On Wednesday, the Internet service company Yahoo! reported another major cyber attack of user account data, saying data from more than 1 billion user accounts was compromised in August 2013. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo! user accounts. A separate data breach, occurring around August 2013, was reported in December 2016, and affected over 1 billion user accounts.
Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and encrypted passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.
“High” severity-rated vulnerabilities in the Nagios Core platform were spotted by Legal Hacker Dawid Golunski that could allow root privilege escalation and remote code execution. Nagios, an open source software application which monitors systems, networks, and IT infrastructures.
One of the vulnerabilities, a Command Injection, could potentially enable remote unauthenticated attackers who managed to impersonate the feed server (via DNS poisoning, domain hijacking, ARP spoofing etc.), to provide a malicious response that injects parameters to curl command used by the affected RSS client class and effectively read/write arbitrary files on the vulnerable Nagios server. The other critical vulnerability could enable malicious local attackers to escalate their privileges from 'nagios' system user, or from a user belonging to 'nagios' group, to root. The exploit could enable the attackers to fully compromise the system on which a vulnerable Nagios version was installed.
Nagios has recently updated the two critical vulnerabilities. To mitigate the issue, users are advised to upgrade to Nagios Core 4.2.4 as previous versions are vulnerable.
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.