Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/18/2013
06:21 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Washington Post Servers Infiltrated, Employee Credentials Stolen

Newspaper suffers second major breach in three years, Chinese espionage suspected

The Washington Post late today reported that its servers were hacked and employee usernames and passwords were compromised in the attack, which was detected by a contractor that monitors the news organization's network.

Post officials today were alerted by incident response and detection firm Mandiant. Officials at the media organization believe the intrusion may only have been in the works for a few days, although they do not yet have full details on the breadth of the exposed information. Post employees are being urged to change their usernames and passwords, even though those passwords were encrypted.

The news organization's publishing system, email, and employee personal information appear to be safe despite the breach, the report says.

A server used by the Post's foreign staff was initially infiltrated, which then led to the breach of other company servers, the report says.

Chinese cyberespionage attackers are considered a likely culprit, especially given the 2011 breach of the Post's network that had the earmarks of a cyberspying mission out of China. That attack appeared to be part of a campaign of targeted attacks against major media outlets, human rights groups, and defense contractors. The New York Times and The Wall Street Journal were also hit in those attacks.

The Post in August was the target of the Syrian Electronic Army (SEA) hacktivist group, which employed a phishing attack that resulted in a Post staff writer's personal Twitter account being hijacked by the SEA to post its own messages. And some articles from the Post's website were temporarily redirected to the SEA's website.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jries921
50%
50%
jries921,
User Rank: Ninja
12/19/2013 | 7:29:24 PM
re: Washington Post Servers Infiltrated, Employee Credentials Stolen
If it was the Chinese, I'm guessing that they were looking for sources (dissidents?). A newspaper isn't typically where you find military/diplomatic secrets.
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14230
PUBLISHED: 2019-07-21
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user ...
CVE-2019-14231
PUBLISHED: 2019-07-21
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no sanitization prior to use in a SQL query in getResultByPointsTrivia. This allows an unauthenticated/un...
CVE-2019-14207
PUBLISHED: 2019-07-21
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error).
CVE-2019-14208
PUBLISHED: 2019-07-21
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary.
CVE-2019-14209
PUBLISHED: 2019-07-21
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm.