On 3 October, Adobe was hit by a massive security breach in which source code of various adobe products were accessed and more than 3 Million customers were also affected-their IDs, passwords, and credit card information accessed by hackers.
Now, it comes out that source code of adobe products, including the Web application development platform ColdFusion, sat parked on a hacker’s unprotected Web server open to the Internet, reported by Jeremy Kirk, IDG News Service.
During the Adobe’s investigation of breach, A company named “Hold Security” which provides Security Advice and Services—discovered source code of various adobe products parked on the hacker’s server through their Deep Web Service.
Kirk also reported that hackers, who previously known for hacking into Data Broker’s systems—own the server.
Adobe confirmed about the illegal access of the source code on 2 October.
Hold Security reported—it found 40 GB encrypted archives on the hackers’ server, containing source code of such products as Adobe Acrobat Reader, Adobe Acrobat Publisher, and the Adobe ColdFusion line of products.
During an analysis of the files stored on the server, Alex Holden, chief information security officer of Hold Security found a directory with the abbreviation “ad.” It was filled with “interesting” file names, Holden said, including encrypted .”rar” and “.zip” files.
Adobe source code could help to find vulnerabilities in their products but since the source was uploaded on the server, none of the Zero Day vulnerability we seen, Holden said. So far, the source code has not been publicly released.
The code “was hidden, but it was not cleverly hidden,” holden said to Kirk.
Now, it comes out that source code of adobe products, including the Web application development platform ColdFusion, sat parked on a hacker’s unprotected Web server open to the Internet, reported by Jeremy Kirk, IDG News Service.
During the Adobe’s investigation of breach, A company named “Hold Security” which provides Security Advice and Services—discovered source code of various adobe products parked on the hacker’s server through their Deep Web Service.
Kirk also reported that hackers, who previously known for hacking into Data Broker’s systems—own the server.
Adobe confirmed about the illegal access of the source code on 2 October.
Hold Security reported—it found 40 GB encrypted archives on the hackers’ server, containing source code of such products as Adobe Acrobat Reader, Adobe Acrobat Publisher, and the Adobe ColdFusion line of products.
During an analysis of the files stored on the server, Alex Holden, chief information security officer of Hold Security found a directory with the abbreviation “ad.” It was filled with “interesting” file names, Holden said, including encrypted .”rar” and “.zip” files.
Adobe source code could help to find vulnerabilities in their products but since the source was uploaded on the server, none of the Zero Day vulnerability we seen, Holden said. So far, the source code has not been publicly released.
The code “was hidden, but it was not cleverly hidden,” holden said to Kirk.
Hackers’ server also continues to hold data of other companies that have been notified that the gang may have victimized them. We may be looking at more announcements coming from the companies whose data was found on the server, Kirk reports, if the companies choose, or are compelled by legal requirement, to do so.
No comments:
Post a Comment