by Robert Westervelt
A hacking activist group which claimed responsibility for attacks against the websites of PBS and Nintendo has breached Sony Pictures, exposing more than 100,000 account credentials.
Sony Pictures Digital Inc., the subsidiary of Sony that runs its movie and music business, confirmed that a hacking group has breached its website, exposing user account credentials.
In a statement issued June 3, Sony Pictures said it took action to protect against further intrusion of its systems. The company said it was targeted by a hacker group known as “LulzSec,” which claimed responsibility for attacks on PBS and Nintendo.
“A respected team of outside experts is conducting a forensic analysis of the attack,” Sony said in a statement. In addition, we have contacted the U.S. Federal Bureau of Investigation and are working with them to assist in the identification and apprehension of those responsible for this crime.”
The attackers are believed to have used a SQL injection attack to breach the website. The Lulz Security hacking group has been actively boasting about its high profile website attacks. The organization posted more than 100,000 account credentials of users of the Sony Pictures website. The hackers said they took the data from the Sony Pictures and Sony BMG websites. In addition to account credentials, the information made public includes addresses and phone numbers.
The group claimed responsibility for the latest attack against Nintendo’s U.S. servers, posting details of the attack on Twitter. The group said it had obtained an internal configuration file for one of Nintendo’s U.S. servers. It also hacked and defaced the website of InfraGard, an Atlanta-based organization that shares FBI cybercrime data with the private sector. The group posted more than 100 account credentials that it had stolen in that attack.
Sony and its subsidiaries have been investigating as many as a dozen breaches on its systems after a massive breach exposed information on more than 100 million users of its PlayStation and Entertainment Group networks. The company has apologized to victims, bolstered system security and is hiring a CISO to manage its security initiatives.
by Marcia Savage
Adobe announced Thursday that it plans to release updates for its Reader and Acrobat products.
The fixes, which Adobe categorizes as critical, affect Adobe Reader X (10.0.1) for Windows and Adobe Reader X (10.0.3) for Macintosh; Adobe Reader 9.4.3 and earlier versions for Windows and Macintosh; Adobe Acrobat X (10.0.3) for Windows and Macintosh; and Adobe Acrobat 9.4.2 and earlier versions for Windows and Macintosh.
CompliancePoint Acquires InfoSec Integrators, Inc. Will Incorporate ...
PR Web (press release)
CompliancePoint, a PossibleNOW company, announces that it has completed the acquisition of Atlanta-based InfoSec Integrators, Inc. The company's principals, Charles Burke and Bill Schmidt, will help lead CompliancePoint's Information Security practice ...
CRN - UK
Lockheed attack scares away RSA partners
CRN - UK
Steven Malone, technical director at RSA Affiliate partner Infosec Technologies, said he had not received any communication on how the replacement process might work, other than being directed to the open letter. The whole episode had "irrevocably ...
Lunarline Now Offers CNSSI 4012 Certification in their Training Program
Additionally, the coursework continues to meet the standards for the National Training Standard for Information Systems Security (INFOSEC) Professionals and System Certifiers (NSTISSI 4011 and 4015 certifications). Students receive a certificate for ...