BreachExchange mailing list archives
NBC Confirms Hack of NBC.com
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Fri, 22 Feb 2013 10:19:46 -0500
http://www.bankinfosecurity.com/nbc-confirms-hack-nbccom-a-5530 A blog posted on the website of NBC News says the network's main entertainment website, NBC.com, was hacked on Feb. 21. Wilson Rothman, technology and science editor at NBC News Digital, in a blog reported that security researchers warned Web users against visiting NBC.com, saying that hackers added links tomalware on the site. Google's Chrome browser and others detected the threats and deterred users from loading the pages. What's Your Organization's Plan When Malware Sneaks in? Your Organization Has Just Been Attacked by Malware - Now What? How to Defend Against Advanced Persistent Threats NBC released the following statement regarding the website, which promotes the entertainment offerings of the TV network: "We've identified the problem and are working to resolve it. No user information has been compromised." Ronald Prins, co-founder of the Dutch IT security firm Fox IT, says in a web posting that the NBC.com website links to the Redkit Exploit Kit that is spreading Citadel malware that has been targeting American financials institutions [seeCitadel Trojan Moves Beyond Banks]. "It has been shown before (with Dutch news site nu.nl, for example, along with the recent incidents at the New York Times and Wall Street Journal), targeting media and news websites can vastly improve an attacker's chances of success," Prins writes. "Users presume these large organizations websites to be free from malware. If an attacker can gain access to these Web servers, they can use them to distribute malware to every visitor of that Web server." Prins said the hackers exploited an iframe - coding that allows the embedding of another document with an HTML document - that then tries to download and execute a malicious JAR and PDF files. Another report, from the blogger HitmanPro, says the exploit was discovered on several other websites, including one for the NBC program Late Night with Jimmy Fallon. Rothman says the breach has no effect on NBC News Digital, which operates NBCNews.com, TODAY.com and other news-oriented sites. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- NBC Confirms Hack of NBC.com Erica Absetz (Feb 25)