Mentor Program

A notice to budding Information Security professionals.  With many years of experience in many aspects of Information Security, IT Auditing at business and low-level, it is always a pleasure to meet some of my peers that have dedication and zest.

Any person is welcome to submit a query to get more information in obtaining information to start walking the path with me.  This will of course be vetted to ensure that no users with dubious intent get onto the road.

Why am I doing this?

Information Security is growing globally and we need to develop the skills of many users entering the market.  Information Security is a huge domain and we need to focus on the right skills and right development path.  It will be beneficial creating a group with like-minded intent and learning from those who have walked the path.

If you need any further information, please complete the following form and I (Mervin Pearce (CISSP-ISSAP)) will be personally be contacted from my personal domain.

 

Presidency.gov.za site hacked

Take away: Make sure you stay up-to-date with latest security news and apply all patches as soon as possible depending on the exposure and impact.

On the 7th of July 2018 accessing the South African Presidency site, http://www.thepresidency.gov.za, were greeted by the following home screen…

It has been restored to it’s previous form.

Visiting Zone-h (listing of hacked sites), 2 South African sites were found to be hacked by the same ‘team’.

The back-end revealed that both uses Drupal 7 (A popular Content Management System) with 3 critical security risks identified in March and April 2018.  This is easy by right-clicking and inspecting the web source.

The Presidency ‘Source’

 

Another Drupal 7 source – RoyalCaribbean.co.za

Tips

  • The source of the web pages are post the hacks and hopefully all new patches have been applied.  There is nothing wrong to use opensource software, but the installation, configuration and security monitoring and management is critical;
  • You need to be proactive and have the right staff/functions in place;
  • Monitor security notifications and apply patches or compensating controls to minimize your risk;
  • Monitor and review your logs
  • Expect to be hacked and prepare your response plan
  • ‘Hack’ your own systems to test the security.

 

Practice Safe HEX