Ethical Hacking

A hacker has defaced over 15,000 websites hosted on the infrastructure of Pro-Service, a Georgian web hosting provider, including government sites, local newspapers, and TV stations.

Yesterday, the country of Georgia suffered a major cyber-attack.  Over 15,000 websites were defaced with an image of former Georgian President Mikheil Saakashvili, with the text “I’ll be back” overlaid on top.  Two television stations went off-air following the attacks.  I did read in another article that one of the TV station’s equipment was actually destroyed by the attack.  A third TV station was affected, but did not go off-air.  Several newspaper sites were also brought down.  Many linked yesterday’s attack with a similar 2008 Russian attack that defaced government sites and hacked TV and radio stations.  Although currently there is no evidence to suggest it was Russian based, an investigation was started to identify the culprit.

Pro-Service, a local web hosting provider, took blame for the issue.  They admitted that a hacker breached its network and took down customer websites.

Adobe secured a database with 7.5 million records belonging to Adobe Creative Cloud users. The cache was not protected in any way, allowing anyone access to client information if they knew how to find it. Although the details included are not highly sensitive, they could be used to launch better-crafted phishing campaigns against customers whose data was exposed.

https://www.bleepingcomputer.com/news/security/75-million-records-of-adobe-creative-cloud-user-data-exposed/

https://cyware.com/news/fbi-issues-warning-to-smbs-about-e-skimming-attacks-a251120c 

The FBI is warning SMBs and government agencies about the risk of e-skimming attacks for businesses that take credit card payments online.

E-Skimming, also known as Magecart attacks, occurs when malicious code is injected into a website’s POS system disguised as payment card skimmer scripts. Once the POS is compromised, hackers can then steal customers’ payment card information.

Hackers gain access to the POS server through a phishing attack, third party vendor vulnerability. Once they have access they act as a silent man in the middle and steal user credit card information to sell for profit.

The FBI recommends standard mitigation measures to protect your business from E-Skimming.

Patch Patch Patch your systems.

User education to avoid falling victim to phishing attacks

Remove any default login credentials

Segment networks to avoid easy hops for hackers

Here is an article which breaks down Magecart attack and its evolution: https://www.csoonline.com/article/3400381/what-is-magecart-how-this-hacker-group-steals-payment-card-data.html

The latest data breach came from Adobe exposing 7.5 million Creative Cloud accounts to the public via a “vulnerability related to work on one of our prototype environments”. According to Adobe, the misconfigured environment has been shut down and the vulnerability has been addressed.

According to one report, the exposed data included email addresses, the Adobe products they subscribed to, account creation date, subscription, and payment status, local timezone, member ID, time of the last login, and whether they were an Adobe employee.

It is unknown if there has been unauthorized access, and the issue was discovered on 10/19 and Adobe addressed the issue on the same day.

There are no sensitive details like passwords or payment data, but the database is close to 86GB in size. Additional information and screenshots can be found here.

A “brute-force” computer hacking. Leaked student records. A criminal investigation. References to past suicides. Suspensions. And a nationwide teen craze called Assassin. – This is what the article says. It’s a really weird and interesting case if anyone wants to read up on it. This is a local school around the area and the story has no specific background – its all over the place. It will be interesting to see how it all unfolds.

Link: https://www.inquirer.com/news/downingtown-school-district-hacking-students-assassin-game-20191025.html

Attackers are using forgotten or unknown user accounts with little more than a password to gain remote access to the internal system of Avast, antivirus and security giant, and NordVPN, virtual private networking (VPN) software provider. Both companies disclosed details about the month-long, from May to August, intrusion today.

krebsonsecurity.com