46 replies to this topic

[AplusWebMaster]

FYI...

Stanford breach - urges users to update passwords
- http://news.stanford...ach-072513.html
July 25, 2013 - "Stanford is investigating an apparent breach of its information technology infrastructure similar to incidents reported in recent months by a range of companies and large organizations in the United States. We do not yet know the scope of the intrusion, but we are working closely with information security consultants and law enforcement to determine its source and impact. We are not aware at this time of any protected health information, personal financial information or Social Security numbers being compromised, and Stanford does not conduct classified research. As a precautionary measure, we are asking -all- users of Stanford's computer system – that is, all those with a SUNet, or Stanford University Network, ID – to change their passwords. As we learn more about the incident, this process may need to be repeated. Stanford treats information security with the utmost seriousness and is continually upgrading its defenses against cyberattacks. Like many institutions, it repels millions of attempted attacks on its information systems each day. In recent months, a range of large organizations have reported attacks involving their information systems. Preliminary indications are that the breach at Stanford bears many similarities to these incidents. We are unable to provide additional detail at this time, given the ongoing nature of the investigation and the importance of limiting any damage from the incursion. We will provide updates to users of our systems as more information becomes available."
___

July - Busy Month for Breaches
- http://blogs.cisco.c...h-for-breaches/
July 22, 2013

Edited by AplusWebMaster, 29 July 2013 - 12:51 PM.

[AplusWebMaster]

FYI...

UD - IT security breach
- http://www.udel.edu/...rces073013.html
July 30, 2013 - "The University of Delaware is notifying the campus community that it has experienced a cyberattack in which files were taken that included confidential personal information of current and past employees, including student employees. A criminal attack on one of the University’s systems took advantage of a vulnerability in software acquired from a vendor. The University sent notification letters dated July 29, 2013, to more than 72,000 affected persons and offered them free credit monitoring. Approximately one-third have active UD email accounts and will have received an email notification as well. The confidential personal information includes names, addresses, UD IDs (employee identification numbers) and Social Security numbers. Individuals with UDelNet IDs and passwords can check to see they are affected by this incident by using the IT Security Verification application on a special IT Security Response website*... UD’s IT Security Response website* provides information on the situation and answers to frequently asked questions. It will be updated as more information becomes available."
* http://www.udel.edu/it/response/

[AplusWebMaster]

FYI...

Malware using GoogleCode for distribution
- http://research.zsca...lecode-for.html
July 31, 2013 - "Malware hosting sites rarely stay up for too long. After the first few instances are seen by security vendors, they are added to blacklists which, in turn, are fed into other blacklists throughout the industry. Malware writers are now turning to commercial file hosting sites to peddle their warez. If these legitimate file hosts are not scanning the content they are hosting, it may force network administrators to block the service altogether. The kicker is that this time we see that GoogleCode seems to have swallowed the bad pill.
> https://lh3.ggpht.co.../googlecode.png
... We also have reports of this file being downloaded via Dropbox, but it appears to have been taken down at the time of research
> https://lh3.ggpht.co...DY/s1600/BA.png
This incident sets a precedent that no file hosting service is beyond reproach. Blind trust of specific domains should not be tolerated from an organizational or personal perspective. So set those security privileges to kill and keep one eye open for shady files coming from even a seemingly trusted location. Other files from this location that were also flagged as malicious as noted below..."
(More detail at the zscaler URL above.)

- http://www.theinquir...-spread-malware
Aug 01 2013 - "... Fireeye said the use of developer websites by hackers to spread malware isn't anything new and it expects to see similar attacks in the very near future..."

[AplusWebMaster]

FYI...

BANKER Malware hosted on Google Code
- http://blog.trendmic...on-google-code/
Aug. 8, 2013 - "... we were able to capture a malware written in Java that downloads BANKER malware from a recently created project called “flashplayerwindows”. Of course, this -bogus- project has nothing to do with Adobe. The said file (detected as JAVA_DLOAD.AFJ) is a compiled file that downloads and execute the “AdobeFlashPlayer.exe”, which we have verified to be malicious (detected as TROJ_BANLOAD.JFK). Once executed, this Trojan connects to Google Code to download other files. The people behind this threat may have uploaded these files to the said Google Code page, which notably include BANKER variants. These malware are notorious for stealing banking and email account information. Typically, they perform their data stealing routine by using phishing sites spoofing banking sites to lure users into disclosing information. Once they gather these data, they can use these to initiate unauthorized transactions such as money transfers. Previously, BANKER malware were seen hosted on compromised Brazilian government sites, which affected users from Brazil, the United States, and Angola. Another fraud project containing malware was also discovered, which goes to show that similar threats might still be out there. Besides the danger of the BANKER malware, this use of a well-known site like Google Code provides a good cover-up for cybercriminals. The malware being hosted in an official Google website means that downloading the malware will be encrypted with valid SSL certificates, which can bypass traditional security technologies. Because Google is a legitimate and reputable domain, traditional reputable services may not prevent the downloading. If this threat seems familiar, it’s because this abuse of open-source project sites has been done before... legitimate cloud providers like Google Code are likely to come under attack this year. With services like Google Code are likely to increase traction among users, we can expect that similar cases will appear (and increase) in the coming days... As of this writing, the said files are no longer available on Google Code."

[AplusWebMaster]

FYI...

D&B, LexisNexis, Altegrity report cyber attacks
- http://www.reuters.c...E98P03220130926
Sep 25, 2013 - "Three major U.S. data providers said on Wednesday they were victims of cyber attacks, after a cybersecurity news website linked the breaches to a group that sells stolen social security numbers and other sensitive information. An FBI spokeswoman said the bureau was investigating the breaches but declined to elaborate. The disclosures, by Dun & Bradstreet Corp, Altegrity Inc's Kroll Background America Inc and Reed Elsevier's LexisNexis Inc, came after website KrebsOnSecurity first reported the breaches. The site said the attacks were masterminded by a cybercrime ring that sold stolen data such as credit reports through the website ssndob .ms, or SSNDOB (here*)..."
* http://krebsonsecuri...-theft-service/

- http://www.databreac...-theft-service/

Edited by AplusWebMaster, 26 September 2013 - 11:19 AM.

[AplusWebMaster]

FYI...

Adobe network compromised...
- http://blogs.adobe.c...nouncement.html
Oct 3, 2013 - "... Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related. Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident..."
(More detail at the Adobe URL above.)

- https://www.us-cert....ode-Compromises
Oct 3, 2013

- http://www.databreac...r-cyber-attack/
3 Oct 2013

- http://www.theguardi...ch-cyber-attack
3 Oct 2013 - "... It has reset passwords on customers' accounts and recommended that customers change their passwords on any other website where they used the same code..."
___

- http://blogs.adobe.c...ource-code.html
Oct 2, 2013

- https://www.trusteer...ro-day-exploits
Oct 04, 2013 - "... The Adobe network breach puts organizations and users at significant risk. If the source code for Adobe Reader or other popular Adobe applications was stolen, it means that cyber-criminals now have the opportunity to search this code for new unknown vulnerabilities, and develop malicious code that exploits these vulnerabilities. You can expect that we will soon have a stream of new, nasty zero-day exploits..."

Edited by AplusWebMaster, 05 October 2013 - 05:39 AM.

[AplusWebMaster]

FYI...

DNS hijack - leaseweb .com website
- http://blog.leaseweb...eb-com-website/
Oct 6, 2013 - "As one of the largest hosting providers in the world, with almost four percent of the entire global IP traffic under our management, LeaseWeb continuously combats cybercrime in its many forms, dealing swiftly and professionally with any detected malicious activity within its network. Last weekend the leaseweb .com website was unfortunately a direct target of cybercriminals itself. For a short period of time some visitors of leaseweb .com were redirected to another, non-LeaseWeb IP address, after the leaseweb .com DNS was -changed- at the registrar. This DNS hijack was quickly detected and rectified by LeaseWeb’s security department. Although it seems to have had only superficial effects, we seriously regret this event from happening. Our security investigation so far shows that no domains other than leaseweb.com were accessed and changed. No internal systems were compromised. One of the security measures we have in place is to store customer data separately from any publicly accessible servers; we have no indication that customer data was compromised as a result of this DNS hijack... The unauthorized name server change for leaseweb.com took place at our registrar on Saturday 5 October, around 19:00 hours CET / 1 PM EST. While the hijack was soon detected and mitigated, it took some time before our adjustments in the DNS cache were propagated across the internet. During this period the following systems and services were affected:
- Some visitors of http ://www.leaseweb .com were redirected to a non-LeaseWeb IP address
- E-mails sent to @ leaseweb .com addresses during the DNS hijack were not received by LeaseWeb
- Domain name registration and server reinstallation via our Self Service Center was disabled
... We sincerely apologize for any inconvenience this unfortunate event might have caused. Security will always be a battle between good and evil, with one trying to outsmart the other in whatever way possible. We will learn from this incident, intensively review our security systems and protocols, and adjust where necessary..."

- http://www.theinquir...d-in-dns-hijack
Oct 07 2013 - "... it appears that the hijackers obtained the domain administrator password and used that information to access the registrar. We will continue to investigate this incident thoroughly and take decisive action accordingly."

[AplusWebMaster]

FYI...

Avira homepage defaced
- https://isc.sans.edu...l?storyid=16754
Last Updated: 2013-10-08 12:58:56 UTC - "The home page of anti virus company Avira has been defaced, likely by altering the DNS zone for Avira .com... Once an attacker has control of the NS records, they may also change MX records and redirect e-mail, or in the case of an Antivirus company like Avira change the addresses used to download signature updates. According to domaintools.com, the last address for avira.com was 62.146.210.2 and that address still appears to host Avira's site... The domain is hosted with Network Solutions. At this point, this looks like an isolated incident and not a more wide spread issue with Network Solutions. I hope this will not be considered an "advanced sophisticated highly skilled attack", as the attackers have issues spelling "Palestine" consistently. The content of the defaced site is political and no malware has been spotted on the site so far.
Partial screenshot of the site:
> https://isc.sans.edu...IanEsq7RXMY.png
... a screenshot with a similar defacement of Antivirus vendor AVG (avg.com), but the site appears to be back to normal now... Instant messaging software maker Whatsapp was apparently a third victim of this attack."

- http://techblog.avir...g-avira-com/en/
Oct 8 2013 - "... It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request which was honored by the provider. Using the new credentials the cybercriminals have been able to change the entries to point to their DNS servers. Our internal network has not has not been compromised in any way. As a measure of security we have shut down all exterior services until we have all DNS entries in our possession again... We are working with the ISP to receive control on the domain name and only when we have solved the problem we will restore the access to the Avira services..."
Update: October 8th 23:15 CET+2 - "The DNS settings have been restored. We will continue to restore all our services in the next hours."
___

AVG, Avira and WhatsApp - DNS hijack
- http://www.theregist...k_attack_spree/
8 Oct 2013

- http://atlas.arbor.n...ndex#1211343777
Hijacking of AV firms websites may be linked to hack on Network Solutions ...
Elevated Severity
October 11, 2013 00:53
Several high profile sites, including two anti-virus vendors, were hijacked at the DNS level recently. DNS resource records are a significant target for attackers and should be carefully protected.
Analysis: While a full sense of the damage is not known by this author, the apparent defacement of a public website - and the tainting of traffic destinations- through DNS re-direction is an old trick that is still bearing fruit. In this case, it appears that credentials have been obtained via a bogus password reset phishing e-mail sent to the authoritative registrar. If this is the actual attack vector, then security awareness training needs to increase at the affected organization. Organizations that protect DNS resource records need to understand that they are a target, and that anyone can become a target. Not only will HTTP traffic redirect to the wrong location, but attackers can and have used this technique to install malware from sites that would normally be trusted and appear to be legitimate to the end user. Additionally, if other RR's such as MX records were modified, then attackers could obtain a significant amount of e-mail. The triggering of password reset functionality associated with any of those domains would then return the password reset process into the hands of the attackers. This is just one possible example of the risks inherent in such an attack. DNS providers need to ensure that security is improved and that such attacks become much more difficult to implement and that they are caught proactively.
Source: http://arstechnica.c...work-solutions/

Edited by AplusWebMaster, 12 October 2013 - 07:54 AM.

[AplusWebMaster]

FYI...

Compromised Turkish Gov't Web site leads to malware
- http://www.webroot.c...-leads-malware/
Oct 10th, 2013 - "... Web server belonging to the Turkish government, where the cybercriminals behind the campaign have uploaded a malware-serving fake ‘DivX plug-in Required!” Facebook-themed Web page. Once socially engineered users execute the malware variant, their PCs automatically join the botnet operated by the cybercriminals behind the campaign.
Sample screenshot of the fake DivX, Facebook-themed page uploaded on the compromised Web server:
> https://www.webroot....re-1024x682.png
Compromised URL: hxxp ://www.manisahem .gov .tr/giorgia.html
The malware’s download URL: hxxp ://hyfcst.best.volyn .ua:80/dlimage11.php – 103.246.115.238
Detection rate for the malicious variant: MD5: adc9cafbd4e2aa91e4aa75e10a948213 * Heuristic.LooksLike.Win32.Suspicious.J!89
... malicious sub-domains are also known to have responded to the same IP (103.246.115.238)
... malicious subdomains are also known to have responded to... IP (103.9.150.244)..."
* https://www.virustot...fe7f5/analysis/
File name: vti-rescan

- https://www.virustot...38/information/

- https://www.virustot...44/information/

[AplusWebMaster]

FYI...

Hacks use botnet/Google for vulnerable vBulletin sites ...
- http://www.infoworld...le-sites-228799
Oct 15, 2013 - "Some 35,000 sites that use vBulletin, a popular website forum package, were hacked recently by taking advantage of the presence of files left over from the program's installation process, according to security researcher Brian Krebs*. The hack by itself is fairly standard, but the way in which it was carried out shows how search engines like Google can unwittingly become a party to such hacking..."
* http://krebsonsecuri...vbulletin-hole/
Oct 14, 2013

- http://www.net-secur...ld.php?id=15743
9 Oct 2013

* http://www.vbulletin...4-1-vbulletin-5

- http://blog.imperva....-injection.html
Oct 8, 2013

[AplusWebMaster]

FYI...

php-net-compromise ...
- https://isc.sans.edu...l?storyid=16892
Last Updated: 2013-10-24 16:38:43 UTC - "... Google had php.net added to its list of malicious sites. The listing was the result of a false positive triggered by an obfuscated javascript file that is a legitimate part of the php.net site...
Update: Barracuda posted a more detailed analysis and packet capture showing that php.net may indeed have been compromised and delivered a malicious flash file:
- http://barracudalabs...net-compromise/
Oct 24, 2013 - "One of our research tools flagged php.net as distributing malware. The site appears to have been compromised and had some of its javascript altered to exploit vulnerable systems..."

- http://google.com/sa...c?site=php.net/
"... 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-11-02, and the last time suspicious content was found on this site was on 2013-10-23. Malicious software includes 5 trojan(s).. This site was hosted on 79 network(s)...."

- https://www.virustot...defe4/analysis/
Comments: "This file is related to the PHP.net compromise..."
___

A quick update on the status of php.net
- http://php.net/archi...#id2013-10-24-1
24-Oct-2013 - "On 24 Oct 2013 06:15:39 +0000 Google started saying www.php.net was hosting malware. The Google Webmaster Tools were initially quite delayed in showing the reason why and when they did it looked a lot like a false positive because we had some minified/obfuscated javascript being dynamically injected into userprefs.js. This looked suspicious to us as well, but it was actually written to do exactly that so we were quite certain it was a false positive, but we kept digging. It turned out that by combing through the access logs for static.php.net it was periodically serving up userprefs.js with the wrong content length and then reverting back to the right size after a few minutes. This is due to an rsync cron job. So the file was being modified locally and reverted. Google's crawler caught one of these small windows where the wrong file was being served, but of course, when we looked at it manually it looked fine. So more confusion. We are still investigating how someone caused that file to be changed, but in the meantime we have migrated www/static to new clean servers... all our repos plus manually checking the md5sums of the PHP distribution files we see no evidence that the PHP code has been compromised. We have a mirror of our git repos on github.com and we will manually check git commits as well and have a full post-mortem on the intrusion when we have a clearer picture of what happened."

A further update on php.net
- http://php.net/archi...#id2013-10-24-2
24-Oct-2013 - "We are continuing to work through the repercussions of the php.net malware issue described in a news post earlier today. As part of this, the php.net systems team have audited every server operated by php.net, and have found that two servers were compromised: the server which hosted the www .php .net, static .php .net and git .php .net domains, and was previously suspected based on the JavaScript malware, and the server hosting bugs .php .net. The method by which these servers were compromised is -unknown- at this time.
All affected services have been migrated off those servers. We have verified that our Git repository was not compromised, and it remains in read only mode as services are brought back up in full.
As it's possible that the attackers may have accessed the private key of the php.net SSL certificate, we have -revoked- it immediately. We are in the process of getting a new certificate, and expect to restore access to php .net sites that require SSL (including bugs .php .net and wiki .php .net) in the next few hours.
To summarise, the situation right now is that:
JavaScript malware was served to a small percentage of php.net users from the 22nd to the 24th of October 2013.
Neither the source tarball downloads nor the Git repository were modified or compromised.
Two php .net servers were compromised, and have been removed from service. All services have been migrated to new, secure servers.
SSL access to php .net Web sites is temporarily -unavailable- until a new SSL certificate is issued and installed on the servers that need it.
Over the next few days, we will be taking further action:
php .net users will have their passwords reset. Note that users of PHP are unaffected by this: this is solely for people committing code to projects hosted on svn .php .net or git .php .net.
We will provide a full post mortem in due course, most likely next week..."
___

- http://community.web...ed-content.aspx
25 Oct 2013 - "... The ultimate goal of this injection was to redirect users to the Magnitude Exploit Kit (MEK), which attempts to exploit Adobe and Java platforms, among others, in order to serve up generic Ransomware..."

- http://blog.malwareb...de-exploit-kit/
Oct 29, 2013 - "... it was determined that the site contained a modified JavaScript page called “userprefs.js” that eventually led users to the landing page for the Magnitude exploit kit..."
 

..

Edited by AplusWebMaster, 02 November 2013 - 05:33 AM.

[AplusWebMaster]

FYI...

Trove of Adobe user data found on Web after breach
- http://www.reuters.c...E9A61D220131107
Nov 7, 2013 - "A computer security firm has uncovered data it says belongs to some 152 million Adobe Systems Inc user accounts, suggesting that a breach reported a month ago is far bigger than Adobe has so far disclosed and is one of the largest on record. LastPass, a password security firm, said on Thursday that it has found email addresses, encrypted passwords and password hints stored in clear text from Adobe user accounts on an underground website frequented by cyber criminals. Adobe said last week that attackers had stolen data on more than 38 million customer accounts, on top of the theft of information on nearly 3 million accounts that it disclosed nearly a month earlier... Because the passwords were not salted, Siegrist said he was able to identify the most frequently used password in the group, which was used 1.9 million times. The database has 108 million email addresses with passwords -shared- in multiple accounts... The number of records stolen appears to be the largest taken in any publicly disclosed cyber attack to date... the attack was a strong reminder that consumers and businesses need to be vigilant about making sure they do -not- reuse passwords..."
___

- http://atlas.arbor.n...ndex#1886717424
7 Nov 2013 21:27:07 +0000
When it comes to protecting sensitive information, Implementation is key. An improper implementation can lead to weaknesses that can result in data compromise.
Source: http://nakedsecurity...raphic-blunder/

- http://atlas.arbor.n...index#124925286
Elevated Severity
7 Nov 2013 21:27:07 +0000
After becoming available, credential leaks from the Adobe breach are being analyzed. Predictably, many users password choices are poor. Analysis and password-cracking efforts are well underway.
Source: http://www.welivesec...on-used-123456/
 

Edited by AplusWebMaster, 09 November 2013 - 09:35 AM.

[AplusWebMaster]

FYI...

GitHub - Weak passwords brute forced
- https://github.com/b...ds-brute-forced
Nov 19, 2013 - "Some GitHub user accounts with weak passwords were recently compromised due to a brute force password-guessing attack... We sent an email to users with compromised accounts letting them know what to do. Their passwords have been reset and personal access tokens, OAuth authorizations, and SSH keys have all been revoked. Affected users will need to create a new, strong password and review their account for any suspicious activity. This investigation is ongoing and we will notify you if at any point we discover unauthorized activity relating to source code or sensitive account information. Out of an abundance of caution, some user accounts may have been reset even if a strong password was being used. Activity on these accounts showed logins from IP addresses involved in this incident..."

- http://www.theregist...probing_reveal/
Nov 21, 2013 - "... GitHub's recent bout of probing may stem from crackers using the 38 million user details that were sucked out of Adobe recently to check for duplicate logins on other sites. Never use the same password and username combination on other sites..."
___

- https://isc.sans.edu...l?storyid=17087
Last Updated: 2013-11-22 15:45:51 UTC - "... Yesterday I got an email from Evernote telling me that I had used the same password at Evernote that I had used at Adobe. The Evernote account  probably got my throwaway password before I realized the value of the Evernote service.  I now use Evernote nearly every day from my mobile devices; where I don't get prompted for the credentials; but never log into it over the web, so I didn't remember what the password was set to.
> https://isc.sans.edu...s/images/ev.jpg
... I quickly changed my Evernote password and enabled Evernote's two-step authentication... this was not your typical  brute force employing obvious userids and incredibly inane passwords, but a targeted attack against password reuse... Guess I will be looking at all my passwords again, including the ones used by my mobile devices!"
 

Edited by AplusWebMaster, 22 November 2013 - 10:06 AM.

[AplusWebMaster]

FYI...

2 million Facebook, Gmail and Twitter passwords stolen in massive hack
- http://money.cnn.com...olen/index.html
Dec 4, 2013 - "Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week. The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers. On Nov. 24, Trustwave researchers tracked that server, located in the Netherlands... Trustwave* notified these companies of the breach. They posted their findings publicly on Tuesday..."
* http://blog.spiderla...-moar-pony.html
3 Dec 2013 - "... Looking at the domains from which passwords were stolen:
> http://a7.typepad.co...01aaed57970c-pi
As one might expect, most of the compromised web log-ins belong to popular websites and services such as Facebook, Google, Yahoo, Twitter, LinkedIn, etc...
Geo-Location Statistics:
> http://a3.typepad.co...01f0eb9b970c-pi
... We looked at the length and complexity of the passwords to get a better idea about the rest of the passwords, and here's what we found:
> http://a0.typepad.co...01aaee40970c-pi
... Since both the length and type of characters in a password make up its ultimate complexity, we grouped those two characteristics to get an overall impression of how strong the passwords are:
> http://a1.typepad.co...01aaedd1970c-pi
... Unfortunately, there were more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the Medium category..."
(More detail at the spiderlabs URL above.)
___

JPMorgan warns 465,000 card users on data loss after cyber attack
- http://www.reuters.c...E9B405R20131205
Dec 5, 2013 - " JPMorgan Chase & Co is warning some 465,000 holders of prepaid cash cards issued by the bank that their personal information may have been accessed by hackers who attacked its network in July. The cards were issued for corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits. JPMorgan said on Wednesday it detected that its web servers used by its site www .ucard .chase .com had been breached in the middle of September. It then fixed the issue and reported it to law enforcement. Bank spokesman Michael Fusco said that in the months since the breach was discovered the bank has been investigating to find out exactly which accounts were involved and what pieces of information could have been taken. He declined to discuss how the attackers breached the bank's network. Fusco said the bank is notifying the cardholders, who account for about 2 percent of its roughly 25 million UCard users, about the breach because it cannot rule out the possibility that their personal information was among the data removed from its servers..."
 

Edited by AplusWebMaster, 05 December 2013 - 05:35 AM.

[AplusWebMaster]

FYI...

FDA cyber breach ...
- http://www.reuters.c...N0JW21C20131218
Dec 17, 2013 - "The U.S. Food and Drug Administration is under pressure from the pharmaceutical industry and lawmakers to undergo an independent security audit, after hackers broke into a computer system used by healthcare companies to submit information to the agency. Drug companies fear the cyber thieves may have accessed corporate secrets that are on file with the agency, such as data about drug manufacturing, clinical trials, marketing plans and other proprietary information. While some lawmakers charge that the hackers breached the FDA's gateway, compromising confidential business data, the agency argues that the access was limited. The breach came to light last month when the FDA sent letters to users of an online system at the Center for Biologics Evaluation and Research. The letters said the breach was detected by the FDA on Oct. 15 and that it resulted in the theft of usernames, phone numbers, email addresses and passwords... The FDA's breach notification letter, which was published in pharmaceutical trade publications, referred to the compromised system as an "online submission system" at the Center for Biologics Evaluation and Research. That alarmed drugmakers, which provide the FDA with highly sensitive data - which would be priceless to a competitor - when they submit applications seeking approval for new drugs, biologics and medical devices. In their letter to the FDA, the Energy and Commerce Committee members charged that the attackers had breached the "FDA's gateway system," compromising confidential business information along with sensitive data about patients enrolled in clinical trials..."
___

Target Investigating Data Breach ...
- http://krebsonsecuri...ng-data-breach/
Dec 18, 2013 - "Nationwide retail giant Target is investigating a data breach potentially involving millions of customer credit and debit card records, multiple reliable sources tell KrebsOnSecurity. The sources said the breach appears to have begun on or around Black Friday 2013 — by far the busiest shopping day the year. According to sources at two different top 10 credit card issuers, the breach extends to nearly all Target locations nationwide, and involves the theft of data stored on the magnetic stripe of cards used at the stores. Minneapolis, Minn. based Target Brands Inc. has not responded to multiple requests for comment. Representatives from MasterCard and Visa also could not be immediately reached for comment. Both sources said the breach was initially thought to have extended from just after Thanksgiving 2013 to Dec. 6. But over the past few days, investigators have unearthed evidence that the breach extended at least an additional week — possibly as far as Dec. 15. According to sources, the breach affected an unknown number of Target customers who shopped at the company’s main street stores during that timeframe... It’s not clear how many cards thieves may have stolen in the breach. But the sources I spoke with from two major card issuers said they have so far been notified by one of the credit card associations regarding more than one million of cards total from both issuers that were thought to have been compromised in the breach..."

Target confirms major card data theft ...
- http://www.reuters.c...E9BH1GX20131219
Dec 19, 2013 - "Target Corp said data from about 40 million credit and debit card accounts might have been stolen during the Thanksgiving weekend, in one of the largest credit card breaches at a U.S. retailer... federal authorities were investigating a data breach, which started on the busy Black Friday weekend. Target said the accounts, which might have been compromised between November 27 and December 15, affected customers making credit and debit card purchases at its U.S. stores."

- https://corporate.ta...s-to-payment-ca
Dec 19, 2013
 

Edited by AplusWebMaster, 19 December 2013 - 11:28 AM.