Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Security breach/compromise - 2012

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Dropbox - Password Breach Led to Spam

    FYI...

    Dropbox: Password Breach Led to Spam
    - https://krebsonsecurity.com/2012/07/...h-led-to-spam/
    July 31, 2012 - "Two weeks ago, many Dropbox users began suspecting a data breach at the online file-sharing service after they started receiving spam at email addresses they’d created specifically for use at Dropbox. Today, the company confirmed that suspicion, blaming the incident on a Dropbox employee who had re-used his or her Dropbox password at another site that got hacked... a statement released on its blog* this evening... says it has plans to roll out additional security measures that should help users protect their Dropbox accounts even if users (or employees, assumedly) lose account passwords, including two-factor authentication..."
    * http://blog.dropbox.com/index.php/se...-new-features/
    July 31, 2012 - "A couple weeks ago, we started getting emails from some users about spam they were receiving at email addresses used only for Dropbox... Our investigation found that usernames and passwords recently stolen from -other- websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts. A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam... we’re taking steps to improve the safety of your Dropbox even if your password is stolen, including:
    • Two-factor authentication, a way to optionally require two proofs of identity (such as your password and a temporary code sent to your phone) when signing in. (Coming in a few weeks)
    • New automated mechanisms to help identify suspicious activity. We’ll continue to add more of these over time.
    • A new page that lets you examine all active logins to your account.
    • In some cases, we may require you to change your password. (For example, if it’s commonly used or hasn’t been changed in a long time).
    At the same time, we strongly recommend you improve your online safety by setting a unique password for -each- website you use..."
    ___

    - http://h-online.com/-1657230
    1 August 2012

    - http://countermeasures.trendmicro.eu...red-questions/
    1 August 2012

    Last edited by AplusWebMaster; 2012-08-02 at 19:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Blizzard pwned - email, encrypted passwords slurped

    FYI...

    Blizzard pwned - email, encrypted passwords slurped
    Millions of World of Warcraft players raided
    - http://www.theregister.co.uk/2012/08...izzard_hacked/
    10 Aug 2012 - "Blizzard Entertainment, which makes World of Warcraft, Diablo III and other games, has coughed to a security breach of its internal network. Email addresses, answers to security questions and encrypted passwords linked to player accounts are believed to have been lifted by hacks. The gaming outfit said in a lengthy statement on its website that its security team had spotted "unauthorised and illegal access" into its system. It said: "We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened." Blizzard said it was yet to uncover evidence that sensitive financial data, including gamers' credit cards and billing addresses, had been compromised. "Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed," the company added. However, a list of email addresses for Battle.net users across the globe, excluding those based in China, had been lifted in the hacking. And it gets worse..."
    (More detail at the URL above.)

    - https://isc.sans.edu/diary.html?storyid=13870
    Last Updated: 2012-08-10 01:51:02 UTC
    ___

    - http://h-online.com/-1665425
    10 August 2012

    Last edited by AplusWebMaster; 2012-08-10 at 22:47.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down $10 million hacking spree on Subway sandwich shops

    FYI...

    $10 million hacking spree on Subway sandwich shops
    The Romanians admitted their role in ring that compromised some 146,000 cards
    - http://arstechnica.com/security/2012...hacking-spree/
    Sep 18, 2012 - "Two Romanian men have admitted to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway restaurant franchises and stole data for more than 146,000 accounts. The heist, which spanned the years 2009 to 2011, racked up more than $10 million in losses, federal prosecutors said.
    Iulian Dolan, 28, of Craiova, Romania, pleaded guilty to one count of conspiracy to commit computer fraud and two counts of conspiracy to commit credit card fraud, documents filed on Monday in US District Court in New Hampshire showed. Dolan admitted he helped alleged ring leader Adrian-Tiberiu Opera scan the Internet for point-of-sale systems... Monday's plea agreement, which was signed by the defendant, stated. "Next, once he cracked the password and gained administrative access, Dolan remotely installed software programs called 'keystroke loggers' (or 'sniffers') onto the POS systems. These programs would record, and then store, all of the data that was keyed into or swiped through the merchants' POS systems, including customers' payment card data."
    Dolan hacked into "several hundred US merchants'" systems and stole payment data belonging to about 6,000 cardholders, according to the document. He has agreed to spend seven years in prison.
    Cezar Iulian Butu, 27, of Ploiesti, Romania, pleaded guilty to one count of conspiracy to commit credit card fraud. In a separate plea agreement that was also signed, he admitted repeatedly asking Opera to provide him with payment card data stolen through the conspiracy. He obtained data belonging to about 140 cardholders. Butu has agreed to be sentenced to 21 months in prison..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down IEEE data breach exposes 100,000 passwords

    FYI...

    IEEE data breach exposes 100,000 passwords ...
    - http://h-online.com/-1717358
    26 Sep 2012 - "Romanian researcher Radu Drăgușin says that he managed to extract 100,000 plain text IEEE member passwords from approximately 100GB of log files. The log files were publicly accessible on the IEEE's FTP server and had been available for at least a month before being discovered by the researcher... the most frequently used password continues to be "123456", closely followed by "ieee2012" and "12345678"... The IEEE has now confirmed the incident on its Facebook page and on its web site*, noting that the problem has been fixed and that it is currently in the process of informing affected users. The organisation is the largest technical industry association worldwide, managing, maintaining and approving standards such as the current Ethernet and Wi-Fi specifications."
    * https://origin.www.ieee.org/about/ne...er_2_2012.html

    - http://www.theregister.co.uk/2012/09..._leaks_logins/
    25 Sep 2012 - "... Apple, Google, IBM, Oracle, Samsung, NASA, Stanford University and so on – practically any outfit that employs high-ranking engineers in electrical, electronics, computer sciences and communications disciplines will probably get mentioned somewhere in the logs..."
    ___

    - http://www.darkreading.com/taxonomy/...e/id/240008028
    Sep 26, 2012

    Last edited by AplusWebMaster; 2012-09-27 at 14:12.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Adobe hacked ...

    FYI...

    Adobe hacked ...
    - http://h-online.com/-1719955
    28 Sep 2012 - "Adobe's Director of Product Security and Privacy, Brad Arkin, has summarised the current state of his company's investigations into the inappropriate use of Adobe certificates in a blog post*. Unknown intruders are thought to have hacked an internal server in order to provide specific malware programs with a valid digital signature. These tools were then apparently used for targeted attacks... Arkin doesn't specify who was attacked or what happened as a result. However, the extent of the attackers' efforts points towards a high-profile or at least a lucrative target. Arkin also neglects to answer the question of how the attackers intruded into Adobe's systems. What is known is that they compromised an internal build server that had the ability to issue code-signing requests. This server and the complete code-signing infrastructure have now been decommissioned. Arkin said that the private key that is associated with the compromised certificate was not stolen because it is kept in a hardware security module that was not breached. No other information or source code appears to have been stolen. On Thursday 4 October, Adobe plans to respond by revoking the affected certificate for any software that was signed after 10 July 2012. The revocation affects Adobe applications on the Windows platform as well as three Adobe AIR applications that are available for Windows and Mac systems (Adobe Muse, Adobe Story AIR Applications and Acrobat.com Desktop Services). The company has provided more detailed information about the affected software on a dedicated support page**..."
    * https://blogs.adobe.com/asset/2012/0...rtificate.html

    ** http://helpx.adobe.com/x-productkb/g...e-updates.html
    ___

    - http://www.f-secure.com/weblog/archives/00002435.html
    Sep 28, 2012

    - http://arstechnica.com/security/2012...-malware-apps/
    Sep 27, 2012

    Last edited by AplusWebMaster; 2012-09-28 at 17:11.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Hacks steal $400K from city bank account

    FYI...

    Hacks steal $400K from city bank account
    - https://www.computerworld.com/s/arti...y_bank_account
    Oct 15, 2012 - "Burlington, Wash. officials have notified hundreds of employees and residents that their bank account information was compromised last week when hackers broke into city systems and stole more than $400,000 from a city account at Bank of America. Among those impacted by the breach are employees participating in Burlington's electronic payroll deposit program and utility customers enrolled in the city's autopay program for sewer and storm drain charges. In an alert issued this morning, city administrator Bryan Harrison said all autopay customers should assume that their name, bank account number and routing number was comprised following an intrusion into a city utility billing system. He urged affected customers to immediately contact their bank to flag or close their accounts... All employees participating in the city's electronic payroll deposit program have also been asked to close out their old accounts and establish a new one as a result of the breach... the city first learned of the online heist last Thursday when an east coast bank sought information about a series of suspicious transfers from a Burlington city account... The city immediately reviewed the activity and noticed at least three "significant transactions" from its Bank of America account to accounts at the east coast bank. In all, over $400,000 was illegally transferred to business and personal accounts around the country over a two-day period... Investigators are trying to figure out how the intruders gained access to the Bank of America account. The account has been frozen and all of the city's money has been temporarily moved out of Bank of America as a precaution. Numerous other small town, municipalities and small businesses have been victimized by similar online heists over the past three or four years... The FBI has estimated that U.S. businesses and banks have lost hundreds of millions of dollars due to such thefts in recent years. The Burlington theft came just days after security firm RSA warned* of cybercriminals plotting a massive and concerted campaign to steal money from the online accounts of thousands of consumers at 30 or more major U.S. banks..."
    * http://blogs.rsa.com/rsafarl/cyber-g...nst-u-s-banks/
    ___

    TD Bank: Data loss affects 260,000 U.S. customers*
    - http://www.databreaches.net/?p=25643
    Oct 12, 2012
    * http://www.onlinesentinel.com/TD-Ban...in-Maine-.html
    "... loss of data affects bank customers in at least six states, and may include names, addresses, dates of birth and account numbers..."

    Last edited by AplusWebMaster; 2012-10-16 at 17:47.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Adobe pwd database compromised - Connectusers.com via SQL injection attack

    FYI..

    Adobe pwd database compromised - Connectusers.com via SQL injection attack
    - https://blogs.adobe.com/adobeconnect...ompromise.html
    Nov 14, 2012 - "Adobe is currently investigating reports of a compromise of a Connectusers.com forum database. These reports first started circulating late during the day on Tuesday, November 13, 2012. At this point of our investigation, it appears that the Connectusers.com forum site was compromised by an unauthorized third party. It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted. To protect Connectusers forum users, we have taken the following actions:
    - The Connectusers.com forum site was taken offline in the evening of Tuesday, November 13, 2012. We are working diligently to restore forum services as soon as possible.
    - We are in the process of resetting the passwords of impacted Connectusers.com forum members and will reach out to those members with instructions on how to set up new passwords once the forum services are restored.
    As a reminder, one of the best ways to protect yourself online is to follow password best practices and use different login credentials across different websites and services. We sincerely apologize for the inconvenience this may cause to our forum members. Your security is of critical importance to us, and we appreciate your patience as we work towards restoring Connectusers.com forum services."
    ___

    - https://isc.sans.edu/diary.html?storyid=14515
    Last Updated: 2012-11-15 04:03:00 UTC

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy FreeBSD.org hacked

    FYI...

    FreeBSD.org intrusion - Security Incident on FreeBSD Infrastructure
    - http://www.freebsd.org/news/2012-compromise.html
    Nov 17 2012 - "On Sunday 11th of November, an intrusion was detected on two machines within the FreeBSD.org cluster. The affected machines were taken offline for analysis. Additionally, a large portion of the remaining infrastructure machines were also taken offline as a precaution. We have found no evidence of any modifications that would put any end user at risk. However, we do urge all users to read the report (here)... and decide on any required actions themselves. We will continue to update (this) page as further information becomes known. We do not currently believe users have been affected given current forensic analysis, but we will provide updated information if this changes. As a result of this event, a number of operational security changes are being made at the FreeBSD Project, in order to further improve our resilience to potential attacks. We plan, therefore, to more rapidly deprecate a number of legacy services, such as cvsup distribution of FreeBSD source, in favour of our more robust Subversion, freebsd-update, and portsnap models.
    > http://www.freebsd.org/news/2012-com...e.html#details
    On Sunday 11th November 2012, two machines within the FreeBSD.org infrastructure were found to have been compromised. These machines were head nodes for the legacy third-party package building infrastructure. It is believed that the compromise may have occurred as early as the 19th September 2012. The compromise is believed to have occurred due to the leak of an SSH key from a developer who legitimately had access to the machines in question, and was not due to any vulnerability or code exploit within FreeBSD... No part of the base FreeBSD system has been put at risk. At no point has the intruder modified any part of the FreeBSD base system software in any way. However, the attacker had access sufficient to potentially allow the compromise of third-party packages. No evidence of this has been found during in-depth analysis, however the FreeBSD Project is taking an extremely conservative view on this and is working on the assumption that third-party packages generated and distributed within a specific window could theoretically have been modified.
    - What is the Impact?
    If you are running a system that has had no third-party packages installed or updated on it between the 19th September and 11th November 2012, you have no reason to worry. The Source, Ports and Documentation Subversion repositories have been audited, and we are confident that no changes have been made to them. Any users relying on them for updates have no reason to worry. We have verified the state of FreeBSD packages and releases currently available on ftp.FreeBSD.org. All package sets for existing versions of FreeBSD and all available releases have been validated and we can confirm that the currently available packages and releases have not been modified in any way. A package set for the upcoming FreeBSD 9.1-RELEASE had been uploaded to the FTP distribution sites in preparation for 9.1-RELEASE. We are unable to verify the integrity of this package set, and therefore it has been removed and will be rebuilt. Please note that as these packages were for a future release, the standard "pkg_add -r" tools to install packages could not have downloaded these packages unless they were requested explicitly. We unfortunately cannot guarantee the integrity of any packages available for installation between 19th September 2012 and 11th November 2012, or of any ports compiled from trees obtained via any means other than through svn.freebsd.org or one of its mirrors. Although we have no evidence to suggest any tampering took place and believe such interference is unlikely, we have to recommend you consider reinstalling any machine from scratch, using trusted sources..."
    (See more detail in the "Table of Contents" at the Freebsd URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Piwik - Backdoor Security Issue

    FYI...

    Piwik Compromised Source Package Backdoor Security Issue
    - https://secunia.com/advisories/51304/
    Release Date: 2012-11-27
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote
    ... compromised source file was distributed with version 1.9.2 on November 26, 2012 from 15:43 UTC to 23:59 UTC.
    Solution: Download and reinstall Piwik.
    Original Advisory:
    http://piwik.org/blog/2012/11/securi...2012-nov-26th/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down LogMeIn, DocuSign investigate Breach Claims

    FYI...

    LogMeIn, DocuSign investigate Breach Claims
    - https://krebsonsecurity.com/2012/12/...breach-claims/
    Dec 14, 2012 - "Customers of remote PC administration service Logmein.com and electronic signature provider Docusign.com are complaining of a possible breach of customer information after receiving malware-laced emails to accounts they registered exclusively for use with those companies. Both companies say they are investigating the incidents, but so far have found no evidence of a security breach. Some LogMeIn users began complaining of receiving malware spam to LogMeIn-specific email addresses on Dec. 3, 2012. The messages matched spam campaigns that spoofed the U.S. Internal Revenue Service (IRS) and other organizations in a bid to trick recipients into opening a malicious attachment. Multiple LogMeUsers reported receiving similar spam to addresses they had created specifically for their LogMeIn accounts and that had not been used for other purposes. The first LogMeIn user to report the suspicious activity said he received a malicious email made to look like it came from DocuSign but was sent to an address that was created exclusively for use with LogMeIn... DocuSign released a statement* saying that it is investigating the incident and is working with law enforcement agencies to take further action. But it chalked the incident up to aggressive phishing attacks, noting that 'antivirus vendors report malicious code incidents have been increasing by as much as 3600% in recent weeks'..."
    * http://www.docusign.com/spam
    "... some have also been received by DocuSign users. The latest spam emails contain a zip file with an executable containing malicious code that installs malware on the recipient’s computer if opened. These spam emails are not coming from DocuSign and are not related to the DocuSign service. DO NOT OPEN THE ATTACHMENT..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •