Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: Security breach/compromise - 2014

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation eBay to ask users to Change Passwords ...

    FYI...

    eBay to ask users to Change Passwords ...
    - http://www.ebayinc.com/in_the_news/s...ange-passwords
    5.21.2014 - "eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users... Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.
    The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today. The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted. Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts..."

    - http://atlas.arbor.net/briefs/
    High Severity
    May 29, 2014
    Analysis: Attackers were able to access customers' names, email addresses, encrypted passwords, and more. Attackers stole employee credentials to access the corporate network, though eBay has not stated how that was accomplished.
    Source: http://www.forbes.com/sites/jameslyn...ou-need-to-act
    Since confirmation of the data breach, another security flaw has been discovered in eBay's website: a XSS (cross-site scripting) vulnerability could be used to inject attack code and grab cookies from logged-in users.
    Sources: https://cehsecurity.com/ebay-cross-s...g-xssxml-code/
    - http://www.pcworld.com/article/21594...cher-says.html
    eBay users should change their passwords immediately, as well as any websites where the password may have been reused. However, the same password should not be used across different sites, as ramifications of one site's compromise could affect other sensitive user accounts.

    Last edited by AplusWebMaster; 2014-05-30 at 22:55.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Avast forums breached, Spotify unauthorized access ...

    FYI...

    Avast takes down forums after breach hits 400,000 users
    User names, email addresses and hashed passwords were compromised
    - http://www.theinquirer.net/inquirer/...-400-000-users
    May 27 2014

    - https://blog.avast.com/2014/05/26/av...due-to-attack/
    May 26, 2014 - "The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work... We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately. We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.
    Sincerely,
    Vince Steckler
    CEO AVAST Software"

    - http://www.databreaches.net/avast-ta...r-data-breach/
    May 26, 2014
    ___

    Spotify - Important Notice to Our Users
    - http://news.spotify.com/us/2014/05/2...-to-our-users/
    May 27, 2014 Oskar Stål, CTO - "We’ve become aware of some -unauthorized- access to our systems and internal company data and we wanted to let you know the steps we’re taking in response. As soon as we were aware of this issue we immediately launched an investigation. Information security and data protection are of great importance to us at Spotify and that is why I’m posting today. Our evidence shows that only one Spotify user’s data has been accessed and this did not include any password, financial or payment information. We have contacted this one individual. Based on our findings, we are not aware of any increased risk to users as a result of this incident. We take these matters very seriously and as a general precaution will be asking certain Spotify users to re-enter their username and password to log in over the coming days. As an extra safety step, we are going to guide Android app users to upgrade over the next few days**. If Spotify prompts you for an upgrade, please follow the instructions. As always, Spotify does not recommend installing Android applications from anywhere other than Google Play, Amazon Appstore or https://m.spotify.com/. At this time there is no action recommended for iOS and Windows Phone users. Please note that offline playlists will have to be re-downloaded in the new version. We apologise for any inconvenience this causes, but hope you understand that this is a necessary precaution to safeguard the quality of our service and protect our users. We have taken steps to strengthen our security systems in general and help protect you and your data – and we will continue to do so. We will be taking further actions in the coming days to increase security for our users. Please click here* to read more."
    * https://support.spotify.com/problems...android-update

    ** https://play.google.com/store/apps/d...ile.android.ui
    May 28, 2014

    Last edited by AplusWebMaster; 2014-05-29 at 21:40.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SKorea databases hacked ...

    FYI...

    SKorea databases hacked ...
    - https://news.yahoo.com/us-general-sa...074734037.html
    Jun 5, 2014 - "The top U.S. military official in South Korea said a hacking incident might have compromised the personal information of thousands of South Koreans employed by the American command. Gen. Curtis M. Scaparrotti, commander of U.S. Forces in South Korea, apologized Thursday for the "possible theft" from two databases of private details of South Koreans such as names, contact information and work history. About 16,000 current and former workers, almost all of them Korean nationals, and people who have sought jobs with the U.S. military in South Korea, are affected by the incident. The U.S. military said no classified military data was compromised as the databases were on a separate network. South Korean government, broadcasting and finance industry networks have been a frequent target of cyberattacks in the past. Some have been blamed on North Korea, which denies any involvement. Others have been attributed to hackers seeking to profit from data theft... U.S. Forces spokesman Christopher Bush said an investigation by the U.S. Army was underway to determine who was responsible. The U.S. has around 28,500 soldiers in South Korea as a deterrent against the North..."

    - https://www.computerworld.com/s/arti...in_South_Korea
    June 6, 2014

    Last edited by AplusWebMaster; 2014-06-06 at 16:04.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Security incident on forum.eset.com

    FYI...

    Security incident on forum.eset.com
    - https://forum.eset.com/topic/2590-se...-forumesetcom/
    June 5, 2014 - "We have been informed by our third-party forum provider that user login details of ESET Security Forum members have been compromised. At this time we have confirmed that login data (user name/email and hashed forum passwords) have been accessed. We have requested details about the incident from our provider and have launched a full-scale investigation with them. ESET Security Forum has around 2,700 registered users and the only information stored are login details: no financial or other sensitive data are affected. ESET-operated infrastructure and ESET software users were not affected in any way by this incident. We recommend that all ESET Security Forum users change their passwords. Having different passwords for different services is a good practice: if you used your ESET Security Forum password for other services, we recommend that you also change those passwords immediately too... We apologize for any inconvenience.
    ESET Security Forum"

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down CC breach at P.F. Chang ...

    FYI...

    Credit Card Breach at P.F. Chang
    - http://krebsonsecurity.com/2014/06/b...at-p-f-changs/
    June 10, 2014 - "Nationwide chain P.F. Chang’s China Bistro said today that it is investigating claims of a data breach involving credit and debit card data reportedly stolen from restaurant locations nationwide. On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator[dot]so, an underground store best known for selling tens of millions of cards stolen in the Target breach. Several banks contacted by KrebsOnSecurity said they acquired from this new batch multiple cards that were previously issued to customers, and found that all had been used at P.F. Chang’s locations between the beginning of March 2014 and May 19, 2014... Contacted about the banks’ claims, the Scottsdale, Arizona-based restaurant chain said it has not yet been able to confirm a card breach, but that the company “has been in communications with law enforcement authorities and banks to investigate the source”... Banks contacted for this story reported cards apparently stolen from PFC locations in Florida, Maryland, New Jersey, Pennsylvania, Nevada and North Carolina. The new batch of stolen cards, dubbed “Ronald Reagan” by the card shop’s owner, is the first major glut of cards released for sale on the fraud shop since March 2014, when curators of the crime store advertised the sale of some 282,000 cards stolen from nationwide beauty store chain Sally Beauty. The items for sale are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards. Armed with this information, thieves can re-encode the data onto new plastic and then use the counterfeit cards to buy high-priced items at big box stores, goods that can be quickly resold for cash (think iPads and gift cards, for example). The most common way that thieves steal this type of card data is by hacking into cash registers at retail locations and planting malicious software that surreptitiously records mag stripe data when cards are swiped through the machines. The breaches at Target, Neiman Marcus, Michaels and Sally Beauty all were powered by malware that thieves planted on point-of-sale systems..."
    ___

    - http://pfchangs.com/security/
    June 12, 2014 - "On Tuesday, June 10, P.F. Chang's learned of a security compromise that involves credit and debit card data reportedly stolen from some of our restaurants. Immediately, we initiated an investigation with the United States Secret Service and a team of third-party forensics experts to understand the nature and scope of the incident, and while the investigation is still ongoing, we have concluded that data has been compromised. At P.F. Chang's, the safety and security of our guests' payment information is a top priority. Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang's China Bistro branded restaurants located in the continental United States. This ensures our guests can still use their credit and debit cards safely in our restaurants as our investigation continues. We have also established a dedicated public website, pfchangs.com/security, for guests to receive updates and answers to their questions. Because we are still in the preliminary stages of our investigation, we encourage our guests to be vigilant about checking their credit card and bank statements. Any suspected fraudulent activity should be immediately reported to their card company. We sincerely regret the inconvenience and concern this may cause for our guests."

    Last edited by AplusWebMaster; 2014-06-13 at 15:18.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down AskMen site compromised to serve malicious code

    FYI...

    AskMen site compromised to serve malicious code
    - http://community.websense.com/blogs/...ious-code.aspx
    23 Jun 2014 - "... the official website of AskMen (at www .askmen .com ), a popular free online men's web portal, has been compromised and injected with malicious code that appears to be part of a mass-injection attack. According to similarweb.com, AskMen's website has more than 10 million visitors each month. The injected code redirects a user to a website serving exploit code, which subsequently drops malicious files on the victim's computer. Websense Security Labs has contacted the host master of askmen .com with a notification regarding the compromise. No response or acknowledgement has been received so far.
    AskMen's main page as of 23 June 2014:
    > http://community.websense.com/cfs-fi...abs/0574.1.png
    SimilarWeb .com statistics for AskMen:
    > http://community.websense.com/cfs-fi...web_5F00_2.jpg
    ... Analysis: The injected code has been found in multiple locations within the main website as well as in localized versions of it, like au.askmen .com. When a user browses to the main website, the injected code loads automatically and silently redirects the user to a website serving the actual exploit code...
    Java exploit:
    > http://community.websense.com/cfs-fi...abs/6746.8.png
    Nuclear Pack Exploit Kit: The exploit page displays similar obfuscation techniques, which are often used in the Nuclear Pack exploit kit. In addition, the above mentioned Java exploit is most often used by Nuclear Pack. These facts strongly indicate that the attacker is using either the Nuclear Pack exploit kit or a variant of it...
    Conclusion: ... even very popular websites are not immune to malicious code injection attacks. An attack of this scale can potentially infect tens of thousands of unsuspecting users due to the nature of the attack and the high popularity of the website."

    - https://www.computerworld.com/s/arti..._WebSense_says
    June 23, 2014 - "... The domains hosting the exploit code are constantly changing... The injected JavaScript code takes the current date and then uses an algorithm to hash that data, which generates a domain name where the hackers have hosted the exploit kit. A new attack domain is generated every day... the Nuclear Pack tries exploits for either outdated Java or Adobe Systems' Reader software... If the attack is successful, a malicious software called "Caphaw" is installed..."
    ___

    - http://sitecheck.sucuri.net/results/askmen.com
    Status: Site Potentially Harmful. Immediate Action is Required.
    Web Trust: Blacklisted (9 Blacklists Checked) ...
    IP address: 54.209.144.209
    System Details:
    Running on: Apache/2.2.21
    System info: (Unix) PHP/5.3.19
    Powered by: PHP/5.3.19
    Outdated Web Server Apache Found: Apache/2.2.21...

    - https://www.apache.org/dist/httpd/CHANGES_2.2.27
    2014-03-26
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0098 - 5.0
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-6438 - 5.0

    Last edited by AplusWebMaster; 2014-06-25 at 14:39.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Montana state site hacked - over 1 million exposed

    FYI...

    Montana state site hacked - over 1 million exposed
    - http://www.dphhs.mt.gov/newsevents/n...ction%20.shtml
    June 24, 2014 - "State of Montana officials said today that 1.3 million people will be notified regarding the incident where hackers gained entry to a Department of Public Health and Human Services (DPHHS) computer server, though officials said there is no knowledge that information on the server was used inappropriately, or was even accessed. The state is notifying individuals whose personal information was on the server, consistent with state and federal laws. The notification list includes both current and former Montana residents, and in some instances, the estates of deceased individuals. Officials announced that the state is also notifying individuals of free credit monitoring and identity protection insurance... On May 22nd, an independent forensic investigation determined a DPHHS computer server had been hacked. The forensic investigation was ordered on May 15th when suspicious activity was first detected by DPHHS officials. When the suspicious activity was discovered, agency officials immediately shut down the server and contacted law enforcement... The state has taken several steps to further strengthen security, including safely restoring all systems affected, adding additional security software to better protect sensitive information on existing servers, and continually reviewing its security practices to ensure all appropriate measures are being taken to protect citizen information."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down AskMen .com compromised again

    FYI...

    AskMen .com compromised again
    - http://blog.malwarebytes.org/exploit...romised-again/
    July 18, 2014 - "Last month, security firm Websense reported that popular website AskMen .com was compromised to serve malicious code. Today, our honeypot captured an attack coming from AskMen .com in what appears to have been malicious code injected in their server... an iframe (injection)... is what is used to do a -redirection- to a malicious site... a landing page for the Nuclear EK:
    - Flash exploit: https://www.virustotal.com/en/file/9...d0fa/analysis/
    - PDF exploit: https://www.virustotal.com/en/file/0...is/1405699036/
    - Java exploit: https://www.virustotal.com/en/file/0...3239/analysis/
    Finally the following payload is dropped and executed:
    - https://www.virustotal.com/en/file/d...is/1405699015/
    ... Our free Malwarebytes Anti-Exploit* blocked this threat:
    > http://cdn.blog.malwarebytes.org/wp-...07/blocked.png
    We notified AskMen .com and they promptly replied that they were looking into the matter immediately..."
    (More detail at the first malwarebytes URL of this post.)
    * http://www.malwarebytes.org/antiexploit/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down ECB website hacked...

    FYI...

    ECB says website hacked, no sensitive data affected
    - http://www.reuters.com/article/2014/...0FT1D620140724
    July 24, 2014 - "The European Central Bank said on Thursday its website had been hacked and some email addresses and other contact information stolen but insisted no market-sensitive data were affected. The theft came to light after the central bank received an anonymous email on Monday night demanding money in exchange for the stolen addresses. The hackers broke into a database storing details of people who had registered for ECB conferences, visits and other events, the bank said. That database, which held about 20,000 email addresses and a much smaller number postal addresses and phone numbers, was kept physically separate from internal systems, it added. "No internal systems or market sensitive data were compromised," the ECB said in a statement. The ECB is currently running a particularly sensitive review of the euro zone's top lenders, collecting streams of data to gauge whether banks have valued loans and other assets correctly, before it starts supervising them. German police were investigating the breach and all people who might have had their details stolen had been contacted, said the bank."
    - https://www.ecb.europa.eu/press/pr/d...140724.en.html
    24 July 2014
    ___

    Philippine gov't site infected with Spam Code
    - http://blog.malwarebytes.org/hacking...ith-spam-code/
    July 24, 2014 - "An online security repository of bad links [1] has recently flagged the official website of the Department of Agriculture* (Kagawaran ng Pagsasaka), which is owned and maintained by the Philippine government, as harbouring malware.
    * http://cdn.blog.malwarebytes.org/wp-...2014/07/DA.png
    We have determined that six pages, including the default page, have been injected with a Blackhat SEO spam code. Below is a list of other infected pages:
    “Contact Us” page
    “Advisory Banner” page
    “About Us” page
    Department Mission/Vision page
    History of DA page
    Below is a screenshot of the code we found:
    > http://cdn.blog.malwarebytes.org/wp-...-spam-code.png
    ... visiting the above infected pages will not get you infected; however, you will be contributing to the increase of the page rank of the gambling-related URL we can see in the code. We have reason to believe that the DA site has been hacked because of the presence of the injected code. Readers are advised to avoid accessing the website entirely until the administrators are able to remove the code and make sure that it’s safe to visit. Malwarebytes has already reported the infection to the DA."
    1] https://www.virustotal.com/en-gb/url...is/1406113101/

    Last edited by AplusWebMaster; 2014-07-25 at 15:26.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SocialBlade .com compromised

    FYI...

    SocialBlade .com compromised - redirection chain to Nuclear Pack exploit kit
    - http://blog.malwarebytes.org/exploit...k-exploit-kit/
    July 29, 2014 - "... the YouTube stats tracker site SocialBlade .com is connected with malicious redirections that also lead to the Nuclear Pack EK.
    > http://cdn.blog.malwarebytes.org/wp-...cialblade2.png
    The drive-by download which was detected by our honeypots is successfully blocked by Malwarebytes Anti-Exploit. According to site tracker SimilarWeb, SocialBlade .com has a global rank of 5,791 and had around 3.6 million visits last month... Typically we’d see an iframe and we would be able to search for it by its string. This was not the case here, so we had to manually inspect each web session and external references. The intruder was in a core JavaScript file... the JavaScript code writes the iframe and launches the redirection workflow... Java exploit (CVE-2013-2465?):
    hxxp ://50d88d1ad05y.correctzoom .uni.me/1406197380.jar
    VT (4/52*)* https://www.virustotal.com/en/file/f...is/1406296526/
    Internet Explorer exploit (CVE ?):
    hxxp ://50d88d1ad05y.correctzoom .uni.me/1406197380.htm
    VT (0/53**)
    ** https://www.virustotal.com/en/file/7...e651/analysis/
    Payload:
    hxxp ://50d88d1ad05y.correctzoom .uni.me/f/1406197380/7
    VT (17/52***)
    *** https://www.virustotal.com/en/file/d...is/1406311279/
    ... most likely leads to ad-fraud related malware (clickjacking etc.). We have notified the owners of SocialBlade .com so they can fix the issue ASAP and prevent unnecessary malware infections..."

    uni .me: 192.95.12.33: https://www.virustotal.com/en-gb/ip-...3/information/

    - https://www.google.com/safebrowsing/...?site=AS:16276

    Last edited by AplusWebMaster; 2014-07-30 at 03:37.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •