When Pacific Northwest National Laboratory detected a cyber attack–actually two of them–against its tech infrastructure in July, the lab acted quickly to root out the exploits and secure its network. PNNL then did something few other cyber attack victims have been willing to do. It decided to talk openly about what happened.
Their seven lessons learned are well worth examining – particularly the lesson about locating and purging legacy systems, rather than simply leaving them running and available for exploit.
via 7 Lessons: Surviving A Zero-Day Attack – Security – Attacks/breaches – Informationweek.
It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.
via Huge Bitcoin sell off due to a compromised account – rollback : Mt.Gox.
But, the hacker made off with a bunch of unsalted, MD5-hashed passwords and user accounts… which leads to all other account using those same credentials.
It would be interesting to know where that auditor was stationed – whether inside the Mt.Gox company or external – and if they can tell whether the hacker who compromised the auditor’s computer was internal or external.
It’s been a bad weekend for Mt.Gox, which until now has been the most popular method for converting between Bitcoins and more conventional currencies. Earlier in the weekend, it was reported that the site was vulnerable to a cross-site request forgery in which a logged-in user could be tricked into submitting fraudulent transaction requests.
via Bitcoin prices plummet on hacked exchange.
Even the mighty security firm Barracuda was hacked through the simplest, well-known, and commonly-used exploits.
Barracuda’s firewall was accidentally put into passive monitoring mode, which means it lets all the traffic through without doing any analysis or blocking and was essentially doing nothing since late evening April 8. This gave the attacker sufficient time to poke around via an automated script to crawl the site.
It took approximately two hours of “nonstop” probing before the intruder discovered a SQL injection flaw in a PHP script used to display customer case studies. That error allowed the attacker entry into the database used for marketing programs and sales lead development efforts. The customer case study database was on the same system as the one used for marketing programs.
Do you have a way of monitoring the status of your firewall? Are internal apps as hardened as external applications?
via Security Firm Barracuda Networks Embarrassed by Hacker Database Break-in – Security – News & Reviews – eWeek.com.