The Wall Street Journal confirmed in a Tuesday report that an outside party – believed to be W0rm, a Russian hacker selling a stolen database for a Bitcoin – exploited a vulnerability and hacked into its news graphics systems.
Andrew Komarov, CEO of IntelCrawler who tipped off The Wall Street Journal to the incident, told SCMagazine.com on Wednesday that photos W0rm posted revealed that the news site was vulnerable to SQL injection.
The attacker could have access to all available databases on the server – close to 23 – and could additionally extract information about system users from MySQL, Komarov said. He was quoted in the report as stating the attacker could modify content and users on the server.
The compromised systems have been taken offline and an investigation is ongoing, according to the report. No customers are believed to be impacted.
A Russian hacker collective says it broke into CNET servers over the weekend and stole a database of usernames and passwords.
A Russian hacker group that has attacked some of the biggest news and business sites in the world claims it penetrated CNET’s website over the weekend and stole a database of registered reader data.
A representative from the group calling itself W0rm told CNET News in a Twitter conversation that it stole a database of usernames, emails, and encrypted passwords from CNET’s servers.
W0rm is claiming that the database of stolen information includes data on more than 1 million users.
A CBS Interactive spokeswoman said that “a few servers were accessed” by the intruder. “We identified the issue and resolved it a few days ago. We will continue to monitor,” for potential impact, she said.
W0rm said it found its way into CNET’s servers through a security hole in CNET.com’s implementation of the Symfony PHP framework, a popular programming tool that provides a skeleton on which developers can construct a complex website.
Properties owned by CBS Interactive, which includes CNET, were the ninth-most visited sites in the US during May. According to ComScore, CNET had 27.1 million U.S. unique visitors on desktop and mobile in June 2014.
The W0rm representative, a non-native English speaker, said the group had no plans to decrypt the passwords or to complete the sale of the database. W0rm tweeted Monday that it will sell the database for 1 bitcoin — around $622. But the group’s spokesperson said they offered to sell the database to gain attention — “nothing more.”
Hacker collective W0rm’s screenshot, posted to their Twitter account, of the CNET hack. W0rm
W0rm claims that its goals are altruistic, and that it hacked CNET servers to improve the overall security of the Web. By targeting high-profile sites, the group says it can raise awareness about security flaws. W0rm claims to have successfully hacked the BBC in late 2013, as well as earlier hacks of Adobe Systems and Bank of America websites.
CNET’s popularity is what motivated the group to target the site. “[W]e are driven to make the Internet a better and safer [place] rather than a desire to protect copyright,” W0rm said in a Twitter exchange on Monday. “I want to note that the experts responsible for bezopastnost [security] in cnet very good work but not without flaws.”
Robert Hansen, a Web security expert at White Hat Security, said CNET readers might not be at risk.
“It definitely can feel like a slap in the face to an organization to be hacked, but in reality, most of the time in circumstances like this it’s actually a good thing,” Hansen said. “W0rm was careful not to give the full path to the actual exploit, and informed the general public that the compromise occurred.”
Update at 11:30 a.m. PT, July 15, to clarify that the number of people listed in the database comes from the hacker group.
A two year old vulnerability in OpenSSL–the default cryptographic library used in many software applications (including web servers, operating systems, email, and instant-messaging clients)–has been discovered. This vulnerability could make it possible for external parties to mine server memory for data including private encryption keys, passwords, and other credentials.
If you are hosting a web server using a vulnerable version of OpenSSL (including most variants of Linux), it is recommended that you:
* Patch the OpenSSL vulnerability
* Revoke and re-issue TLS certificates
* Change any credentials that could have been compromised
* Enable Perfect Forward Secrecy (PFS) if possible
As always, it is highly recommended that all software be kept up-to-date to the latest patch version, if possible.
Redspin will continue to analyze this attack vector and, if possible, will identify specific methods to block. You can test the stance of your externally-facing web servers at: http://filippo.io/Heartbleed/ (NOTE: The site is quite busy and may be susceptible to False Negatives due to server load.)
Further details on the vulnerability may be found at: heartbleed.com
Brazilian hackers are said to be preparing for a string of cyberattacks to FIFA and sponsor websites during the World Cup.
Self-proclaimed members of international hacker group Anonymous told Reuters that the network is “already making plans” for denial-of-service (DDoS) attacks, as well as website defacement and data theft – and that there is not much that can be done to stop them.
The hacker group was also active during last year’s wave of protests – which were about themes including the amount of public money spent on the World Cup - and indicated that DDoS attacks will be their preferred method for the upcoming sporting event as they are “fast, damaging and relatively simple to carry out.”
Meanwhile, Brazil says it is as prepared as it can be:
“It would be reckless for any nation to say it’s 100 percent prepared for a threat,” General José Carlos dos Santos, the head of the cyber command for Brazil’s army, told Reuters. “But Brazil is prepared to respond to the most likely cyber threats.”
The lack of effective policies to protect telecommunications and data traffic across internet networks is a common issue in Brazil and 31 other Latin American countries.
Particularly in Brazil, the government’s leniency created a situation where the country has become one of the top five largest consumers of telecoms equipment and services – and yet citizens, companies and public institutions remain exposed to all manner of cyberattacks.
This continued to be the case until revelations of spying activities on Brazil by the United States’ National Security Agency (NSA) increased that perception of vulnerability and the realization that the country could, after all, be caught off-guard given its poor defences.
The espionage scandal then prompted the announcement of a series of new projects around cybersecurity, but the cohesion of these projects is questionable.
It is safe to say that the cybersecurity topic has never received so much attention before in the whole history of Brazilian technology. However, considering the opportunities that the World Cup will provide to groups such as Anonymous and LulzSec, one can’t help but wonder if it’s all a bit too little, too late.
Even if your iPhone or iPad hasn’t been jailbroken, malicious apps have the ability to record and transmit every key stroke or touch you make on Apple devices running the iOS 7 mobile operating system, thanks to a second security vulnerability that has just been discovered.
A proof-of-concept app created by security firm FireEye has proved that hackers are able to covertly monitor users’ handsets and there is currently no fix for the problem, as the vulnerability affects not only iOS 7 versions 7.0.4, 7.0.5 and 6.1.x, but also the latest version of iOS 7 – namely version 7.0.6 – which was only just released over the weekend.
Apple released the new update to fix a critical flaw affecting the Secure Sockets Layer (SSL) code that was found on 8 January, which is used to create secure connections between iOS devices and websites by authenticating SSL certificates.
One flaw fixed, another pops up
Cybercriminals use fake SSL certificates to pretend to be a popular website so that they can capture users’ login details, and this is a problem for both iOS devices running iOS 7 and Apple Mac computers running OS X Mavericks 10.9.1.
While one flaw may have been fixed, this new security flaw makes it even easier for hackers to spy on users, as the flaw is able to bypass Apple’s strict app review process.
A user could be tricked into downloading a malicious app by a phishing website, but cybercriminals could also choose to exploit a vulnerability in an innocent-looking app so that the app quietly monitors every single touch the user makes on the smartphone screen, as well as presses on the home button, volume button or TouchID.
All this data can then be quietly sent from the app to a remote server, where cybercriminals would be able to reconstruct passwords from the characters the user typed.
What you can do now
“Before Apple fixes this issue, the only way for iOS users to avoid this security risk is to use the iOS task manager to stop the apps from running in the background to prevent potential background monitoring,” FireEye researchers Min Zheng, Hui Xue and Tao Wei wrote in a blog post.
“iOS7 users can press the Home button twice to enter the task manager and see preview screens of apps opened, and then swipe an app up and out of preview to disable unnecessary or suspicious applications running on the background.”
Last month, IBTimes UK showcased a piece of malware that a Trustwave researcher produced to infect Android devices and jailbroken iOS devices, but FireEye says that their app and research had been conducted independently prior to the Trustwave research.