GoDaddy Hack Spreads to 6 More Web Hosts

The hack that exposed the details of 1.2 million GoDaddy customers has spread to six more web hosts. As Search Engine Journal reports, the six additional web hosts are all resellers of GoDaddy’s WordPress hosting services and include 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple, and tsoHost.

Customers of at least two of these web hosting companies have been sent emails very similar to the one GoDaddy sent out regarding the security breach. The hack they experienced also targeted Managed WordPress accounts and managed to leak email addresses, customer numbers, WordPress Admin passwords, sFTP database usernames and passwords for active customers, and in some cases SSL private keys.

WordPress security plugin maker Wordfence confirmed the hack has spread to these web hosts and published a quote from Dan Rice, VP of Corporate Communications at GoDaddy, as to the extent of the attack:

“The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”

The intrusion began on Sept. 6, giving the attacker plenty of time to take advantage of the user data and access to accounts. It’s currently unknown how that access to the data has been used. All customers affected by the breach at the web hosts listed above need to be vigilant and extra cautious with the emails they receive.

Hopefully each company has either contacted or is in the process of contacting affected customers with the measures taken to close the security hole. If you believe your account was compromised and haven’t been contacted, be proactive and contact your web host to confirm the status/health of your account.


The cloud is the computer, web application security fundamentals

Elvis and the application have left the building. The first part of that slightly bizarre alert simply tells you that it’s time to go home and leave the theatre; now is not the moment to hang around for encores or curtain calls.

The second part of that warning is meant to remind us that many of our enterprise software assets now exist as some part of the wider web that forms the internet itself. But this core truism has implications.

The rise of web applications and the Application Programming Interfaces (APIs) that bond many of their synaptic connections enables us to attain previously unimaginable levels of flexibility and operational agility. But flexibility usually has a cost or some form of trade-off; there are vulnerabilities out there that we need to think about.

The API superhighway is in fact super-busy; API calls represent 83 percent of web traffic, according to an October 2018 Akamai traffic review… and the figure may be closer to 85 or 90 percent now. Content delivery network specialist Akamai says that the majority of API traffic is for custom-built applications, which are the result of digital services and cloud-based application deployment.


Hackers posted stolen district files to dark web

Hackers who demanded but did not receive ransom payments from Manhasset schools last month posted stolen district files to the dark web, according to the acting superintendent of schools.

“We were notified that yesterday, the criminals posted certain files to the dark web that they stole from our servers. We are currently reviewing these files, and we will provide direct notification, in accordance with applicable laws, to any individual whose personal information was potentially acquired by these criminals,” according to a letter dated Oct. 18 from Dr. Gaurav Passi.

Passi says he alerted law enforcement and “worked with cybersecurity experts” once the ransomware was found last month.

“Due to security updates completed by our network engineers and IT staff that included network segmentation, we were able to restore our computer systems from backups. As such, the district did not make any ransom payment to the criminals,” the letter says.

Those who were affected by the dark web leak would be directly notified, according to Passi, who encouraged everyone to “remain vigilant by regularly reviewing your credit reports and financial account statements for any unauthorized activity.”

“Our District was the victim of a criminal enterprise, and we understand how upsetting this is for our community. Unfortunately, ransomware attacks have been on the rise. We are one of the latest victims in this growing trend which has targeted other school districts, hospitals, and municipalities across the country. The district takes data security very seriously, and we are implementing several additional measures to enhance our security in an effort to prevent an incident like this from reoccurring in the future.”


What is the dark web? Drury cybersecurity expert explains

SPRINGFIELD, Mo. — It’s sometimes called the underbelly of the internet. The dark web.
It is made up of a series of websites hidden from the general public, yet accessible to anyone across the world.

For those who’ve studied its secrets, the dark web can be a place where criminal activity can go on without the eyes of the law watching.

Dr. Shannon McMurtrey, a professor of cyber security at Drury University, says the dark web serves different purposes depending on where you live.

“In a lot of countries where free speech is limited and the censorship is heavy, the dark web is a way for people to get access to information without the worry of censorship,” says McMurtrey. “However, If you live in a country that has an open, free internet and you can just get online and search for whatever you want, there tends to be more criminal activity that takes place on the dark web.”

The dark web was originally created by the U.S. Naval Research Laboratory to ensure operatives could communicate with each other without being tracked.

The U.S. Naval Research Laboratory open-sourced the software for what’s now the dark web in 2004. It’s been managed by a non-profit called the Tor Project in Massachusetts. McMurtrey says it gained popularity in the U.S. due to the dark web allowing criminals to buy, sell and trade without law enforcement watching.

“Passwords, credit card numbers, social security numbers, it’s all available online. Certainly, the drug trade is what made it famous, when the Silk Road was taken down that was probably when it came on the radar for most people.”

The dark web can be accessed through a specific browser called “Onion browser” or “Tor Browser.” McMurtrey says it’s similar to the Google Chrome and Firefox browsers we use every day, only this one is able to access sites you wouldn’t find on the surface of the internet.

McMurtrey says a majority of the dark web is innocent citizens from other countries looking for ways to access an everyday website that are blocked by their government’s…