X hits on this document





11 / 13

“It wasn’t just that they got into a server farm, as the victims were quite diverse, with presumably the only common point being whatever vulnerability they all shared.” Symantec Corp. cited reports by other researchers that fingered a SQL vulnerability as the common thread. “The sites [were] hacked by hacking robot by means of a SQL injection attack, which executes an iterative SQL loop [that] finds every normal table in the database by looking in the sysobjects table and then appends every text column with the harmful script,” said one of the researchers. “It’s possible that only Microsoft SQL Server databases were hacked with this particular version of the robot since the script relies on the sysobjects table that this database contains.” According to the same researcher, the attack appends a JavaScript tag to every piece of text in the SQL database; the tag instructs any browser that reaches the site to execute the script hosted on the malicious server. Hacked sites included both .edu and .gov domains, added SANS Institute’s Internet Storm Center (ISC) in a warning posted last Friday, while others flagged several pages of security vendor CA Inc.’s Web site as infected. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleI d=9055858&source=rss_topic17

Internet Alert Dashboard

To report cyber infrastructure incidents or to request information, please contact USCERT at soc@uscert.gov or visit their Website: www.uscert.gov.

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and Analysis Center) Website: https://www.itisac.org/.

[Return to top]

Communications Sector

26. January 5, Government Health IT – (National) DHS offers advice for ensuring telecom during pandemic. The so-called “last mile” of the nation’s telecommunications system would be vulnerable in the event of a pandemic influenza, according to a working group tasked with studying the potential communications consequences of an outbreak. The Department of Homeland Security’s assistant secretary of cybersecurity and communications weighed in on the security of a pandemic health crisis, noting that as much as 40 percent of the workforce would be unable to go to work during peak periods of an outbreak. “And you don’t get to pick which 40 percent that could be,” he said during a speech at the New York Metro Infragard Alliance Security Summit in December. “Naturally, telecommuting will be a key mechanism to keeping our businesses and government operational during a pandemic flu.” The working group, which meets monthly, found that connections to homes, hospitals, health plans, and physicians would likely be disrupted. But that scenario could be mitigated if ISPs, telecommunications carriers and service vendors put in place safeguards, policies and best practices ahead of time, he said. Among the group’s recommendations to hospitals, businesses, and government agencies: obtain a telecommunications service priority (TSP) for enterprises; subscribe to government

  • -

    11 -

Document info
Document views41
Page views41
Page last viewedThu Jan 19 15:16:23 UTC 2017