Data Breach

Citrix compromised by international cybercriminals

March 11, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
March 11, 2019

Late last week, Citrix announced in a statement by Chief Security and Information Officer, Stan Black that they were hit by hackers in attacks that potentially exposed terabytes of customer data and potentially internal Citrix corporate secrets.

“On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cybercriminals gained access to the internal Citrix network.”

“Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cybersecurity firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI.”

“Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly. In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information.”

“While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents. The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised.”

Hackers Deface Electronic Billboard Near Seattle Washington

January 1, 2019 By William Knowles

By William Knowles @c4i

Senior Editor

InfoSec News

January 1, 2019

Updated: January 3, 2019

For 99.9999% of the world’s population, New Year’s Eve is a time to let your hair down and have a few drinks celebrating the passing of another year, but I suspect its just another day on the calendar for John McAfee when he shared this tweet (Very NSFW) to his 885K followers on Twitter.

So it comes to no surprise that billboard hackers @le_keksec shared McAfee’s tweet to hundreds of thousands more near Seattle Washington and was reposted posted to Twitter. (NSFW)

On Tuesday, a McAfee spokesperson confirmed that the billboard operator was hacked and as a result, the display has been shut down. McAfee, a device to cloud cybersecurity company headquartered in Santa Clara, California, also noted that John McAfee has not been affiliated with the company in any capacity for over 25 years.

The DoD Cybersecurity Policy Chart

November 11, 2018 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
November 11, 2018
Updated January 8, 2019

The goal of the DoD Cybersecurity Policy Chart, developed by the Cyber Security and Information Systems Information Analysis Center (CSIAC) is to capture the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme. The use of color, fonts, and hyperlinks are all designed to provide additional assistance to cybersecurity professionals navigating their way through policy issues in order to defend their networks, systems, and data.

At the bottom center of the chart is a legend that identifies the originator of each policy by a color-coding scheme. On the right-hand side of the Cybersecurity Policy Chart, there are boxes, which identify key legal authorities, federal/national level Cybersecurity policies, and operational and subordinate level documents that provide details on defending the DoD Information Network (DoDIN) and its assets. Links to these documents can be found in the Chart.

Click on the image above to download an interactive copy of .pdf of the DoD Cybersecurity Policy Chart, The chart was last updated on January 7, 2019. View the changelog here.

ARRL Probing Web Server Breach by Hackers

July 26, 2018 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
October 10, 2014

Last month a web server at ARRL Headquarters was breached by an unknown party. ARRL IT Manager Mike Keane said that League members have no reason to be concerned about sensitive personal information being leaked, and assures members that there’s nothing of financial value on the compromised server.

Some ARRL servers were taken offline and isolated from the Internet when the hack was discovered. Some web functions were temporarily disabled. The ARRL expects to restore service by close of business, on Wednesday, October 8, 2014

ARRL’s Mike Keane stressed that it is highly unlikely that any sensitive information was compromised. Any information the hacker might have been able to glean from the ARRL server, he said, is already publicly available — data such as names, addresses, and call signs that appear in the FCC database.

The hacker may have been able to obtain site usernames and passwords that were established prior to April 2010, and that has not been changed since then. ARRL members who have not changed their ARRL website passwords since early 2010 should do so at this as soon as possible.

Keane said that in addition to reporting the security breach to federal law enforcement authorities, his department is working to increase the League’s Internet security posture.

Photo by C-Serpents via Compfight

AB Acquisition LLC and Supervalu Inc. Annouce Second Hacking Incident Involving Payment Card Data Processing

July 26, 2018 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
September 30, 2014

AB Acquisition LLC and Supervalu Inc. are the newest groups of retailers that have been hit by security breaches this year. This includes Aaron Brothers, Bartell Hotels, CVS, eBay, Goodwill Industries International Inc., Home Depot, Jimmy Johns, Michaels Stores, Neiman Marcus, Recreational Equipment Inc., Sally Beauty Supply, and Sears.

On September 29, 2014, AB Acquisition LLC, which operates Albertsons stores under Albertson’s LLC and ACME Markets, Jewel-Osco, and Shaw’s and Star Markets under New Albertson’s, Inc., was notified by its third-party IT services provider, Supervalu Inc. of a separate, more recent, attempted criminal intrusion seeking to obtain payment card information used in some of its stores. AB Acquisition has been informed that a different malware was used in this recently discovered incident that was used in the incident previously announced on August 14, 2014. The investigations into both this incident and the earlier incident are ongoing.

Supervalu Inc. (NYSE: SVU) announced on September 29, 2014 that they also experienced a criminal intrusion into the portion of its computer network that processes payment card transactions at Supervalu’s Shop ’n Save, Shoppers Food & Pharmacy, four franchised Cub Foods stores in Hastings, Shakopee, Roseville (Har Mar) and White Bear Lake, MN, where implementation of the enhanced protective technology had not yet been completed.

For these four franchised stores, Supervalu Inc. believes that the malware may have been successful in capturing account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name, from payment cards used at some checkout lanes during the period of August 27 (at the earliest) through September 21 (at the latest), 2014.

Both companies discovered that, in what it believes to have been late August or early September 2014, an intruder installed different malware into the portion of its computer network that processes payment card transactions

Because the point of sale systems are different across AB Acquisition divisions, Albertsons stores in Arizona, Arkansas, Colorado, Florida, Louisiana, New Mexico, Texas and their two Super Saver Foods Stores in Northern Utah were not impacted by this incident. However, Albertsons stores in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah were impacted. In addition, ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; Jewel-Osco stores in Iowa, Illinois, and Indiana; and Shaw’s and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island were affected by this new incident.

AB Acquisition LLC and Supervalu Inc. have made no determination that any cardholder data was in fact stolen by the intruder. Given the continuing nature of the investigation, it is possible that time frames, locations, at-risk data, and/or other facts in addition to those described above will be identified in the future.

Both AB Acquisition LLC and Supervalu Inc. customers who used their payment cards at those locations listed above during the relevant time period will receive 12 months of complimentary consumer identity protection services through AllClear ID.

Matt Baume via Compfight