Page 1 of 5 12345 LastLast
Results 1 to 10 of 41

Thread: Security breach/compromise - 2013

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Security breach/compromise - 2013

    FYI...

    Twitter hacked - 250K pwd's reset
    - http://blog.twitter.com/2013/02/keep...rs-secure.html
    Feb 01, 2013 - "... Within the last two weeks, the New York Times and Wall Street Journal have chronicled breaches of their systems... This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users. As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter... This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users..."

    - https://isc.sans.edu/diary.html?storyid=15064
    Last Updated: 2013-02-02 02:22:50 UTC

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fed Reserve hacked by Anonymous

    FYI...

    Fed Reserve hacked by Anonymous
    - http://h-online.com/-1799026
    6 Feb 2013 - "Hacktivists affiliated with the Anonymous collective breached an internal web site of the US Federal Reserve, according to a report from Reuters*. A spokesman for the US central bank said: "The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," adding that the "exposure" was fixed rapidly and "is no longer an issue". The hackers had released a spreadsheet with details of 4000 US bank executives as part of a campaign named "OpLastResort"... but according to a memo sent to members of the Federal Reserve's Emergency Communication System, what had been compromised was mailing address, business phone, mobile phone, business email and fax numbers. The memo said: "Despite claims to the contrary, passwords were not compromised". The Federal Reserve's Emergency Communication System (ECS) is designed to help the Fed estimate how much damage a natural disaster may have done by allowing bank executives to send them updates if their operations have been affected. It appears that the contact information for this system is what was taken and published. The Federal Reserve says that all the individuals affected by the breach have been contacted."
    * http://www.reuters.com/article/2013/...91501920130206
    "... 'Every system is going to have some vulnerability to it. You cannot set up a system that will survive all possible attacks' said Mark Rasch, director of Privacy and security consulting at CSC and a former federal cyber crimes prosecutor. 'You have to defend against every possible vulnerability and the attackers only have to find one way in,' he said."

    Last edited by AplusWebMaster; 2013-02-06 at 21:43.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Facebook hacked ...

    FYI...

    Facebook hacked...
    - http://www.reuters.com/article/2013/...91E16O20130216
    Feb 16, 2013 - "Facebook Inc said on Friday hackers had infiltrated some of its employees' laptops in recent weeks, making the world's No.1 social network the latest victim of a wave of cyber attacks, many of which have been traced to China... Facebook noted in its blog post* that it was not alone in the attack, and that "others were attacked and infiltrated recently as well," although it did not specify who. The Federal Bureau of Investigation declined to comment... In its blog post, Facebook described the attack as a "zero-day" attack, considered to be among the most sophisticated and dangerous types of computer hacks. Zero-day attacks, which are rarely discovered or disclosed by their targets, are costly to launch and often suggest government involvement. While Facebook said no user data was compromised*, the incident could raise consumer concerns about privacy and the vulnerability of personal information stored within the social network... Facebook said it spotted a suspicious file and traced it back to an employee's laptop. After conducting a forensic examination of the laptop, Facebook said it identified a malicious file, then searched company-wide and identified "several other compromised employee laptops". Another person briefed on the matter said the first Facebook employee had been infected via a website where coding strategies were discussed. The company also said it identified a previously unseen attempt to bypass its built-in cyber defenses and that new protections were added on February 1. Because the attack used a third-party website, it might have been an early-stage attempt to penetrate as many companies as possible..."
    * https://www.facebook.com/notes/faceb...51249208250766
    Feb 15, 2013 - "... we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops. After analyzing the compromised website where the attack originated, we found it was using a "zero-day" (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability..."

    - http://arstechnica.com/security/2013...-java-exploit/
    Feb 15, 2013

    Last edited by AplusWebMaster; 2013-02-16 at 14:47.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Hacks inside Apple, too...

    FYI...

    Chinese hacks got inside Apple, too
    - http://www.theatlanticwire.com/techn...ple-too/62294/
    Feb 19, 2013 - "Following a string of disclosures from big tech and media companies that could point to a larger Chinese threat, Apple on Tuesday became the latest to admit that its internal computers had been hacked — and by the same malware malfeasance that got inside Facebook, which, according to Reuters, all trace back to China. An Apple statement, via AllthingsD*, points to the same Java script malware that infected Facebook laptops as being the culprit with the attack on some Macs at Apple:
    * http://allthingsd.com/20130219/apple...ed-by-hackers/
    '... Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network...'
    ... No user information was compromised in the breach, as with the Facebook hack. Also like the Facebook hack, there's no official sign that the tech-company hacks are connected to a larger Chinese cyber-espionage campaign against the U.S. government, its companies, its infrastructure, and many organizations — a campaign that has now been tied to the Chinese People's Liberation Army. But even the most secretive and high-security American technology companies aren't safe, and now everyone's coming clean..."
    > http://www.reuters.com/article/2013/...91I10920130219

    - http://h-online.com/-1806158
    19 Feb 2013

    Facebook, Twitter, Apple hack sprung from iPhone developer forum
    The site, iphonedevsdk .com, could still be hosting exploit attacks.
    - http://arstechnica.com/security/2013...cked-facebook/
    Feb 19, 2013 9:52 pm UTC

    Unusually detailed report links Chinese military to hacks against US
    Chinese intrusions are increasingly targeting critical industrial systems.
    - http://arstechnica.com/security/2013...ks-against-us/
    Feb 19, 2013 9:30 pm UTC

    Dev site behind Apple, Facebook hacks didn't know it was booby-trapped
    iPhoneDevSDK says it wasn't contacted by the companies or law enforcement.
    - http://arstechnica.com/security/2013...booby-trapped/
    Feb 20, 2013

    Last edited by AplusWebMaster; 2013-02-21 at 02:57.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down NBC.com redirects to Exploit kit ...

    FYI...

    NBC.com redirects to Exploit kit ...
    > http://www.malwaredomains.com/?p=3082

    > https://isc.sans.edu/diary.html?storyid=15223
    Last Updated: 2013-02-21 19:36:19 UTC - "... redirecting to malicious websites that contains exploitkit. At this point it seems like most of the pages contains an iframe that is redirecting to the first stage of the RedKit exploit kit... Some of bad iframes public known are:
    hxxp ://www.jaylenosgarage [.]com/trucks/PHP/google.php
    hxxp ://toplineops [.]com/mtnk.html
    hxxp ://jaylenosgarage [.]com
    The Redkit exploit kit will deploy the banking trojan Citadel..."

    - https://www.google.com/safebrowsing/...?site=nbc.com/

    - http://community.websense.com/blogs/...ompromise.aspx

    - http://ddanchev.blogspot.com/2013/02...d-malware.html

    NBC says NBC.com site is now safe to visit
    - http://www.reuters.com/article/2013/...91K1DQ20130221
    Feb 21, 2013 4:54pm EST - "... 'A problem was identified and it has been fixed,' an NBC Universal spokeswoman told Reuters. She declined to elaborate on the nature of the problem... NBC is controlled by Comcast Inc..."
    ___

    Fake Mandiant APT Report Used as Malware Lure
    - https://isc.sans.edu/diary.html?storyid=15226
    Last Updated: 2013-02-21 20:50:39 UTC

    SSHD rootkit in the wild
    - https://isc.sans.edu/diary.html?storyid=15229
    Last Updated: 2013-02-21 21:08:34 UTC

    Last edited by AplusWebMaster; 2013-02-22 at 12:05.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down MS hacked ...

    FYI...

    Attack Traffic Overiew
    - http://www.akamai.com/html/technology/dataviz1.html
    Feb 24, 2013 - 07:43AM est
    89.38% above normal

    - http://www.akamai.com/html/technolog...thodology.html
    "Attack Traffic: Akamai measures attack traffic in real time across the Internet with our diverse network deployments. We collect data on the number of connections that are attempted, the source IP address, the destination IP address and the source and destination ports in real time. The packets captured are generally from automated scanning trojans and worms looking to infect new computers scanning randomly generated IP addresses. The attack traffic depicts the total number of attacks over the last twenty-four hours. Values are measured in attacks per 24 hours (attacks/24hrs). Regions are displayed as countries or states."
    ___

    MS hacked ...
    - https://blogs.technet.com/b/msrc/arc...edirected=true
    22 Feb 2013 - "As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion. Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing. This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries. We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorized access to our networks."
    ___

    Zendesk... breach compromised email addresses
    - https://www.computerworld.com/s/arti...mail_addresses
    Feb 22, 2013 - "... Pinterest and Tumblr was also affected..."

    Last edited by AplusWebMaster; 2013-02-24 at 15:44.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Evernote Security Issue

    FYI...

    Evernote Security Issue
    - https://isc.sans.edu/diary.html?storyid=15313
    Last Updated: 2013-03-02 18:02:10 - "Evernote, a popular app for note taking and archiving, reported that they had a security incident*. As a part of their incident response and operational security monitoring, their staff noted that the compromise had occured and that the attackers were actively attempting to access secured areas of their system. While they did not have evidence of sensitive data being compromised, user profile data (passwords, email addresses and similar) has likely been. In response, they are forcing all user credentials to be changed..."
    * http://evernote.com/corp/news/password_reset.php

    Evernote Forces Password Reset for 50M Users
    - https://krebsonsecurity.com/2013/03/...for-50m-users/
    Mar 2, 2013

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation U.S. NVD infected

    FYI...

    U.S. NVD infected...
    - http://www.theregister.co.uk/2013/03...alogue_hacked/
    14 March 2013 - "The US government's online catalog of cyber-vulnerabilities has been taken offline – ironically, due to a software vulnerability. The National Institute of Standards and Technology's National Vulnerability Database's (NVD) public-facing website and other services have been offline since Friday due to a malware infection on two web servers..."

    > http://nvd.nist.gov/
    "The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available."


    ___

    NVD appears to be restored
    - https://web.nvd.nist.gov/view/vuln/search
    March 15, 2013

    ;-)
    Last edited by AplusWebMaster; 2013-03-15 at 18:35.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Seagate blog malware ...

    FYI...

    Seagate blog malware ...
    - http://nakedsecurity.sophos.com/2013...pache-modules/
    March 14, 2013 - "SophosLabs has been tracking an infection of Mal/Iframe-AL* on Seagate's blog since late February. SophosLabs informed Seagate of the issue back in February, but at the time of writing the site remains infected..."
    * http://www.sophos.com/en-us/threat-c...-analysis.aspx
    "... legitimate sites are compromised by attackers in order to drive user traffic to sites hosting an exploit kit known as Blackhole... A malicious iframe is injected into the page with CSS to render it invisible to the user..."

    Last edited by AplusWebMaster; 2013-03-19 at 14:44.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apache “Darkleech” Compromises ...

    FYI...

    Apache “Darkleech” Compromises ...
    - http://blogs.cisco.com/security/apac...h-compromises/
    Apr 2, 2013 - "Dan Goodin, editor at Ars Technica, has been tracking and compiling info on an elusive series of website compromises that could be impacting tens of thousands of otherwise perfectly legitimate sites. While various researchers have reported various segments of the attacks, until Dan’s article*, no one had connected the dots and linked them all together.
    Dubbed “Darkleech,” thousands of Web servers across the globe running Apache 2.2.2 and above are infected with an SSHD backdoor that allows remote attackers to upload and configure malicious Apache modules. These modules are then used to turn hosted sites into attack sites, dynamically injecting iframes in real-time, only at the moment of visit. Because the iframes are dynamically injected only when the pages are accessed, this makes discovery and remediation particularly difficult. Further, the attackers employ a sophisticated array of conditional criteria to avoid detection:
    - Checking IP addresses and blacklisting security researchers, site owners, and the compromised hosting providers;
    - Checking User Agents to target specific operating systems (to date, Windows systems);
    - Blacklisting search engine spiders;
    - Checking cookies to “wait list” recent visitors;
    - Checking referrer URLs to ensure visitor is coming in via valid search engine results.
    When the iframe is injected on the page, the convention used for the reference link in the injected iframe is IP/hex/q.php. For example:
    129.121.179.168/d42ee14e4af7a0a7b1033b8f8f1eb18a/q.php
    The nature of the compromise coupled with the sophisticated conditional criteria presents several challenges:
    - Website owners/operators will not be able to detect or clean the compromise as (a) it is not actually on their website, and (b) most will not have root-level access to the webserver;
    - Even if website owners/operators suspect the host server may be the source, they would still need to convince the hosting provider, who may discount their report;
    - Even if the hosting provider is responsive, the malicious Apache modules and associated SSHD backdoor may be difficult to ferret out, and the exact method will vary depending on server configuration;
    Since SSHD is compromised, remediation of the attack and preventing further occurrences may require considerable procedural changes that, if not carried out properly, could cause a privilege lockout for valid administrators or be ineffective and lead to continued compromise. The magnitude of the problem becomes clear when one considers how widespread these attacks are. The following chart illustrates the geographic location of infected host servers observed from February 1–March 15, 2013:
    > http://blogs.cisco.com/wp-content/up...ks-550x533.png
    Apache_injection_attacks: For additional info and links to specific remediation advice, see:
    Ongoing malware attack targeting Apache hijacks 20,000 sites
    * http://arstechnica.com/security/2013...s-20000-sites/
    Apr 2, 2013

    - http://h-online.com/-1834311
    3 April 2013

    - https://www.net-security.org/malware_news.php?id=2454
    3 April 2013

    Last edited by AplusWebMaster; 2013-04-03 at 23:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •