Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 41

Thread: Security breach/compromise - 2013

  1. #21
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Hetzner hacked, customer data copied

    FYI...

    Hetzner web hosting service hacked, customer data copied
    - http://h-online.com/-1884574
    7 June 2013 - "Web hosting service Hetzner has fallen victim to an attack during which hackers managed to harvest customer data. Among other things, the intruders had access to password hashes and customers' payment information. Apparently, a previously unknown server rootkit was used for the attack. In an email sent to customers on Thursday afternoon, the company said that unknown intruders had compromised several Hetzner systems. Apparently, the incident was discovered at the end of last week... although this data is encrypted asymmetrically, it can't be ruled out at this point that the private crypto keys that are required for decryption were copied as well. The attackers were also able to access customers' credit card data (the last three digits of credit card numbers, the expiry date and the card type) as well as salted SHA256 password hashes... current information suggests that the manipulated Apache instances were not used to deploy malware. It remains unclear who is behind the attack. How the hackers intruded into the server has yet to be established as well. The hosting company said that the German Federal Criminal Police Office (BKA) has been informed."

    Last edited by AplusWebMaster; 2013-06-07 at 18:56.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #22
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Facebook - potential leak of User Data

    FYI...

    Facebook - potential leak of User Data
    - https://isc.sans.edu/diary.html?storyid=16043
    Last Updated: 2013-06-22 - "Facebook recently received a report that may have allowed some user information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them. Based on their analysis, they estimate that approximately 6 million users had their email addresses or telephone numbers shared. However, they don't have any evidence this bug was exploited because they have not received any user complaints or seen strange activity related to this bug. The complete Facebook message to users is posted here*..."
    * https://www.facebook.com/notes/faceb...51437074840766

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #23
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Mass-login attack hijacks accounts ...

    FYI...

    Mass-login attack hijacks accounts...
    - http://arstechnica.com/security/2013...4000-accounts/
    July 8 2013 - "Almost 24,000 user accounts on Nintendo's main fan site have been hijacked in a sustained mass-login attack that began early last month, the company said. The wave of attacks on Club Nintendo exposed personal information associated with 23,926 compromised accounts, including users' real names, addresses, phone numbers and e-mail addresses, according to a press release Nintendo issued over the weekend. The campaign began on June 9 and attempted more than 15.5 million logins over the following month. Attackers likely relied on a list of login credentials taken from a site unrelated to Nintendo. Club Nintendo offers rewards to Nintendo customers in exchange for having them register their products, answer surveys, and provide personal data. The site operates internationally and has about four million users in Japan, the primary region of most affected users. Things came to a head on July 2, when the wave of logins crested. By Friday, July 5, Nintendo had reset passwords on the site. "There were scattered illicit attempts to log in since June 9, but we became aware of the issue after the mass attempts on July 2," company spokesman Yasuhiro Minagawa told IDG News.
    Other game companies recently hit by security problems include Ubisoft, which last week warned that customer user names, e-mail addresses and cryptographically hashed passwords were illegally accessed from an account database that had been breached. More recently, the alpha launch of a new indie game called Cube World has been reportedly disrupted by denial-of-service attacks."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #24
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation NL Registrar compromise

    FYI...

    .NL Registrar compromise
    - https://isc.sans.edu/diary.html?storyid=16138
    Last Updated: 2013-07-10 20:00:51 UTC - "Based on a note on the website of SIDN [1], an SQL injection vulnerability was used to compromise the site and place malicious files in the document root. SIDN is the registrar for the .NL country level domain (Netherlands). As a result of the breach, updates to the zone file are suspended. There is no word as to any affects to the zone files, or if the attackers where able to manipulate them."

    1] Precautionary action taken to ensure security
    * https://www.sidn.nl/en/news/news/art...len-genomen-2/
    10 July 2013 - "On Tuesday, it came to light that malicious files were present on a number of SIDN websites – files that should not have been there. In order to prevent abuse, SIDN immediately took a number of precautionary measures: the DRS web application was shut down and zone file publication was temporarily suspended. As a result of our precautionary action, some areas of the website that registrars use to download registrarship-related data have been unavailable since Tuesday evening. We believe that the attack began with an SQL injection on the website 25jaarvan .nl. That site is therefore inaccessible for the time being. The precise nature of the vulnerability is currently being investigated. Further information about the security alert will continue to be made available on the site you are now viewing*."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #25
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Tumblr critical security update ...

    FYI...

    Tumblr critical security update ...
    - http://staff.tumblr.com/post/5564837...one-ipad-users
    July 16, 2013 - "We have just released a very important security update for our iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances¹. Please download the update now*. If you’ve been using these apps, you should also update your password on Tumblr and anywhere else you may have been using the same password... Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience."
    ¹ "Sniffed" in transit on certain versions of the app

    * https://itunes.apple.com/us/app/tumblr/id305343404?mt=8
    ___

    - https://secunia.com/advisories/54205/
    Release Date: 2013-07-18
    Where: From remote
    Impact: Exposure of sensitive information
    ... security issue is reported in versions prior to 3.4.1.
    Solution: Update to version 3.4.1.
    Original Advisory:
    http://staff.tumblr.com/post/5564837...one-ipad-users
    https://itunes.apple.com/us/app/tumblr/id305343404?mt=8

    Last edited by AplusWebMaster; 2013-07-18 at 14:41.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #26
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Network Solutions Outage...

    FYI...

    Network Solutions Outage...
    - https://isc.sans.edu/diary.html?storyid=16180
    Last Updated: 2013-07-17 15:28:23 UTC - "Network Solutions appears to be experiencing an extended outage. Based on a note posted to Facebook, the note indicates that the outage may be related to a larger compromise of customer sites.
    "Network Solutions is experiencing a Distributed Denial of Service (DDOS) attack that is impacting our customers as well as the Network Solutions site. Our technology team is working to mitigate the situation... check back for updates." *
    The referenced blog website is currently responding slowly as well (it redirects to a networksolutions.com site, which may be affected by the overall outage of "networksolutions.com" ). After a couple minutes, the blog post loaded for me...
    "On July 15, some Network Solutions customer sites were compromised. We are investigating the cause of this situation, but our immediate priority is restoring the sites as quickly as possible. If your site has been impacted and you have questions, please call us at 1-866-391-4357."
    Various web sites hosting DNS with Network Solutions appear to be down as well as a result. The outage appears to be diminishing over the last 15-30 min or so (4pm GMT) with some affected sites returning back to normal. This outage comes about 3-4 weeks after the bad DDoS mitigation incident that redirected a large number of Network Solution Hosted sites to an IP in Korea**..."

    - http://blogs.cisco.com/security/netw...ises-and-ddos/
    July 17, 2013 10:03 am PST

    * https://www.networksolutions.com/blo...A1D38E0000V100
    July 16, 2013

    ** http://blogs.cisco.com/security/hija...ork-solutions/
    June 20, 2013

    Last edited by AplusWebMaster; 2013-07-18 at 02:15.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #27
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Ubuntu Forums - Security Breach

    FYI...

    Ubuntu Forums - Security Breach
    - https://isc.sans.edu/diary.html?storyid=16201
    Last Updated: 2013-07-21 15:28:48 UTC - "Ubuntu forums are currently down because they have been breached. According to their post, "the attackers have gotten -every- user's local username, password, and email address from the Ubuntu Forums database."* They have advised their users that if they are using the same password with other services, to change their password immediately. Other services such as Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected. Their current announcement is can be read here*."
    * http://ubuntuforums.org/announce.html

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #28
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Apple Developer site Breach

    FYI...

    Apple Developer site Breach
    - https://isc.sans.edu/diary.html?storyid=16210
    Last Updated: 2013-07-22 10:24:34 UTC - "Apple closed access to it's developer site after learning that it had been compromised and developers personal information had been breached [1]. In the notice posted to the site, Apple explained that some developers personal information like name, e-mail address and mailing address may have been accessed. The note does not mention passwords, or if password hashes were accessed. One threat often forgotten in these breaches is phishing. If an attacker has access to some personal information associated with a site, it is fairly easy to craft a reasonably convincing phishing e-mail using the fact that the site was breached to trick users to reset their password. These e-mail may be more convincing if they include the user's user name, real name or mailing address as stored with the site. A video on YouTube claims to show records obtained in the compromise [2] . The video states that 100,000 accounts were accessed to make Apple aware of the vulnerability in its site and that the data will be deleted."

    [1] http://devimages.apple.com/maintenance/
    [2] http://www.youtube.com/watch?v=q000_EOWy80

    - https://www.sans.org/newsletters/new...ssue=59#sID300
    July 25, 2013
    ___

    - https://developer.apple.com/support/system-status/
    Jul 29 2013 - Updated 5:13 AM PDT

    Last edited by AplusWebMaster; 2013-07-29 at 15:20.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #29
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down OVH hacked ...

    FYI...

    OVH hacked ...
    - http://blog.dynamoo.com/2013/07/ovh-hacked.html
    22 July 2013 - "A bad thing to happen, but kudos to OVH for being transparent about this issue* ...":
    * http://status.ovh.net/?do=details&id=5070
    "... A few days ago, we discovered that the security of our internal network at our offices in Roubaix had been compromised. After internal investigations, it appeared that a hacker was able to obtain access to an email account of one of our system administrators. With this email access, they was able to gain access to the internal VPN of another employee. Then with this VPN access, they was able to compromise the access of one of the system administrators who handles the the internal backoffice...
    Immediately following this hack, we changed the internal security rules:
    - Passwords of all employees were regenerated for all types of access.
    - We set up a new VPN in a secure PCI-DSS room with highly restricted access
    - Consulting internal emails is now only possible from the office / VPN
    - All those who have critical access now have 3 verification levels:
    - Ip source
    - Password
    - Staff's USB security token (YubiKey)...
    The European customer database includes personal customer information such as: surname, first name, nic, address, city, country, telephone, fax and encrypted password.
    The encryption password is "Salted" and based on SHA-512, to avoid brute-force attacks. It takes a lot of technical means to find the word password clearly. But it is possible. This is why we advise you to change the password for your user name. An email will be sent today to all our customers explaining these security measures and inviting them to change their password.
    No credit card information is stored at OVH. Credit card information was not viewed or copied...
    Overall, in the coming months the back office will be under PCI-DSS which will allow us to ensure that the incident related to a specific hack on specific individuals will have no impact on our databases...
    We also filed a criminal complaint about this to the judicial authorities. In order not to disrupt the work of investigators, we will not give other details before the final conclusions..."


    - https://en.wikipedia.org/wiki/OVH
    "OVH is a privately owned web hosting service company in France that provides dedicated servers, mutual hosting, domain names and VOIP telephony services..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #30
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation SERT Q2-2013 Threat Report

    FYI...

    SERT Q2-2013 Threat Report
    - http://www.darkreading.com/vulnerabi...ndly=this-page
    Jul 23, 2013 - "... In addition to OpUSA and PRISM investigations, the SERT Q2 Threat Report summarizes the significant increase in malicious Domain Name System (DNS) requests and denial of service (DoS) activity...
    Key Findings:
    · 73% of sites -compromised- during OpUSA were hosted on Microsoft IIS web servers
    · 17% of the compromised OpUSA targets hosted on Microsoft IIS platforms are running IIS versions 5.0 and 5.1, which are over 10 years old and no longer supported by Microsoft
    · 68% of sites compromised by OpUSA attacks were hosted -outside- of the United States
    · Increased -malicious- DNS-request traffic was observed originating from global sources
    · NSA PRISM has heightened concerns about privacy and data access by the United States Government ..."
    * http://www.solutionary.com/research/...eport-q2-2013/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •