Search Results for "watering hole"

EverNote Latest Site Hacked In Coordinated Attack

The online personal and business productivity service Evernote.com said on Saturday that it is the victim of a hack that exposed encrypted user password information, forcing password resets across a broad swath of the service’s 50 million registered users. The Redwood City, California-based firm revealed in a blog post that its internal security team discovered “suspicious activity on the Evernote network” that “appears to have been a coordinated attempt to access secure areas of the Evernote Service.” The company said it sent password reset messages to its users as a “precaution” but didn’t believe that stored information in users’ accounts or payment information had been exposed. The hack is just the latest of a prominent online firm. In recent weeks, Twitter, Facebook, Apple and Microsoft have all reported compromises of their internal networks. Those intrusions were linked to attacks aimed at developers and relied on exploits of previously unknown “zero day” […]

Bit9: 32 Pieces of Malware Whitelisted In Targeted Hack

The security firm Bit9 released a more detailed analysis of the hack of its corporate network was part of a larger operation that was  aimed a firms in a “very narrow market space” and intended to gather information from the firms.   The analysis, posted on Monday on Bit9’s blog is the most detailed to date of a hack that was first reported on February 8 by the blog Krebsonsecurity.com, but that began in July, 2012.  In the analysis, by Bit9 Chief Technology Officer Harry Sverdlove said  32 separate malware files and malicious scripts were whitelisted in the hack. Bit9 declined to name the three customers affected by the breach, or the industry segment that was targeted, but denied that it was a government agency or a provider of critical infrastructure such as energy, utilities or banking. The broad outlines of the story about the hack of Bit9, which sells […]

Council of Foreign Relations Hackers Also Hit US-based Turbine Maker

The web site of the Council of Foreign Relations (CFR) may not have been the only target of sophisticated attackers who used a previously unknown (“zero day”) vulnerability in Microsoft’s Internet Explorer web browser to compromise the computers of those who visited the site, a new report claims. Eric Romang, a Luxembourg-based security expert at the firm Zataz.com said that he has discovered an almost identical compromise to the CFR hack on the web site of Capstone Turbine Corporation, a California-based manufacturer of small, energy-efficient power turbines. His investigation uncovered malicious files similar to those used on the CFR site that were used to launch a so-called “heap spray” attack against visitors using the Internet Explorer web browser, triggering the zero day vulnerability. Romang was among the first to isolate the script used to launch the drive by download attack used on the CFR web site. Writing on Wednesday, he said […]

Are Security Firms Ducking Attribution for VOHO? (Rhymes with ‘Carolina’)

RSA left few stones unturned in its recent report (PDF) on the so-called “VOHO” attacks against pro democracy, military industrial base and high finance firms. But one question that was notably left unanswered was perhaps the most important: “Who, or what, was behind the attacks?” Now the  lead RSA security researcher trusted with analyzing the malware used in recent “watering hole” attacks tells Security Ledger that the malware left some clues as to the origins of the attacks, which affected tens of thousands of systems in more than 700 organizations, but not enough to conclusively link VOHO to a specific group, country or actor. “It’s hard to tell,” said Chris Elisan, a Principal Malware Scientist at RSA and the lead investigator into the malware used in the VOHO attacks. “The malware is only part of it,” he said. Other parts of what Elisan called the “attack chain” are needed to identify […]

After VOHO Attacks, Organizations Face Arduous Clean Up

News about the so-called VOHO “watering hole” attacks have faded from the headlines, but the hard work for hundreds of organizations who were victims of the attacks has just begun. The first step for many firms is figuring out if they were victims.