Adobe says attack exposed customer financial info

Adobe Systems Inc. said a cyberattack on its systems has exposed credit-card information of 2.9 million customers.

The maker of Photoshop and other software said Thursday that the attacker accessed Adobe customer IDs and passwords on its systems. Through that, they were able to remove customer names, encrypted credit and debit card numbers, expiration dates and other information related to orders from customers worldwide. The company does not believe attackers removed credit and debit card numbers that weren’t encrypted.

Adobe is notifying customers and resetting passwords. It has alerted banks processing Adobe payments to help protect customer accounts. It is also working with federal law enforcement on its related investigation.

“Cyber attacks are one of the unfortunate realities of doing business today,” Brad Arkin, Adobe’s chief security officer, wrote in a blog post Thursday. “Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers.”

The San Jose, California, company says it is also investigating illegal access to the source code of numerous Adobe products and believes the attacks are related.

Adobe shares fell 64 cents to close at $50.88 Thursday and were unchanged in after-hours trading.

source: technology.inquirer.net

Wells Fargo site hit by denial-of-service attack

Wells Fargo was the target of another distributed denial-of-service attack.

The bank's Web site was slowed down by the attack yesterday, affecting a certain number of customers, according to Fox Business News.



"Yesterday we saw an unusually high volume of Web site traffic which we believe was a denial of service attack," a Wells Fargo spokeswoman told CNET today. "The vast majority of customers were not impacted and customer information is safe. For customers who had difficulty accessing the site, we encouraged them to call us by phone, use ATMs or try logging on again as the disruption is usually intermittent. We apologize to our customers for any inconvenience during that time."

The attack did not affect actual bank branches, ATMs, or mobile bank applications, according to Wells Fargo

The bank didn't reveal the source of the attack. But a group called Izz ad-Din al-Qassam Cyber Fighters posted a warning on Pastebin yesterday, saying that it was launching denial of service attacks against several major U.S. banks, including BB&T, PNC, Chase, Citibank, U.S. Bancorp, Suntrust, Fifth Third Bancor, and Wells Fargo.

The group claims to be targeting banks in protest over the "Innocence of Muslims," a YouTube video that has aroused anger from those who consider it anti-Islam.

Wells Fargo and other banks were the victims of similar denial of service attacks last September. Izz ad-Din al-Qassam Cyber Fighters also claimed responsibility for those, vowing to continue the attacks until the "Innocence of Muslims" video is removed from the Internet.

source: news.cnet.com

Computer Virus Might Be Blasting AC/DC In Iranian Nuclear Facility

A computer virus might be the cause of AC/DC involuntarily blasting at maximum volume at a nuclear facility in Iran, reports Gawker. According to emails received by Mikko Hypponen, a Finnish computer virus hunter and lead research for computer security firm F-Secure, the facility has endured cyber attacks that have included the song "Thunderstruck" randomly blasting in the middle of the night, beyond scientists' control.

"I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom," reads one of the emails. "According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert.

"There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out," continues the email. "I believe it was playing 'Thunderstruck' by AC/DC."

Hypponen claims he has verified that the emails were indeed sent from Iran's Atomic Energy Organization.

source: rollingstone.com