typically, these efforts involve planning and carrying out a number of parallel projects with their own requirements and expected results. The traditional project management may fall short to handle this situation as it requires greater skills and effort to address the current dynamism and changes in the current projects.

Consequently, many organizations are turning to a substantial body of experience with various skills to embark upon their requirements. This results in the organization looking out for an IT Risk Program/Project Management Office (PMO). IT Risk PMO defines the approach, strategies, mechanisms, and desirable results for managing large-scale efforts comprising parallel projects which facilitate to meet the business requirements and the organization's IT Risk & Compliance strategies.

Recent Malware Outbreaks Across the Globe

This report provides an update on recent malware outbreaks happening since past few months and analysis done by Paladion Anti-Phishing & Security Intelligence Team.

Even as operating systems and software developers try to make their products more secure, the threat from Trojans, worms and other forms of malware is more real than ever. Malware such as FLAME is one of the most complex pieces of malicious software yet found. Another Malware "Mahdi‟ is capable of stealing information mainly targeted computer systems from Iran, Israel, Saudi Arabia and Afghanistan and from other parts of the globe such as United States, New Zealand and Greece.

Another modular computer virus "Shamoon‟ used for cyber espionage in the energy sector. Similarities have been highlighted between Shamoon and the flame malware.

Paladion Anti-phishing & Security intelligence team has broadcasted security news on Mahdi Malware on July 18, 2012 and a report was shared on Flame Malware on June 15, 2012. The team published an update on the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga named "Gauss‟ on August 10, 2012. Going forward, we‟ve kept an eye on the emerging Malwares across the globe and will continue to dig into this phenomenon.

Threat Intelligence Report 2011

Year 2011 was dramatic year for InfoSec industry with enterprises witnessing a sharp rise in targeted attacks and creating many attention-grabbing headlines regarding data breaches. Despite strong threat management practices deployed by enterprises in 2011, information security threats have continued to increase.

We proudly present to you "Threat Intelligence Report 2011" from Paladion Labs, a comprehensive report on current Info security threat landscape for the region. In a way, its' a continuation of Paladion Lab's award winning "Phishing Intelligence Report H1 2011" with additional perspective on threat and security management. This report is an effort to give readers a firsthand view of the threat landscape of the region as seen by Paladion's SOC.

Phishing Threat Report

Financially motivated attacks continue to grow unabated across the globe, targeting banks and other financial organizations. The first half of this year has witnessed a number of security breaches on high profile organizations arising from sophisticated attacks.

This report "Phishing Threat Intelligence" provides an insight to all phishing attacks that were detected and responded to by Paladion SOC from different perspectives – the current trends in launching attacks, user's response to phishing baits and what Banks can do to minimize phishing related frauds.

Lessons from recent Security Breaches

Over last few months, security industry witnessed a series of high profile breaches, whose severity and frequency was not seen earlier. However, incidents can be great teachers. We therefore decided to investigate them not just to find out what really happened, but to deduce practical and political lessons from them.

PalizineInformation Security Intelligence

Palizine is an online monthly magazine focusing on subjects related to application security. Authored by Paladion security engineers, Palizine discusses on current topics on developing and using secure software by organizations.
The articles usually reflect on the author's work on advising customers develop safer software, hence adding a factual angle to each article and enabling the readers to have better insights on application security domain.
The key objective is to spread awareness and information on various aspects of application security including, mobile application security and code review, financial fraud analysis, web services security, etc.

Paladion's AppSec tools for Mobile Enthusiasts

InsecureBank

"InsecureBank" the application for Vulnerable Andriod developed by Paladion, is made for security enthusiasts and developers to learn the android insecurities by testing this vulnerable application. Some key vulnerabilities that can be learnt using this application are -

  • Information Sniffing due to Unencrypted Transport medium
  • Sensitive information disclosure via Property Files
  • Sensitive information disclosure via SD card storage
  • Sensitive information disclosure via SQLite DB

Automation Script

Paladion's Mobile Security Team has developed an automation script which is helpful in quick static analysis of Android Vulnerabilities. The script is a batch file, which prompts the user to provide the path of the android application code to be analysed.


List of key Checks that the script would be testing for:
  • Code to check for presence of HTML Sensitive Information
  • Code to check for insecure usage of SharedPreferences
  • Code to check for possible TapJacking attack
  • Code to check usage of external storage card for storing information

Case Study

Project - Holistic & Continual Security Management. The client is a fast-growing private sector retail bank. Ensuring security of banking transactions and customer privacy has been a norm for the bank since its inception.

View Case Study

Testimonial

“I was very pleased with the overall effort of the Paladion Networks team. They provided qualified..”
Bill Dziwura,
Executive Officer/CIO
Office of the Pardon Attorney
Department of Justice, USA

All Testimonials

Plynt

Paladion tests and certifies your application against security risks.300+ Organizations in 25 US States & 15 Nations worldwide benefit from Plynt Security testing program.

Visit Plynt site