Tuesday, May 13, 2014

Forensic Audit Interview with PWC on BFM

- Related to P7 AAA Candidates

Exam pressures are closing in. Nice to relax for a while. Heard a good practical interview with Director of Forensics Lead Alex Tan on approaches on survey related to Corporate Fraud. This is an international studies and as you have guessed right that Malaysia is ranked quite high on Fraud risks. As you can see many 'unresolved' scandals posted below. Note that the sources were taken from Government controlled press. Biased it would be in "protecting" its own leaders. But have a read and see if you can't help it but see glaring Corporate Governance failures, lack of accountability and opaque explanations.

To play the above mentioned interview, please go directly to link below:

PwC's 2014 Global Economic Crime Survey - The Malaysian Cut

Sit back and enjoy this interview of about 30 minutes. It touches on Forensic strategies, ethical approaches in conducting it and Report Assurance Findings (also known as Negative Assurances Report). All of which are related to P7 AAA exam preparations.











 Source:Shawan, 2014,
SHAZWAN MUSTAFA KAMALJanuary 13, 2014
SHAZWAN MUSTAFA KAMALJanuary 13, 2014
http://www.themalaymailonline.com/malaysia/article/is-pkfz-scandal-a-crime-without-culprits-pakatan-asks, January 13



Enjoy learning on case company Target (USA) Inc.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Case Company: Target Markets (USA) 

Target hackers may have exploited backdoor in widely used server software

KrebsonSecurity digs in to point-of-sale malware infecting retailer's network.





Update: About 24 hours after this report was published, BMC issued a statement that said in part: "BMC has confirmed that the password mentioned in the press is not a BMC-generated password. At this point, there is nothing to suggest that BMC BladeLogic or BMC Performance Assurance has a security flaw or was compromised as part of this attack."

Widely used management software running on Target's internal network may have given an important leg-up to attackers who compromised 40 million payment cards belonging to people who recently shopped at the retail giant by KrebsonSecurity.

Malware that infected Target's point-of-sale terminals used the account name "Best1_user" and the password "BackupU$r" to log in to a control server inside the Target network. The malware used the privileged insider access to temporarily stash payment card data siphoned out of the terminals used in checkout lines so it could then periodically be downloaded to a different service for permanent storage. In Wednesday's post, Krebs filled in some intriguing new details that suggest a poorly secured feature inside a widely used server management program may have played a role. Krebs explained:
That “Best1_user” account name seems an odd one for the attackers to have picked at random, but there is a better explanation: That username is the same one that gets installed with an IT management software suite called Performance Assurance for Microsoft Servers. This product, according to its maker — Houston, Texas based BMC Software — includes administrator-level user account called “Best1_user.”
This knowledge base article (PDF) published by BMC explains the Best1_user account is used by the software to do routine tasks. That article states that while the Best1_user account is essentially a “system” or “administrator” level account on the host machine, customers shouldn’t concern themselves with this account because “it is not a member of any group (not even the ‘users’ group) and therefore can’t be used to login to the system.”
“The only privilege that the account is granted is the ability to run as a batch job,” the document states, indicating that it could be used to run programs if invoked from a command prompt.
Krebs went on to quote a part of the BMC article that said:
Perform Technical Support does not have the password to this account and this password has not been released by Perform Development. Knowing the password to the account should not be important as you cannot log into the machine using this account. The password is known internally and used internally by the Perform agent to assume the identity of the “Best1_user” account.
Krebs asked BMC if "BackupU$r" is the password that controls access to the "Best1_user" account. Company representatives have yet to provide an answer.

Krebs also cited a report that Dell SecureWorks privately distributed to clients earlier this week. "The Best1_user account appears to be associated with the Performance Assurance component of BMC's Software's Patrol product," Dell SecureWorks researchers wrote. "According to BMC's documentation, this account is normally restricted, but the attackers may have usurped control to facilitate lateral movement within the network."

Krebs also repeated what Ars that there's a compelling case to be made that, just like the co-conspirators of now-convicted Albert Gonzalez, the people who hacked Target may have first penetrated the network by mounting a SQL injection attack on Target's website. Wednesday's report from Krebs has many more details, including a recent dump of more than 2 million compromised payment cards, all of them used at Target between November 27 and December 15.


2 comments:

Unknown said...

BladeLogic Server Automation online Training - 21st ... Call Us +919000444287
www.21cssindia.com/courses/blade-logic-online-training-187.html
Blade Logic Training, Blade Logic online Training, Blade Logic Corporate Training, Best Blade Logic Training, Expert Blade Logic Training, BladeLogic Server ...

21st Century Software Solutions said...

BladeLogic Server Automation online Training - 21st ...
http://www.21cssindia.com/courses/blade-logic-online-training-187.html
ఈ పేజీని అనువదించు
Blade Logic Training, Blade Logic online Training, Blade Logic Corporate Training, Best Blade Logic Training, Expert Blade Logic Training, BladeLogic Server ...
Courses at 21st Century Software Solutions
Talend Online Training -Hyperion Online Training - IBM Unica Online Training - Siteminder Online Training - SharePoint Online Training - Informatica Online Training - SalesForce Online Training - Many more… | Call Us +917386622889 - Visit: ttp://www.21cssindia.com/courses.html

URGENT: SBL Exam Guidance for Dec 2018 Exams

EVERY SUCCESS IN YOUR DECEMBER 2018 EXAMS Change is the only constant. Kasturi Core lecturing team has now moved to 2 new locations. ...