Iranian hackers stole terabytes of data from software giant Citrix

Igor Golovniov/SOPA Images/LightRocket via Getty Images

Citrix is best-known for software that runs behind the scenes, but a massive data breach is putting the company front and center. The FBI has warned Citrix that it believes reports of foreign hackers compromising the company’s internal network, swiping business documents in an apparent “password spraying” attack where the intruders guessed weak passwords and then used that early foothold to launch more extensive attacks. While Citrix didn’t shed more light on the incident, researchers at Resecurity provided more detail of what likely happened in a conversation with NBC News.

Resecurity understood that hackers from Iridium, an Iran-linked group, stole data in December 2018 and again on March 4th. They made off with at least 6TB of documents and as much as 10TB, and they seemed to be focused on project data for the aerospace industry, the FBI, NASA and Saudi Arabia’s state-owned oil company. The intruders may have been lurking for a long time, too. Resecurity’s Charles Yoo said that Iridium broke into Citrix’s network roughly 10 years ago and had been hiding since then.

The researchers said they’d told Citrix about the first attack on December 28th. It’s not clear if Citrix addressed the issue then, although it took a number of steps after the FBI got in touch on March 6th. The company said it launched a “forensic investigation” with the help of an unnamed security firm and took “actions” to lock down its network.

Citrix stressed there was “no indication” that the intruders compromised its products or services. However, that’s not the major concern here. As a government contractor that focuses on networking and the cloud, Citrix could hold sensitive data on other companies. It may be aware of their network layouts and security measures, for instance. Like the OPM hack, the consequences could reach well beyond the initial target.

Let’s block ads! (Why?)

Link to original source

Judge rejects Yahoo's proposed settlement over data breaches

Andrew Harrer/Bloomberg via Getty Images

Yahoo’s proposed settlement over massive data breaches hasn’t passed muster in the courtroom. Judge Lucy Koh has rejected the settlement from the company (now owned by Engadget parent Verizon) for not specifying how much victims could expect to recover. While the proposal included $50 million in damages and would pay $25 for every hour spent dealing with the breaches, Koh was concerned that it didn’t reveal the scope of the settlement fund or the costs of the two years of promised credit monitoring. The judge was also worried the proposed class for the settlement was too large, as it didn’t reflect the considerably smaller number of active users during the affected period.

Koh added that Yahoo’s settlement details continued a “pattern of lack of transparency” that manifested in the breaches themselves, where the company revealed breaches years after they took place and wasn’t clear how it would support victims. She was also concerned that the $35 million cap on the plaintiffs’ lawyer fees was “unreasonably high” given that their case was “not particularly novel.”

In a statement, Verizon said it was “confident” there was a “viable path forward” despite the judge denying preliminary approval.

The denial isn’t a complete surprise. The settlement was meant to cover 200 million people across the US and Israel with close to 1 billion accounts. That’s a lot of potential recipients, and there’s a concern that victims could get less than they’re due despite the threats to their privacy and security.

Verizon owns Engadget’s parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.

Let’s block ads! (Why?)

Link to original source

Collection 1 data breach covers more than 772 million email addresses

fizkes via Getty Images

If you’re signed up for one of the many services that alerts you to data breaches when they’re discovered (if you’re not, you probably should be) then you likely have an email waiting for you. Troy Hunt runs Have I Been Pwned where he makes it his business to dig up these files as they’re being passed around by hackers, and has alerted the world to “Collection #1,” which claims to combine usernames and passwords from thousands of databases.

That includes some where the password data may have been stored encrypted, so if someone has managed to crack open a site where you had an account registered, it’s likely they have your info and know what password you were using. If you’ve logged into a customer support portal or some random forum with your email address and used the same password you use for your main email account, Netflix, Facebook or other accounts, then it could be trivially easy for someone to have that and use it to log in as you.

Unfortunately, for reasons Hunt explains in his blog post, it’s impossible to see what account or password may have been included via his site, which is why you should probably be using a password manager (if you have a truly unique password, you can see if it’s ever been exposed in one of the breaches on this page). That would make it easy to maintain unique passwords wherever you have accounts, and easily change them if there’s a breach.

So to recap — sign up for Have I Been Pwned, it’s free and can alert you to breaches quickly. Use unique passwords, which could be easier to do if you use a password manager like 1Password or LastPass, or even if you just write them down and store them securely, in addition to multifactor authentication where available. You can’t stop your information from popping up in breaches like this, but taking those steps can lower the risk of impact before your personal Facebook page starts offering deep discounts on Ray-Bans or someone in Latvia is adding to your Spotify playlists.

Let’s block ads! (Why?)

Link to original source

Marriott breach included 5 million unencrypted passport numbers

Scott Olson via Getty Images

Marriott has good news and bad news for travelers who have passed through its hotels. The good news is the data breach disclosed back in November, which was originally believed to have exposed the data of more than 500 million people, affected fewer travelers than originally reported (though it didn’t specify how many). The bad news is the data lifted from the company included millions of peoples’ passport numbers.

In a statement released Friday, the hotel chain said the “upper limit” for the number of potentially compromised guests is around 383 million, though it’s likely that some of those records are duplicates. Regardless, the breach affected a lot of people who have stayed at Marriot hotels and exposed personal and financial information. As for passports, Marriot said approximately 5.25 million unencrypted passport numbers and 20.3 million encrypted passport numbers were accessed in the breach.

The FBI is currently looking into the Marriott hack. Last month, the New York Times reported that preliminary results of an investigation into the breach suggested it may have been part of a Chinese intelligence operation. While China denied any role in the attack against Marriott, the NSA recently warned about increased hacking activity from the country.

Let’s block ads! (Why?)

Link to original source

NASA discloses October security breach

NASA NASA / Reuters

In an internal memo obtained by Spaceref, NASA’s chief human capital officer Bob Gibbs has revealed that the agency suffered a security breach a few months ago. Investigators discovered the breach on October 23rd, and they found that an intruder gained access to a server containing the personal information (including their Social Security numbers) of current and former employees. It’s not entirely clear if the data itself was compromised, and the agency still doesn’t know the full scope of breach, but Gibbs wrote that “NASA does not believe that any Agency missions were jeopardized by the cyber incidents.”

NASA suffered multiple major data breaches within the past few years, showing that the agency’s cybersecurity measures could use work. While it relies on private space companies for launches and other services these days, it’s likely still in possession of data detailing proprietary technologies and other sensitive information. NASA is far from the only government agency with cybersecurity issues, though: just recently, auditors found that Pentagon’s weapons systems and the US ballistic missile system are cybersecurity nightmares.

“NASA and its Federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved,” Gibbs wrote. He also said that NASA will contact everyone whose details might have been compromised with more details.

Let’s block ads! (Why?)

Link to original source