Attacks/Breaches
1/20/2010
06:23 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Network Solutions Customers Hit By Web Defacement

Cyber attacks on Web sites are on the rise, the company says.

A small number of Network Solutions Web hosting customers over the weekend found that their Web sites had been defaced, the company acknowledged on Tuesday.

In a blog post, Shashi Bellamkonda, director of social media for Networks Solution, explained that the attack was limited in scope and that it involved the inclusion of remote files atop legitimate Web sites.

"This was an issue on multiple servers and unknown intruders were able to get through by using a file inclusion technique," he said. "There was no danger to any personally identifiable or secure information."

The attack was limited to the company's Unix servers, the company said.

A company spokesperson provided essentially the same information that Bellamkonda included in his blog post and did not immediately respond to a request to clarify the number of customers affected.

According to Bellamkonda, Network Solutions has enhanced its security measures and has reached out to law enforcement regarding the attack.

Bellamkonda says that authorities have reported an increase in the number of attacks of this sort in recent days.

As examples, the company's spokesperson pointed to recent attacks on Twitter and on China's Baidu search engine by a group calling itself the Iranian Cyber Army.

And over the weekend, the Jewish Chronicle's Web site was temporarily unavailable following anti-Semitic defacement.

In a move that may encourage Network Solutions to give extra thought to its network security, Baidu on Wednesday filed a lawsuit against domain name service provider Register.com for failing to adequately defend against the Iranian hackers that disrupted its site.

Baidu said it is seeking damages in the millions for the four hours during which its site was inaccessible due to the attack.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice one
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1235
Published: 2015-04-19
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.

CVE-2015-1236
Published: 2015-04-19
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a cr...

CVE-2015-1237
Published: 2015-04-19
Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages ...

CVE-2015-1238
Published: 2015-04-19
Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

CVE-2015-1240
Published: 2015-04-19
gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.