by: Stacey Petrov
Following a 500 million user account data breach in September, Yahoo has just announced that they have once again suffered another breach of an estimated one billion accounts. Yahoo disclosed in November, that the company was provided with data files from law enforcement claiming to be Yahoo user data. Outside forensic experts, in conjunction with Yahoo, have determined that it is in fact Yahoo user data, that was obtained by an unauthorized third party in August of 2013. The party responsible for the intrusion has not yet been able to be identified. This incident has been diagnosed to be separate from the incident in September 2016.
Yahoo believes that the information that was stolen consists of full names, email addresses, dates of birth, phone numbers, hashed passwords, and possibly security questions and answers as well. Luckily, Yahoo does not store credit card or any other payment information in the system that was affected.
Currently, Yahoo is identifying and notifying potentially affected users and instructing them to change passwords immediately. Additionally, Yahoo is removing all unencrypted security questions and answers from affected users so that hackers cannot use those answers to break into users accounts.
As 2016 comes to a close, it seems to appear to be the “Year of the Breach” with reports of eight major breaches involving well-known companies. Obtaining large amounts of data is key for these hackers, so companies most vulnerable are those which hold a large amount of personal data on their customers, including Social Security numbers, birthdates, home addresses and even medical records.
Digital Edge’s Security Operation Center (SOC) protects your organization’s intellectual property and sensitive data. Digital security threats are real and it is better to be able to detect and respond to them as quickly as possible. It is difficult for organizations without a comprehensive incident-handling capability to create a proactive SOC team. These capabilities have to include tools and processes that enable centralized security threat visibility, instant alerting, and efficient troubleshooting. Digital Edge’s SOC is ready to deliver those capabilities and provide security coverage for your organization today.
For more information on this new Yahoo hack, and tips to help keep your password safe and secure, please click here.
Digital Edge assisted its clients running Drupal with patching and security assessment after Drupal Security Team a security advisory on October 15, 2014 (SA-CORE-2014-005).
All our clients are secured, however we are concerned that other non-Digital Edge clients may still be affected without knowing even after the patch was applied. Digital Edge’s Security Team brings it to IT industry’s attention that there is speculation in the Black Hat community that automated way of exploiting Drupal vulnerability is possible. The effect of such automation can be much wider then Drupal assessed initially.
The concern is that a malicious code could be injected automatically prior to the patching into servers running vulnerable Drupal. After the patching, malware might stay on the server and can bring additional Trojans, spyware or open back doors into the system.
For more valuable information about security and this particular case please contact Digital Edge security team through:
Security Advisory from Digital Edge
On Wednesday, September 24th, a vulnerability in Linux bash shell was discovered. The vulnerability may allow code execution to open door for other attacks causing OS to become fully compromised. In lots of environments this vulnerability is exploitable over the network.
Digital Edge is assessing our internal environment as well as our clients’ environments and will remediate the vulnerability within the next few days. Affected Digital Edge clients will be contacted and protective actions will be discussed.
Digital Edge is committed to secure all controlled IT infrastructure environments and to advise the IT community about possible vulnerabilities, newly discovered weaknesses, hacks as well as security news and events.
If you feel that you need assistance from Digital Edge Security team please contact us at “email@example.com”