Attacks/Breaches

9/26/2017
12:35 PM
50%
50%

SEC Attackers Had Authentic Data Used in Business Tests: Reuters

Sources say the hackers behind last year's SEC breach accessed financial data used by companies testing its EDGAR filing system.

Attackers who breached the US Securities and Exchange Commission took advantage of businesses using legitimate financial data while testing the SEC's EDGAR system, Reuters reports, citing sources familiar with the matter.

EDGAR is a network that businesses use to file earnings reports and other material information. The purpose of the test process, which takes place before businesses file normal reports, is to verify formatting is correct and reports are free of submission errors, Reuters states.

Corporations are supposed to use "dummy data" during the testing phase, the source explains, but information is supposed to be protected as though it's authentic. However, some companies used legitimate data and it was not properly secured. The source reports not many businesses used real data that is believed to have been compromised.

This SEC hack, which took place in October 2016 and was discovered that month, appears to have been routed through an Eastern European server, according to an internal government memo. The FBI and US Secret Service have launched an investigation, which Reuters' sources discussed anonymously because it has not been made public.

Between October 2016 and April 2017, the SEC documented several cybersecurity incidents, according to one source familiar with the matter. While Reuters was not immediately able to confirm the nature of each event, several involved EDGAR, the source added. In a case unrelated to EDGAR, a server intended for SEC use was not updated to fix security flaws.

SEC Chairman Jay Clayton will confirm the investigation when he testifies before the Senate Banking Committee on Tuesday, the report states.

Read more details here.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA ,  6/11/2018
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12026
PUBLISHED: 2018-06-17
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in tur...
CVE-2018-12027
PUBLISHED: 2018-06-17
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said ...
CVE-2018-12028
PUBLISHED: 2018-06-17
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an e...
CVE-2018-12029
PUBLISHED: 2018-06-17
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2018-12071
PUBLISHED: 2018-06-17
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.