Assignment#1
Recent Security Breach
Warner Music Group suffered an Magecart attack that occurred between 25 April and 5 August in 2020. The three-month long attack resulted to the leakage of customers personal and financial information. The company filed a legal data breach incident notice that acknowledged the Magecart attack. According to the music recording company, the hackers gained access to customers’ details from the e-commerce websites hosted and supported by an external service provider. The information also explained that an exfiltration from the customers checkout pages. In the legal filing, the company did not reveal the number of customers affected by the breach. The breach could be avoided by taking control of shadow code in the company’s web and mobile applications. It is also recommended to leverage the runtime behavioral analysis that would detect and stop hidden code from compromising the user data. The use of shadow code is a technic by cybercriminals that conduct client-side digital skimming and leads to information leakage.
Reference
Hope, A. (2020, September 10). CPO Magazine. Retrieved from https://www.cpomagazine.com/cyber-security/hackers-accessed-personal-and-credit-card-information-in-warner-music-group-magecart-attack/
Assignment#2
The mistakes done by the company is to allow the administrator to use personal credentials for creation of cloud-based work accounts with an external provider, CloudEmails.com. The company also allowed the administrator to have a strict admin access to the CloudEmails.com with no other person with an alternative access the administrator was required when there was need for access the work accounts and the email files. It is also the mistake of the company to terminate the services of the administrator before requiring, the hand over administrator access to the CloudEmails.com and email files.
On the side of the administrator, it was extremely dangerous and highly risky to use personal credentials in the establishment work accounts on an external provider of service such as CloudEmails.com. The use of personal credential was a mistake as it provides hackers information necessary to penetrate also the personal cloud information and data.
Reference
Smith, A. (2019, October 29). Consider banning use of personal cloud accounts for work. SHRM. Retrieved from https://www.shrm.org/resourcesandtools/legal-and-compliance/employment-law/pages/consider-banning-use-of-personal-cloud-accounts-for-work.aspx
Criminological Theory: Biological, Sociological, and Psychological Perspectives
Cj499 Bachelors Capstone: Criminological Theory In a 3- to 4-page paper (excluding title and reference pages), summarize and provide an example of how a biological, sociological, and psychological theory of crime causation affects human behavior and actions. Be sure to provide an example of each theory and include a reference to the examples that may […]
