Attacks/Breaches
1/20/2010
06:23 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Network Solutions Customers Hit By Web Defacement

Cyber attacks on Web sites are on the rise, the company says.

A small number of Network Solutions Web hosting customers over the weekend found that their Web sites had been defaced, the company acknowledged on Tuesday.

In a blog post, Shashi Bellamkonda, director of social media for Networks Solution, explained that the attack was limited in scope and that it involved the inclusion of remote files atop legitimate Web sites.

"This was an issue on multiple servers and unknown intruders were able to get through by using a file inclusion technique," he said. "There was no danger to any personally identifiable or secure information."

The attack was limited to the company's Unix servers, the company said.

A company spokesperson provided essentially the same information that Bellamkonda included in his blog post and did not immediately respond to a request to clarify the number of customers affected.

According to Bellamkonda, Network Solutions has enhanced its security measures and has reached out to law enforcement regarding the attack.

Bellamkonda says that authorities have reported an increase in the number of attacks of this sort in recent days.

As examples, the company's spokesperson pointed to recent attacks on Twitter and on China's Baidu search engine by a group calling itself the Iranian Cyber Army.

And over the weekend, the Jewish Chronicle's Web site was temporarily unavailable following anti-Semitic defacement.

In a move that may encourage Network Solutions to give extra thought to its network security, Baidu on Wednesday filed a lawsuit against domain name service provider Register.com for failing to adequately defend against the Iranian hackers that disrupted its site.

Baidu said it is seeking damages in the millions for the four hours during which its site was inaccessible due to the attack.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2382
Published: 2014-11-20
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.

CVE-2014-3625
Published: 2014-11-20
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CVE-2014-7194
Published: 2014-11-20
TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access.

CVE-2014-7195
Published: 2014-11-20
Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via u...

CVE-2014-8000
Published: 2014-11-20
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?