Attacks/Breaches
1/20/2010
06:23 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Network Solutions Customers Hit By Web Defacement

Cyber attacks on Web sites are on the rise, the company says.

A small number of Network Solutions Web hosting customers over the weekend found that their Web sites had been defaced, the company acknowledged on Tuesday.

In a blog post, Shashi Bellamkonda, director of social media for Networks Solution, explained that the attack was limited in scope and that it involved the inclusion of remote files atop legitimate Web sites.

"This was an issue on multiple servers and unknown intruders were able to get through by using a file inclusion technique," he said. "There was no danger to any personally identifiable or secure information."

The attack was limited to the company's Unix servers, the company said.

A company spokesperson provided essentially the same information that Bellamkonda included in his blog post and did not immediately respond to a request to clarify the number of customers affected.

According to Bellamkonda, Network Solutions has enhanced its security measures and has reached out to law enforcement regarding the attack.

Bellamkonda says that authorities have reported an increase in the number of attacks of this sort in recent days.

As examples, the company's spokesperson pointed to recent attacks on Twitter and on China's Baidu search engine by a group calling itself the Iranian Cyber Army.

And over the weekend, the Jewish Chronicle's Web site was temporarily unavailable following anti-Semitic defacement.

In a move that may encourage Network Solutions to give extra thought to its network security, Baidu on Wednesday filed a lawsuit against domain name service provider Register.com for failing to adequately defend against the Iranian hackers that disrupted its site.

Baidu said it is seeking damages in the millions for the four hours during which its site was inaccessible due to the attack.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0914
Published: 2014-07-30
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management f...

CVE-2014-0915
Published: 2014-07-30
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8...

CVE-2014-0947
Published: 2014-07-30
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.

CVE-2014-0948
Published: 2014-07-30
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

CVE-2014-2356
Published: 2014-07-30
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.

Best of the Web
Dark Reading Radio