Google's Malaysia site latest to be felled in DNS attacks
Google's website for Malaysia was briefly tampered with on Friday, underscoring continuing weaknesses in entities administering crucial website address database records.
The site, "google.com.my," was functioning normally later on Friday, but had briefly displayed a page put in place by the hackers.
A group calling itself "Team Madleets" claimed responsibility for the hack on Facebook. According to the group's Facebook page, it claimed to have modified Google domains for Serbia, Kenya, Burundi and Pakistan over the last few weeks.
The country-code top level domain ".my" is administered by the Malaysia Network Information Center (MYNIC). An official contacted Friday morning said the organization was investigating a DNS (Domain Name System) attack. It wasn't immediately clear how the group performed the attack.
The DNS is a distributed database that allows a domain name to be translated into an IP address that can be requested by a Web browser. Companies and organizations that hold those records have come under attack by hackers in recent weeks.
Attackers have found success in capturing login credentials for people authorized to modified the records through targeted email attacks known as spear phishing.
If a DNS record is modified, it can cause a person looking for a website to be redirected to a different one controlled by the hacker. That's dangerous because the site a person is redirected to could be engineered to attack a person's computer and deliver malicious software.
Team Madleets describes itself as an ethical hacking group on its Facebook page. In a post, it said the MYNIC hack was not the "result of any kind of hate."
Google did not immediately comment on the attack.
Top-level domains such as ".com" and country-code top level domains are held by a variety of companies and organizations. The security of those records is managed by those companies and is often mostly out of the control of the entities whose DNS records they hold.
A string of prominent companies have been affected by DNS hacks recently, including the New York Times, Huffington Post, Twitter and LeaseWeb.
Earlier this week, a pro-Palestinian group gained entry to Network Solutions' network and modified DNS records for the website of the security companies AVG and Avira; the messaging platform WhatsApp; RedTube, a pornography site; and Alexa, a Web metrics company.
View the original article here
Friday, October 11, 2013
Adobe's source code was parked on hackers' unprotected server
Adobe's source code was parked on hackers' unprotected server
The files were encrypted but still sitting on an open Web server, security expert says
By Jeremy Kirk, IDG News Service | Data Protection
Hackers capitalize on other people's mistakes. But they make their own as well.
Case in point: A massive breach of Adobe Systems' network was discovered after the source code of numerous products, including the Web application development platform ColdFusion, sat parked on a hacker's unprotected Web server open to the Internet.
The breach, which also encompassed 2.9 million encrypted customer credit card records, was announced by Adobe on Oct. 3. Adobe had already been investigating a breach when Alex Holden, chief information security officer of Hold Security, independently found what turned out to be the company's source code on a hacking gang's server.
Adobe's source code "was hidden, but it was not cleverly hidden," Holden said.
Perusing the directory of the server, Holden found a directory with the abbreviation "ad." It was filled with "interesting" file names, Holden said, including encrypted ."rar" and ".zip" files.
It's not clear if the files were stolen from Adobe in an encrypted format or if the hackers encrypted the files and then uploaded them to their server, Holden said. In either case, Adobe confirmed it was indeed source code.
Source code could make it easier for hackers to find vulnerabilities in Adobe's products, Holden said. But so far, no new zero-day vulnerabilities -- the term for a vulnerability that is already being exploited but doesn't have a patch -- have surfaced in the last couple of months since the source code was taken, Holden said. So far, the source code has not been publicly released.
In an Oct. 3 10-Q filing with the U.S. Securities and Exchange Commission, Adobe acknowledged the breach, but said it did "not believe that the attacks will have a material adverse impact on our business."
But Adobe wrote later in the filing that its efforts to fight cyberattacks "may not be successful" and cause the loss of customers, incur potential liability and cost the company money.
The server had already attracted interest prior to the Adobe find. It was being used as a repository for stolen data by a gang that also broke into the networks of data aggregators LexisNexis, Dunn & Bradstreet and Kroll Background America, as reported by security analyst and journalist Brian Krebs.
The Russian-speaking gang -- which doesn't have a name yet -- is still active. And there's more to come.
View the original article here
The files were encrypted but still sitting on an open Web server, security expert says
By Jeremy Kirk, IDG News Service | Data Protection
Hackers capitalize on other people's mistakes. But they make their own as well.
Case in point: A massive breach of Adobe Systems' network was discovered after the source code of numerous products, including the Web application development platform ColdFusion, sat parked on a hacker's unprotected Web server open to the Internet.
The breach, which also encompassed 2.9 million encrypted customer credit card records, was announced by Adobe on Oct. 3. Adobe had already been investigating a breach when Alex Holden, chief information security officer of Hold Security, independently found what turned out to be the company's source code on a hacking gang's server.
Adobe's source code "was hidden, but it was not cleverly hidden," Holden said.
Perusing the directory of the server, Holden found a directory with the abbreviation "ad." It was filled with "interesting" file names, Holden said, including encrypted ."rar" and ".zip" files.
It's not clear if the files were stolen from Adobe in an encrypted format or if the hackers encrypted the files and then uploaded them to their server, Holden said. In either case, Adobe confirmed it was indeed source code.
Source code could make it easier for hackers to find vulnerabilities in Adobe's products, Holden said. But so far, no new zero-day vulnerabilities -- the term for a vulnerability that is already being exploited but doesn't have a patch -- have surfaced in the last couple of months since the source code was taken, Holden said. So far, the source code has not been publicly released.
In an Oct. 3 10-Q filing with the U.S. Securities and Exchange Commission, Adobe acknowledged the breach, but said it did "not believe that the attacks will have a material adverse impact on our business."
But Adobe wrote later in the filing that its efforts to fight cyberattacks "may not be successful" and cause the loss of customers, incur potential liability and cost the company money.
The server had already attracted interest prior to the Adobe find. It was being used as a repository for stolen data by a gang that also broke into the networks of data aggregators LexisNexis, Dunn & Bradstreet and Kroll Background America, as reported by security analyst and journalist Brian Krebs.
The Russian-speaking gang -- which doesn't have a name yet -- is still active. And there's more to come.
View the original article here
Subscribe to:
Posts (Atom)