39 replies to this topic

[AplusWebMaster]

FYI...

Avast takes down forums after breach hits 400,000 users
User names, email addresses and hashed passwords were compromised
- http://www.theinquir...s-400-000-users
May 27 2014

- https://blog.avast.c...-due-to-attack/
May 26, 2014 - "The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work... We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately. We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.
Sincerely,
Vince Steckler
CEO AVAST Software"

- http://www.databreac...er-data-breach/
May 26, 2014
___

Spotify - Important Notice to Our Users
- http://news.spotify....e-to-our-users/
May 27, 2014 Oskar Stål, CTO - "We’ve become aware of some -unauthorized- access to our systems and internal company data and we wanted to let you know the steps we’re taking in response. As soon as we were aware of this issue we immediately launched an investigation. Information security and data protection are of great importance to us at Spotify and that is why I’m posting today. Our evidence shows that only one Spotify user’s data has been accessed and this did not include any password, financial or payment information. We have contacted this one individual. Based on our findings, we are not aware of any increased risk to users as a result of this incident. We take these matters very seriously and as a general precaution will be asking certain Spotify users to re-enter their username and password to log in over the coming days. As an extra safety step, we are going to guide Android app users to upgrade over the next few days**. If Spotify prompts you for an upgrade, please follow the instructions. As always, Spotify does not recommend installing Android applications from anywhere other than Google Play, Amazon Appstore or https://m.spotify.com/. At this time there is no action recommended for iOS and Windows Phone users. Please note that offline playlists will have to be re-downloaded in the new version. We apologise for any inconvenience this causes, but hope you understand that this is a necessary precaution to safeguard the quality of our service and protect our users. We have taken steps to strengthen our security systems in general and help protect you and your data – and we will continue to do so. We will be taking further actions in the coming days to increase security for our users. Please click here* to read more."
* https://support.spot...-android-update

** https://play.google....bile.android.ui
May 28, 2014
 

 

Edited by AplusWebMaster, 29 May 2014 - 12:42 PM.

[AplusWebMaster]

FYI...

SKorea databases hacked ...
- https://news.yahoo.c...-074734037.html
Jun 5, 2014 - "The top U.S. military official in South Korea said a hacking incident might have compromised the personal information of thousands of South Koreans employed by the American command. Gen. Curtis M. Scaparrotti, commander of U.S. Forces in South Korea, apologized Thursday for the "possible theft" from two databases of private details of South Koreans such as names, contact information and work history. About 16,000 current and former workers, almost all of them Korean nationals, and people who have sought jobs with the U.S. military in South Korea, are affected by the incident. The U.S. military said no classified military data was compromised as the databases were on a separate network. South Korean government, broadcasting and finance industry networks have been a frequent target of cyberattacks in the past. Some have been blamed on North Korea, which denies any involvement. Others have been attributed to hackers seeking to profit from data theft... U.S. Forces spokesman Christopher Bush said an investigation by the U.S. Army was underway to determine who was responsible. The U.S. has around 28,500 soldiers in South Korea as a deterrent against the North..."

- https://www.computer..._in_South_Korea
June 6, 2014
 

Edited by AplusWebMaster, 06 June 2014 - 07:03 AM.

[AplusWebMaster]

FYI...

Security incident on forum.eset.com
- https://forum.eset.c...n-forumesetcom/
June 5, 2014 - "We have been informed by our third-party forum provider that user login details of ESET Security Forum members have been compromised. At this time we have confirmed that login data (user name/email and hashed forum passwords) have been accessed. We have requested details about the incident from our provider and have launched a full-scale investigation with them. ESET Security Forum has around 2,700 registered users and the only information stored are login details: no financial or other sensitive data are affected. ESET-operated infrastructure and ESET software users were not affected in any way by this incident. We recommend that all ESET Security Forum users change their passwords. Having different passwords for different services is a good practice: if you used your ESET Security Forum password for other services, we recommend that you also change those passwords immediately too... We apologize for any inconvenience.
ESET Security Forum"
 

[AplusWebMaster]

FYI...

Credit Card Breach at P.F. Chang
- http://krebsonsecuri...-at-p-f-changs/
June 10, 2014 - "Nationwide chain P.F. Chang’s China Bistro said today that it is investigating claims of a data breach involving credit and debit card data reportedly stolen from restaurant locations nationwide. On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator[dot]so, an underground store best known for selling tens of millions of cards stolen in the Target breach. Several banks contacted by KrebsOnSecurity said they acquired from this new batch multiple cards that were previously issued to customers, and found that all had been used at P.F. Chang’s locations between the beginning of March 2014 and May 19, 2014... Contacted about the banks’ claims, the Scottsdale, Arizona-based restaurant chain said it has not yet been able to confirm a card breach, but that the company “has been in communications with law enforcement authorities and banks to investigate the source”... Banks contacted for this story reported cards apparently stolen from PFC locations in Florida, Maryland, New Jersey, Pennsylvania, Nevada and North Carolina. The new batch of stolen cards, dubbed “Ronald Reagan” by the card shop’s owner, is the first major glut of cards released for sale on the fraud shop since March 2014, when curators of the crime store advertised the sale of some 282,000 cards stolen from nationwide beauty store chain Sally Beauty. The items for sale are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards. Armed with this information, thieves can re-encode the data onto new plastic and then use the counterfeit cards to buy high-priced items at big box stores, goods that can be quickly resold for cash (think iPads and gift cards, for example). The most common way that thieves steal this type of card data is by hacking into cash registers at retail locations and planting malicious software that surreptitiously records mag stripe data when cards are swiped through the machines. The breaches at Target, Neiman Marcus, Michaels and Sally Beauty all were powered by malware that thieves planted on point-of-sale systems..."
___

- http://pfchangs.com/security/
June 12, 2014 - "On Tuesday, June 10, P.F. Chang's learned of a security compromise that involves credit and debit card data reportedly stolen from some of our restaurants. Immediately, we initiated an investigation with the United States Secret Service and a team of third-party forensics experts to understand the nature and scope of the incident, and while the investigation is still ongoing, we have concluded that data has been compromised. At P.F. Chang's, the safety and security of our guests' payment information is a top priority. Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang's China Bistro branded restaurants located in the continental United States. This ensures our guests can still use their credit and debit cards safely in our restaurants as our investigation continues. We have also established a dedicated public website, pfchangs.com/security, for guests to receive updates and answers to their questions. Because we are still in the preliminary stages of our investigation, we encourage our guests to be vigilant about checking their credit card and bank statements. Any suspected fraudulent activity should be immediately reported to their card company. We sincerely regret the inconvenience and concern this may cause for our guests."
 

Edited by AplusWebMaster, 13 June 2014 - 06:17 AM.

[AplusWebMaster]

FYI...

AT&T breach allowed customer data to be used to unlock smartphones
Social Security numbers were accessed in a bid to unlock smartphones
- https://www.computer...ock_smartphones
June 12, 2014 - "Personal information, including Social Security numbers and call records, was accessed for an unknown number of AT&T Mobility customers by people outside of the company, AT&T has confirmed. The breach took place between April 9-21, but was only disclosed this week in a filing with California regulators. While AT&T wouldn't say how many customers were affected, state law requires such disclosures if an incident affects at least 500 customers in California. "Employees of one of our service providers violated our strict privacy and security guidelines by accessing your account without authorization," the company said in a letter to affected customers. "AT&T believes the employees accessed your account as part of an effort to request codes from AT&T than are used to unlock AT&T mobile phones in the secondary mobile phone market." Many cellphones are provided by carriers with a software lock that prevents them from being used on the networks of competitors, but customers can typically request an "unlock code" that removes the restriction. Once unlocked, they are more valuable on the second-hand market because they can be used on both AT&T and T-Mobile in the U.S. and the majority of cellphone networks around the world. The company declined to comment on whether the phones had found their way to the second-hand market through legitimate channels or as a result of theft... While inside customer accounts, those who accessed the data would have also had access to details of the time, date, duration and destination of phone calls made by customers, AT&T said. "We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization," the company said in a statement..."

- https://www.computer...one_at_AT_amp_T
June 18, 2014
 

Edited by AplusWebMaster, 27 June 2014 - 07:57 AM.

[AplusWebMaster]

FYI...

AskMen site compromised to serve malicious code
- http://community.web...cious-code.aspx
23 Jun 2014 - "... the official website of AskMen (at www.askmen .com ), a popular free online men's web portal, has been compromised and injected with malicious code that appears to be part of a mass-injection attack. According to similarweb.com, AskMen's website has more than 10 million visitors each month. The injected code redirects a user to a website serving exploit code, which subsequently drops malicious files on the victim's computer. Websense Security Labs has contacted the host master of askmen .com with a notification regarding the compromise. No response or acknowledgement has been received so far.
AskMen's main page as of 23 June 2014:
> http://community.web...labs/0574.1.png
SimilarWeb .com statistics for AskMen:
> http://community.web...rweb_5F00_2.jpg
... Analysis: The injected code has been found in multiple locations within the main website as well as in localized versions of it, like au.askmen .com. When a user browses to the main website, the injected code loads automatically and silently redirects the user to a website serving the actual exploit code...
Java exploit:
> http://community.web...labs/6746.8.png
Nuclear Pack Exploit Kit: The exploit page displays similar obfuscation techniques, which are often used in the Nuclear Pack exploit kit. In addition, the above mentioned Java exploit is most often used by Nuclear Pack. These facts strongly indicate that the attacker is using either the Nuclear Pack exploit kit or a variant of it...
Conclusion: ... even very popular websites are not immune to malicious code injection attacks. An attack of this scale can potentially infect tens of thousands of unsuspecting users due to the nature of the attack and the high popularity of the website."

- https://www.computer...e_WebSense_says
June 23, 2014 - "... The domains hosting the exploit code are constantly changing... The injected JavaScript code takes the current date and then uses an algorithm to hash that data, which generates a domain name where the hackers have hosted the exploit kit. A new attack domain is generated every day... the Nuclear Pack tries exploits for either outdated Java or Adobe Systems' Reader software... If the attack is successful, a malicious software called "Caphaw" is installed..."
___

- http://sitecheck.suc...ults/askmen.com
Status: Site Potentially Harmful. Immediate Action is Required.
Web Trust: Blacklisted (9 Blacklists Checked) ...
IP address: 54.209.144.209
System Details:
Running on: Apache/2.2.21
System info: (Unix) PHP/5.3.19
Powered by: PHP/5.3.19
Outdated Web Server Apache Found: Apache/2.2.21...

- https://www.apache.o.../CHANGES_2.2.27
2014-03-26
- https://web.nvd.nist...d=CVE-2014-0098 - 5.0
- https://web.nvd.nist...d=CVE-2013-6438 - 5.0
 

Edited by AplusWebMaster, 25 June 2014 - 05:41 AM.

[AplusWebMaster]

FYI...

Montana state site hacked - over 1 million exposed
- http://www.dphhs.mt....otection .shtml
June 24, 2014 - "State of Montana officials said today that 1.3 million people will be notified regarding the incident where hackers gained entry to a Department of Public Health and Human Services (DPHHS) computer server, though officials said there is no knowledge that information on the server was used inappropriately, or was even accessed. The state is notifying individuals whose personal information was on the server, consistent with state and federal laws. The notification list includes both current and former Montana residents, and in some instances, the estates of deceased individuals. Officials announced that the state is also notifying individuals of free credit monitoring and identity protection insurance... On May 22nd, an independent forensic investigation determined a DPHHS computer server had been hacked. The forensic investigation was ordered on May 15th when suspicious activity was first detected by DPHHS officials. When the suspicious activity was discovered, agency officials immediately shut down the server and contacted law enforcement... The state has taken several steps to further strengthen security, including safely restoring all systems affected, adding additional security software to better protect sensitive information on existing servers, and continually reviewing its security practices to ensure all appropriate measures are being taken to protect citizen information."
___

- https://www.computer...ersonal_records
June 25, 2014 - "... The server held information such as names, addresses, birth dates and Social Security numbers for services citizens had applied for or received. For some people, the information may have included data on health assessments, diagnoses, treatment, health condition, prescriptions and insurance, the state said. Birth and death records, part of the state's Vital Statistics database, were also on the server. Contractors as well as current and former employees of the department may have been affected. The server contained their names, addresses, birth dates, Social Security numbers along with bank account information and dates of service, the state said..."
 

 

Edited by AplusWebMaster, 25 June 2014 - 05:04 AM.

[AplusWebMaster]

FYI...

Restaurants hit by New Payment Card Hacks
- http://www.databreac...ent-card-hacks/
July 2, 2014 - "Phishing emails, lax security -or- a previously unknown software flaw could turn out to be the cause of the latest eatery data breach. This one hit a number of prominent restaurants in the Pacific Northwest after hackers gained access a Point Of Sale (POS) system created by Information Systems & Supplies (ISS) of Vancouver, Washington.
    'We recently discovered that our Log-Me-In account was breached on February 28, March 5 and April 18, 2014. We have reason to believe that the data accessed could include credit card information from any cards used by your customers between these dates', a letter signed by ISS president Thomas Potter obtained by BankInfoSecurity stated. That letter was dated June 12** but not mailed until a week later... More here:
- https://www.idradar....ent-Card-Breach
If the LogMeIn reference in the story seems familiar, it’s because we also saw it misused in a breach involving a number of Subway restaurants*."
* http://www.computerw..._to_POS_hacking
May 15, 2014

** http://docs.ismgcorp...uver_breach.pdf
____

- https://www.computer...access_accounts
July 2, 2014
 

Edited by AplusWebMaster, 02 July 2014 - 01:11 PM.

[AplusWebMaster]

FYI...

AskMen .com compromised again
- http://blog.malwareb...promised-again/
July 18, 2014 - "Last month, security firm Websense reported that popular website AskMen .com was compromised to serve malicious code. Today, our honeypot captured an attack coming from AskMen .com in what appears to have been malicious code injected in their server... an iframe (injection)... is what is used to do a -redirection- to a malicious site... a landing page for the Nuclear EK:
- Flash exploit: https://www.virustot...4d0fa/analysis/
- PDF exploit: https://www.virustot...sis/1405699036/
- Java exploit: https://www.virustot...73239/analysis/
Finally the following payload is dropped and executed:
- https://www.virustot...sis/1405699015/
... Our free Malwarebytes Anti-Exploit* blocked this threat:
> http://cdn.blog.malw.../07/blocked.png
We notified AskMen .com and they promptly replied that they were looking into the matter immediately..."
(More detail at the first malwarebytes URL of this post.)
* http://www.malwareby...rg/antiexploit/
 

[AplusWebMaster]

FYI...

Card Breach at Goodwill Industries
- http://krebsonsecuri...ill-industries/
July 21, 2014 - "... Financial institutions across the country report that they are tracking what appears to be a series of credit card breaches involving Goodwill locations nationwide. For its part, Goodwill Industries International Inc. says it is working with the U.S. Secret Service on an investigation into these reports. Headquartered in Rockville, Md., Goodwill Industries International, Inc. is a network of 165 independent agencies in the United States and Canada with a presence in 14 other countries. The organizations sell donated clothing and household items, and use the proceeds to fund job training programs, employment placement services and other community-based initiatives. According to sources in the financial industry, multiple locations of Goodwill Industries stores have been identified as a likely point of compromise for an unknown number of credit and debit cards. In a statement sent to KrebsOnSecurity, Goodwill Industries said it first learned about a possible incident last Friday, July 18. The organization said it has not yet confirmed a breach, but that it is working with federal authorities on an investigation into the matter... It remains unclear how many Goodwill locations may have been impacted, but sources say they have traced a pattern of fraud on cards that were all previously used at Goodwill stores across at least 21 states, including Arkansas, California, Colorado, Florida, Georgia, Iowa, Illinois, Louisiana, Maryland, Minnesota, Mississippi, Missouri, New Jersey, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia, Washington and Wisconsin. It is also not known at this time how long ago this apparent breach may have begun, but those same financial industry sources say the breach could extend back to the middle of 2013. Financial industry sources said the affected cards all appear to have been used at Goodwill stores, but that the fraudulent charges on those cards occurred at non-Goodwill stores, such as big box retailers and supermarket chains. This is consistent with activity seen in the wake of other large data breaches involving compromised credit and debit cards, including the break-ins at Target, Neiman Marcus, Michaels, Sally Beauty, and P.F. Chang’s."
 

[AplusWebMaster]

FYI...

ECB says website hacked, no sensitive data affected
- http://www.reuters.c...N0FT1D620140724
July 24, 2014 - "The European Central Bank said on Thursday its website had been hacked and some email addresses and other contact information stolen but insisted no market-sensitive data were affected. The theft came to light after the central bank received an anonymous email on Monday night demanding money in exchange for the stolen addresses. The hackers broke into a database storing details of people who had registered for ECB conferences, visits and other events, the bank said. That database, which held about 20,000 email addresses and a much smaller number postal addresses and phone numbers, was kept physically separate from internal systems, it added. "No internal systems or market sensitive data were compromised," the ECB said in a statement. The ECB is currently running a particularly sensitive review of the euro zone's top lenders, collecting streams of data to gauge whether banks have valued loans and other assets correctly, before it starts supervising them. German police were investigating the breach and all people who might have had their details stolen had been contacted, said the bank."
- https://www.ecb.euro...r140724.en.html
24 July 2014
___

Philippine gov't site infected with Spam Code
- http://blog.malwareb...with-spam-code/
July 24, 2014 - "An online security repository of bad links [1] has recently flagged the official website of the Department of Agriculture* (Kagawaran ng Pagsasaka), which is owned and maintained by the Philippine government, as harbouring malware.
* http://cdn.blog.malw.../2014/07/DA.png
We have determined that six pages, including the default page, have been injected with a Blackhat SEO spam code. Below is a list of other infected pages:
    “Contact Us” page
    “Advisory Banner” page
    “About Us” page
    Department Mission/Vision page
    History of DA page
Below is a screenshot of the code we found:
> http://cdn.blog.malw...O-spam-code.png
... visiting the above infected pages will not get you infected; however, you will be contributing to the increase of the page rank of the gambling-related URL we can see in the code. We have reason to believe that the DA site has been hacked because of the presence of the injected code. Readers are advised to avoid accessing the website entirely until the administrators are able to remove the code and make sure that it’s safe to visit. Malwarebytes has already reported the infection to the DA."
1] https://www.virustot...sis/1406113101/
 

Edited by AplusWebMaster, 25 July 2014 - 06:25 AM.

[AplusWebMaster]

FYI...

SocialBlade .com compromised - redirection chain to Nuclear Pack exploit kit
- http://blog.malwareb...ck-exploit-kit/
July 29, 2014 - "...  the YouTube stats tracker site SocialBlade .com is connected with malicious redirections that also lead to the Nuclear Pack EK.
> http://cdn.blog.malw...ocialblade2.png
The drive-by download which was detected by our honeypots is successfully blocked by Malwarebytes Anti-Exploit. According to site tracker SimilarWeb, SocialBlade .com has a global rank of 5,791 and had around 3.6 million visits last month... Typically we’d see an iframe and we would be able to search for it by its string. This was not the case here, so we had to manually inspect each web session and external references. The intruder was in a core JavaScript file... the JavaScript code writes the iframe and launches the redirection workflow... Java exploit (CVE-2013-2465?):
hxxp ://50d88d1ad05y.correctzoom .uni.me/1406197380.jar
VT (4/52*)* https://www.virustot...sis/1406296526/
Internet Explorer exploit (CVE ?):
hxxp ://50d88d1ad05y.correctzoom .uni.me/1406197380.htm
VT (0/53**)
** https://www.virustot...ae651/analysis/
Payload:
hxxp ://50d88d1ad05y.correctzoom .uni.me/f/1406197380/7
VT (17/52***)
*** https://www.virustot...sis/1406311279/
...  most likely leads to ad-fraud related malware (clickjacking etc.). We have notified the owners of SocialBlade .com so they can fix the issue ASAP and prevent unnecessary malware infections..."

uni .me: 192.95.12.33: https://www.virustot...33/information/

- https://www.google.c...c?site=AS:16276
 

Edited by AplusWebMaster, 29 July 2014 - 06:37 PM.

[AplusWebMaster]

FYI...

Breach at Community Health Systems - data on 4.5M stolen in cyber attack
- http://www.reuters.c...N0GI16N20140818
Aug 18, 2014 - "U.S. hospital operator Community Health Systems Inc said on Monday personal data, including patient names and addresses, of about 4.5 million people were stolen by hackers from its computer network, likely in April and June. The company said the data, considered protected under the Health Insurance Portability and Accountability Act, included patient names, addresses, birth dates, telephone numbers and Social Security numbers. It did not include patient credit card or medical information, Community Health Systems said in a regulatory filing. It said the security breach had affected about 4.5 million people who were referred for or received services from doctors affiliated with the hospital group in the last five years. The FBI warned healthcare providers in April that their cybersecurity systems were lax compared to other sectors, making them vulnerable to hackers looking for details that could be used to access bank accounts or obtain prescriptions... The company said it and its security contractor, FireEye Inc unit Mandiant, believed the attackers originated from China. They did not provide further information about why they believed this was the case. They said they used -malware- and other technology to copy and transfer this data and information from its system..."
___

- https://www.trusteds...ive-trustedsec/
Aug 19, 2014 - "... a breach at Community Health Systems (CHS) affecting an estimated 4.5 million patients was recently revealed. TrustedSec obtained the first details on how the breach occured and new information relating to this breach. The initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability which led to the compromise of the information... This is the first confirmed breach of its kind where the heartbleed bug is the known initial attack vector that was used..."

- http://www.reuters.c...N0GK0H420140820
Aug 20, 2014 - "... Heartbleed is a major bug in OpenSSL encryption software that is widely used to secure websites and technology products including mobile phones, data center software and telecommunications equipment. It makes systems vulnerable to data theft by hackers who can attack them without leaving a trace..."
___

- http://atlas.arbor.n...dex#-1319592123
High Severity
21 Aug 2014
 

Edited by AplusWebMaster, 25 August 2014 - 02:51 AM.

[AplusWebMaster]

FYI...

UPS - data breach at 51 locations
- http://www.reuters.c...N0QQ5CF20140820
Aug 20 2014 - "UPS Store Inc, a unit of United Parcel Service Inc, warned of a potential data breach at about 51 of its franchised center locations in 24 states across the United States. There was no evidence of fraud arising from the incident, the company said. UPS Store said customers who used a credit or debit card at the stores between Jan. 20 and Aug. 11 may have been exposed to a malware identified in the company's systems at the locations. The company said the customer information that may have been exposed includes names, postal addresses, email addresses and payment card information. The UPS Store network is a franchise system of retail shipping, postal, print and business service centers in the Unites States. UPS Store has about 4,470 franchised center locations in the United States. UPS Store said the period of exposure to the malware began after March 26 at most of the locations. The malware was eliminated as of Aug. 11 and customers can shop securely at the company's locations, UPS Store said. The malware intrusion was notified by the U.S. government, the company said, adding it was among many other retailers alerted by the government. The malware was not present on the computing systems of any other UPS business entities, UPS Store said..."

- http://www.theupssto...es/default.aspx
"... impacted center locations, along with the timeframe for potential exposure to this malware at each location..."

> https://www.us-cert....lerts/TA14-212A
Last revised: Aug 18, 2014
___

- http://atlas.arbor.n...ndex#-966807597
High Severity
21 Aug 2014
 

Edited by AplusWebMaster, 25 August 2014 - 02:52 AM.

[AplusWebMaster]

FYI...

Hacks attack JPMorgan...
- http://www.bloomberg...an-hacking.html
Aug 27, 2014 - "Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions... The attack resulted in the loss of gigabytes of sensitive data... the probe is still preliminary. Authorities are investigating whether recent infiltrations of major European banks using a similar vulnerability are also linked to the attack... In one case, the hackers used a software flaw known as a zero-day vulnerability in one of the banks’ websites. They then plowed through layers of elaborate security to steal the data, a feat security experts said appeared far beyond the capability of ordinary criminal hackers. The incidents occurred at a low point in relations between Russia and the West. Russian troops continue to mass on the Ukrainian border and the West tightens sanctions aimed at crippling Russian companies, including some of the country’s most important banks... The sophistication of the attack and technical indicators extracted from the banks’ computers provide some evidence of a government link. Still, the trail is muddy enough that investigators are considering the possibility that it’s cyber criminals from Russia or elsewhere in Eastern Europe. Other federal agencies, including the National Security Agency, are now aiding the investigation..."
___

- http://www.reuters.c...N0GS1CO20140828
Aug 28, 2014 - "... the FBI said Wednesday evening it was investigating media reports earlier in the day that several U.S. financial companies have been victims of recent cyber attacks. "We are working with the United States Secret Service to determine the scope of recently reported cyber attacks against several American financial institutions," FBI spokesman Joshua Campbell said in a statement late Wednesday. Campbell did not name any companies or give more details, although media reports had named JPMorgan as one victim of the attacks. Other potential victims have yet to be named..."

- http://www.bloomberg...-bank-data.html
Aug 28, 2014 - "... The attack led to the theft of account information that could be used to drain funds, according to a U.S. official and another person briefed by law enforcement who said the victims may have included European banks. Hackers also took sensitive information from employee computers. Most thefts of financial information involve retailers or personal computers of consumers. Stealing data from big banks is rare, because they have elaborate firewalls and security systems... Investigators have determined that the attacks were routed through computers in Latin America and other regions via servers used by Russian hackers..."
___

- https://atlas.arbor....index#826998718
High Severity
4 Sep 2014
 

Edited by AplusWebMaster, 05 September 2014 - 03:29 AM.