Friday, 25 January 2013

Capstone Turbine Corporation Hacked

The company's Web site was compromised with the same exploit that was recently used at the Council on Foreign Relations. According to security researcher Eric Romang, the same attack used on the Web site for the Council on Foreign Relations (CFR) was also recently used on the Web site for microturbine manufacturer Capstone Turbine Corporation.

"Capstone figures to be a valuable target, Romang said, given its position in the energy community as a producer of microturbine energy products," writes Threatpost's Michael Mimoso. "He found the same malicious html file on the Capstone site as was found residing on the CFR site."

"One interesting aspect is that was also compromised back in September and was used to serve an exploit for a different IE vulnerability that was unpatched at the time," writes Computerworld's Lucian Constantin. "The same attackers might be behind the new IE exploit, Romang said."

Jindrich Kubec, director of threat intelligence at Avast, later wrote that he'd also noted the compromise at in September of 2012. "I wrote to Capstone Turbine on 19th September about the Flash exploit stuff they were hosting," Kubec tweeted. "They never replied. And also not fixed."

Department of Homeland Security Web Site Hacked

WordPress configuration information and database login details were posted online. Hacker group NullCrew recently claimed to have breached the Department of Homeland Security's Study in the States Web site, which provides information on educational opportunities in the U.S. for international students.

"The hackers have published WordPress configuration details, along with other server information and even database login credentials," writes Softpedia's Eduard Kovacs. "They’ve also revealed the exact location of the vulnerability that has allowed them to gain access to the site."

"Considering the DHS is meant to specialize in security, [you have to] wonder why they are using what is clearly [an] exploitable older version of WordPress," Cyber War News reports.

Sophos' Paul Ducklin says this should serve as a reminder to be sure you're updated with the latest security fixes for all back-end components you use, consider running a Web Application Firewall (WAF), and perform regular penetration tests against your own Web properties. "It's not a matter of if, or even of when, you might get attacked," he writes. "If you're inviting inbound Web requests, you're already under attack!"

U.S. Bank Cyber Attacks Attributed to Iranian Government

According to the New York Times, the ongoing denial of service attacks against U.S. banks that have been attributed to a group called the Izz ad-Din al-Qassam Cyber Fighters are actually the work of the Iranian government.

"Since September, intruders have caused major disruptions to the online banking sites of Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC," UPI reports. "The hackers used distributed denial of service attacks that direct large volumes of traffic to a site until it collapses, thus denying customers access."

"'There is no doubt within the U.S. government that Iran is behind these attacks,' said James A. Lewis, a former official in the State and Commerce Departments and a computer security expert at the Center for Strategic and International Studies in Washington," write The New York Times' Nicole Perlroth and Quentin Hardy. "Mr. Lewis said the amount of traffic flooding American banking sites was 'multiple times' the amount that Russia directed at Estonia in a monthlong online assault in 2007 that nearly crippled the Baltic nation."

"It's understood that the attackers users data centers rather than individual computer-based botnets to attack the banks, and hijacked clouds rather than individual machines," writes ZDNet's Zack Whittaker. "Exactly how the attackers are hijacking data centers 'is still a mystery,' the Times noted, but warned that the hackers were using encrypted DDoS attacks by flooding servers with encryption requests, rather than ordinary data, to slow down networks with fewer requests."

"These attacks on banks show no signs of ceasing," notes CNET News' Dara Kerr. "A December security report by McAfee warned that mass cyberattacks on U.S. banks would continue throughout 2013. The security company also said that 2013 will see a rise in higher-level professional hacking groups that will aim to promote military, religious, political, and 'extreme' campaign attacks."