Deloitte Security News.. They need an auditor

The last few days have been good for Equifax, all eyes have been focused on Deloitte security news!

This week’s Deloitte security news were dismissed by the company as a small incident; however, security researchers and Pentesters have been finding security holes all over the internet.

Want to stay up to date with security news? Please subscribe to our LinkedIN group , Like our Facebook page, or join our FREE Newsletter… Or do all! It’s free and you will always be informed.

The Guardian were tipped off by a reader a collection of Deloitte’s corporate VPN passwords, user names, and operational details lurking within a public-facing GitHub-hosted repository. The information were removed recently but the reader was quick enough to snap few screenshots.

deloitte security news screenshot

In addition to the potential leaks of corporate login details, Deloitte has internal and potentially critical systems open to the internet with remote desktop service (RDP) enabled. Such services should be protected and hidden, according to top consultancy firms, ironically.

“Just in the last day I’ve found 7,000 to 12,000 open hosts for the firm spread across the globe,” security researcher Dan Tentler, founder of Phobos Group, told The Register today. “We’re talking dozens of business units around the planet with dozens of IT departments showing very different aptitude levels. The phrase ‘truly exploitable’ comes to mind.”

As an example, a Deloitte windows server 2012 in South Africa was found with RDP wide open, acting like an Active Directory server, and with updates still pending.

Here is a system with NetBIOS open:

deloitte security news netbois

… And another example with RDP open on Active Directory:

deloitte security news rdp

… And some systems with pending updates:

deloitte security news updates

All of these Deloitte security news are embarrassing to the company, labeled a top security consulting agency in the world. The firm makes millions selling their security tech guru services on an hourly basis.

Another name that is being dealt with these news is #Gartner. The company said that “Deloitte ranked as the No. 1 global consulting organization for the 5th consecutive year.”

New York, NY, 11 June 2015 – For the fifth consecutive year, Gartner has ranked Deloitte member firms (Deloitte) as the number one global consulting organization based on 2014 market share revenue in their report Market Share Analysis: Consulting Services Worldwide, 2014. Gartner defines Consulting as Business and IT Consulting and includes revenue from Deloitte Consulting practices and advisory businesses globally.

“Developing actionable strategies and delivering on them with clients is critical to being a leader in this industry – but it isn’t enough to be the number one consulting organization,” said Jim Moffatt, Deloitte Global Consulting Leader. “Drawing on the breadth and depth of our network capabilities, investing the time to understand clients’ needs, and collaborating with them to create value – based on their definition of value – is what we feel has set Deloitte apart for five years running.”

The report notes, “The worldwide consulting service market grew 6.1 percent to $125.2 billion in 2014 from $118.1 billion in 2013. The top 10 consulting service providers combined grew at a fast pace of 6.8 percent compared with the overall market.”

 

Mohamad El Hout, MBA, M.Eng., CISSP

Mohamad is an entrepreneur and a Senior Security Consultant dealing with the design and delivery of standard and complex security gateway solutions, covering a wide range of cutting edge technologies. His interests include business, technology, leadership, sports, and the continuous pursuit of knowledge.

Leave a Reply

%d bloggers like this: