Posts Tagged ‘hack’
Wednesday, October 30, 2013 @ 03:10 PM gHale
The attack against Adobe earlier this month was larger than the company originally let on.
As the investigation started up, indications showed attackers made off earlier this month with personal, account, and encrypted financial information of nearly 3 million Adobe customers, as well as the source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products.
But the latest report by security journalist Brian Krebs shows a copy of a file containing Adobe user account that he and researcher Alex Holden discovered on the attackers’ server linked to AnonNews.org over the weekend, and was discovered to contain more than 150 million user names and corresponding hashed passwords.
Adobe said of that number only 38 million pairs belong to active users, and the company got in touch with them and immediately informed them of the theft and requested they change their passwords. Whether the attackers have misused that information is still unknown, but Adobe has reset the passwords for all Adobe IDs with valid, encrypted passwords they believe ended up involved in the incident, regardless of whether those users are active or not.
Krebs and Holden found another file linked to AnonNews.org this weekend from the attackers’ servers, but they were unable to crack the encryption. One published version of the files contained source code for Adobe’s Photoshop software.
Adobe confirmed “a portion of Photoshop source code was accessed by the attackers as part of the incident Adobe publicly disclosed on Oct. 3.” They have asked the site hosting the file (to which AnonNews.org linked to) to take down the files and the site administrators agreed to the request.
Tuesday, October 8, 2013 @ 04:10 PM gHale
Two antivirus firms and one mobile messaging service had their websites attacked by Palestinian hackers of KDSM Team.
The defaced websites include AVG, Avira and WhatsApp. Avira officials confirmed they suffered a DNS hijacking.
“It appears that several websites of Avira as well as other companies have been compromised by a group called KDMS. The websites of Avira have not been hacked, the attack happened at our Internet Service Provider (ISP) ‘Network Solutions’,” Avira Security Expert and Product Manager Sorin Mustaca said.
Mustaca said the DNS records of the websites changed to point to arbitrary domains.
“It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request not being initiated by anyone at Avira,” Mustaca said.
“Network Solutions appears to have honored this request and allowed a 3rd party to assume control of our DNS. Using the new credentials the cybercriminals have been able to change the entries to point to their DNS servers,” he said.
Avira went on to say their internal networks did not suffer compromise. Until all DNS entries are back in their possession, the company has shut down all external services.
“We are working with the ISP to receive control on the domain name and only when we have solved the problem we will restore the access to the Avira services. At this point we are not aware of any effect to our customers,” Mustaca said.
Tuesday, May 14, 2013 @ 04:05 PM gHale
Domain registrar Name.com suffered a data breach and is making sure its customers are resetting their passwords.
The Denver-based firm discovered a breach and possible intruder access to customer account information such as encrypted credentials, credit card numbers and customer email addresses.
“It appears that the security breach was motivated by an attempt to gain information on a single, large commercial account at Name.com,” the company email said.
Name.com told its customers it uses strong encryption to store payment card data and the encryption keys required to access that data did not suffer compromise. EPP codes required for domain transfers were not lost in the breach, as in the case with the keys, they ended up stored separately from the compromised data.
“We take the matter very seriously,” the email said. “We’ve already implemented additional security measures and will continue to work diligently to protect the safety and security of your personal information.”
Name.com said on its Twitter feed it was staggering the release of notifications to customers and information about password resets.
The company is taking some heat because it is asking its users to click on an email link in order to proceed with a password reset. This is the same tactic a phishing email would use. Name.com does remind its users if they use their passwords on other sites, to change those too.
Webhosting.info said Name.com is the 27th largest registrar by total domains with 498,035; Go Daddy is the leader with more than 25 million domains and 32 percent market share.
This is the second large password breach in the last two weeks. On April 28, daily deal site LivingSocial suffered an attack and hackers accessed user names, email addresses and encrypted passwords. The company suggested more than 50 million users should change their passwords. LivingSocial said hackers did not gain access to credit card data.
Sunday, October 14, 2012 @ 01:10 PM gHale
By Gregory Hale
Technology is vital and so are policies and procedures, but the true backbone behind a solid cyber security profile is the people making sure everything is running as scheduled.
“People are the most important factor in security,” said Paul Forney, chief technologist at Invensys’ R&D security team during Invensys Operations Management’s User Group Series in Anaheim, CA, Thursday. “It takes people. If you don’t change the culture; it is the most important thing. You have policies and procedures; you have technology, but you need the people.”
There are three pillars to ensure true cyber security and they all carry a percentage of importance, Forney said. They are people at 65 percent, policies and procedures at 15 percent and technology at 20 percent.
“It is all about the ROI all wrapped around operational excellence,” Forney said. “Somebody can come in and hack you; it is all about operational excellence. There are some smart hackers out there and if there is one little hole in a firewall, they will find it and exploit it. You can’t put in a solution and then walk away. Security is something you start and keep going. ”
Even in today’s environment where a new attack is just around the corner, there are some organizations that just don’t want to move forward with a comprehensive security program.
“Industrial environments are dangerous; there is some powerful stuff that can happen at a plant,” Forney said. “People say they are air gapped, but 99.9 percent of control systems are connected to the business system, which is connected to the Internet.”
An attacker, he said, has three challenges:
• Gain access to the control system LAN
• Through discovery, gain understanding of the process
• Gain control of the process
Obviously, the security professional’s goal is to hold the attackers at bay and ensure the system stays up and running. But the attack vectors are ever increasing with so many potential types of assaults.
Cyber warfare is just one newer attack, with individual countries firing cyber shots across each others’ bows.
“We now have the Army, Air Force, Navy and Cyber Ninjas,” Forney said.
In addition to cyber warfare, there are plenty of threats out there facing manufacturers from terrorism, disgruntled employees, to extortion and stealing private company assets.
While those issues are very similar to the woes IT professionals deal with on the business enterprise, those looking over the industrial control systems (ICS) need to keep a sharp eye out because the consequences can be much greater.
“We are exposed to the same issues IT has, but we do have different needs,” Forney said. “We don’t use all of IT’s best practices because we do have different needs, like our end points are machines. In the IT world, if there is a problem you lose something on your hard drive. In ICS, you have people hurt. Security has to have specialized equipment, but it can’t slow down the process.”
Forney then showed some objectives security professionals should watch for:
• Prevent unauthorized changes to values in a controller, PLC
• Prevent misrepresentation of process values on the HMI
• Reduce the possibility of a production slowdown due to ICS software
• Protect integrity of process
• Prevent loss of genealogy
• Provide availability and safety
One of the most important things — if not the most important — a security professional should do is to clamp down the network and understand what programs you should run and then turn off everything else, Forney said. No unnecessary programs.
He then added some best ICS practices:
• Maintain the latest patches
• Test every patch
• Always use current antivirus definitions
• Verify update was successfully installed
• Update authorized application software
• Enable network antivirus intrusion protection system
• Enable system policies on all capable network appliances
One other item is to not use or limit the usage of USB devices, unless they have undergone a scanning process that ensures they are virus free. Also, designate a specific machine to use the USB device.
“You should know about everything on your network,” Forney said.
Wednesday, September 5, 2012 @ 10:09 AM gHale
Sony seems to have fallen into the grips of a group of hackers as they said they took control of eight Sony servers because of the firm’s lax security.
The group called Null Crew made the claim on Twitter and via a Pastebin release.
The release shows a list of usernames and passwords that apparently relate to Sonymobile.com, and a message to Sony that accuses the firm of not having strong enough security credentials. This is not the first time that Sony suffered a hack attack.
“Sony, we are dearly dissapointed in your security. This is just one of eight sony servers that we hve control of. Maybe, just maybe considering IP addresses are available,” said a message posted to Pastebin.
“Maybe, just maybe it’s the fact that not even your customers can trust you. Or maybe, just maybe the fact that you can not do anything correct technologically.”
A heavy hack attack earlier saw 77 million users’ details exposed and lead to Sony shutting down a range of its networks.
Null Crew said it had access to a range of other websites too, and on Twitter said it had attacked Cambodian government websites in retaliation over the arrest of one of The Pirate Bay’s cofounders.
Tuesday, August 14, 2012 @ 06:08 AM gHale
Blizzard’s internal network suffered a breach, but the “unauthorized and illegal access” is now closed off, and an investigation started.
While Blizzard is not a manufacturing automation company, it is just another example of attackers targeting a specific company and then getting into a system and attempting to garner as much information as possible. This time, it seems the company was able to catch the foes before losing too much data.
“Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China,” said Blizzard’s Chief Executive Mike Morhaime. “For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.”
Cryptographically scrambled versions of Battle.net passwords for players on North American servers also ended up stolen, so players should change their password.
They will also get a prompt to change their secret questions and answers, as well as to update the software for the Battle.net authentication if they use one.
Wednesday, April 25, 2012 @ 11:04 PM gHale
Nissan Motor Co.’s information systems suffered from a hack attack.
So far, the company doesn’t know who the hackers were, or where they struck from and it’s unclear what data suffered a compromise.
Nissan believes the hackers were looking for intellectual property related to its EV drivetrains.
Nissan maintains it quickly secured its system and issued a statement alerting customers and employees its data systems suffered a breach. Nissan said they discovered the infiltration April 13.
Nissan issued a statement, saying:
“We have detected an intrusion into our company’s global information systems network.
“On April 13, 2012, our information security team confirmed the presence of a computer virus on our network and immediately took aggressive actions to protect the company’s systems and data. This included actions to protect information related to customers, employees and other partners worldwide. This incident initially involved the malicious placement of malware within our IS network, which then allowed transfer from a data store, housing employee user account credentials.
“As a result of our swift and deliberate actions we believe that our systems are secure and that no customer, employee or program data has been compromised. However, we believe that user IDs and hashed passwords were transmitted. We have no indication that any personal information and emails have been compromised. Regardless, we are continuing to take appropriate precautionary measures.
“Due to the ever-evolving sophistication and tenacity of hackers targeting corporations and governments on a daily basis, we continue to vigilantly maintain our protection and detection systems and related countermeasures to keep ahead of emerging threats. Our focus remains on safeguarding the integrity of employee, consumer and corporate information.”
Nissan said it opted to keep the hack secret for the last 10 days until it had a better idea what was going on, a spokesman said.
Monday, March 12, 2012 @ 02:03 PM gHale
First Chrome was a victim, and then the hackers went on to Internet Explorer.
That is what happened with a team of vulnerability researchers from French firm VUPEN hacked into Microsoft’s Internet Explorer 9 on a fully patched Windows 7 SP1 machine at the CanSecWest security conference in Vancouver. VUPEN researchers were also responsible for taking down the Google Chrome browser.
They managed to bypass the browser’s DEP and ASLR protection with a zero day heap overflow vulnerability, and then used a separate memory corruption bug to break out of its Protected Mode, which is effectively a sandbox.
Those particular flaws have existed in previous incarnations of the browser — all the way back to IE 6 — and will very likely work on the upcoming IE 10, said VUPEN founder Chaouki Bekrar.
He said it took two of their researchers six weeks of full-time work to develop an exploit for the browser. “When you have to combine many vulnerabilities and bypass all these protections, it takes a longer time,” he said.
He also said the memory corruption bug they used is only one of the many vulnerabilities they found that can break out of IE’s Protected Mode. He did say, though, the new IE 10 will be much harder to break into, as Microsoft has added new protection mechanisms.
Microsoft will get its hands only on the information regarding the heap overflow bug. “We will keep the Protected Mode bypass private for our customers,” Bekrar said.