Adobe ColdFusion

CorporateCarOnline: 850,000 clients information at risk

October 4th, 2013

Hackers recently gained control of the database of CorporateCarOnline, a software provider for transportation reservations, exposing credit card data and other personal details of more than 850,000 clients.

The data breach exposed the information of thousands of celebrities and well-known figures that used the service to reserve a limousine or car service in recent years. The firm said the breach was likely the result of a targeted Adobe ColdFusion vulnerability. The breach exposed credit card details and notes left for the chauffeur about the victims’ habits. These are five known victims of the limousine service data breach.

Politicians were among the list of victims of the CorporateCarOnline breach. House Judiciary Committee Chairman Rep. John Conyers booked limo service in 2011 at Indianapolis International Airport. Sen. Mark Udall, chairman of the Senate Armed Services Committee’s Subcommittee on Strategic Forces, was among the victims. He was picked up at Boston’s Logan International Airport in 2009. The breach also included former Sens. Tom Daschle and John Breaux for trips they took in 2010.

Green Bay Packers quarterback Aaron Rogers was among the victims of the CorporateCarOnline hack. The superstar flew into Kalamazoo on a private plane in June 2010, according to the exposed data. Rogers was named Green Bay’s starting quarterback in 2008.

The database exposed the details of celebrity business mogul Donald Trump, who booked car service pickup using CorporateCarOnline for a visit to the Wynn Hotel in February 2007. “Must be new car, clean, and front seat must be clear,” a note associated with his file read. Trump was overseeing construction of his 64-story luxury hotel at the time.

Movie star Tom Hanks was provided transportation courtesy of CorporateCarOnline when he visited Chicago in June to see his son Chet Hanks graduate from Northwestern University.

NBA superstar LeBron James was among the high-profile victims of the CorporateCarOnline breach.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Adobe hack: 2.9 million customer data at risk

September 30th, 2013

As recently discovered by Adobe, it had suffered some sophisticated attacks on its network that lead to theft of 2.9 million customer’s personal information including payment card information and source code for multiple Adobe software products such as ColdFusion, ColdFusion Builder, Adobe Acrobat and some more.

Brad Arkin, chief security officer of Adobe said “Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related”.

Arkin further added “Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident”.

“Over 40 Gigabytes in encrypted archives have been discovered on a hackers’ server that appear to contain source code of such products as Adobe Acrobat Reader, Adobe Acrobat Publisher, and the Adobe ColdFusion line of products. It appears that the breach of Adobe’s data occurred in early August of this year but it is possible that the breach was ongoing earlier,” Hold Security, the security firm said in a post.

Adobe’s Arkin says the company is not aware of zero-day exploits or other specific threats to its customers due to the source code theft. “However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products,” he says.

All the Adobe customers who were affected by this data breach incident will be informed and adviced to change their password. Company is also alerting customers whose credit and debit card information was stolen. The news which brings some relief to the company is that the financial information was encrypted.

The company is working on “federal law enforcement” which would help them in investigation process of the hacks.

cybersecurity journalist Brian Kreb wrote on his blog,, on Thursday that the two men discovered the code while investigating breaches at Dun & Bradstreet Corp, Altegrity Inc’s AGRTY.UL Kroll Background America Inc and Reed Elsevier’s LexisNexis Inc.

The hacking team’s server contained huge data of code that appeared to be source code for ColdFusion and Adobe Acrobat. Shortly after that discovery, KrebsOnSecurity shared several screen shots of the code repositories with Adobe.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta