The latest media outlet targeted by the Syrian Electronic Army (SEA) is Forbes.com. The hacktivist group was able to breach a database containing email address and password combinations for over a million users’ accounts, including Forbes contributors. Although the passwords were one-way encrypted, the media outlet recommended users change their passwords. To prove that it carried out the attack and breached the database, the SEA defaced three online articles.

Syrian Electronic Army Attacks

It seems that cyber criminals are increasingly targeting users’ login credentials, which provide them access to various systems. Only two weeks ago, IBM learned that Yahoo’s email system was breached using credentials stolen from a third party. In a recent blog, the company explained how third-party database breaches can lead hackers to a user’s data.

With login credentials for a user’s account, it is possible to access information stored within the account. It is not known what type of information Forbes.com stored about its users, though concerns presumably relate to the exposure of personal and financial data. Credentials to contributors’ accounts may actually provide access to systems used by the media outlet to publish news, effectively allowing attackers to post fake news alerts. Last year, the Syrian Electronic Army took credit for hacking the Twitter account of the Associated Press (AP) and posting a fake news alert about a targeted attack on the White House and President Obama. The news alert was quickly denied, but not before the Dow Jones stock exchange fell by 1 percent and wiped $200 billion dollars from the entire market (stocks bounced back later in the day).

An additional concern is that many users tend to reuse passwords across multiple systems. After all, it’s hard to remember so many passwords. If they are extracted from the Forbes.com database, which enables access to the email accounts they are paired with, attackers can access these users’ email accounts. Searching through emails in any one account can expose a wealth of personal data. A breached user account can be used for developing spear-phishing messages and drive-by download attacks. The fact that the email comes from a trusted source — someone the user regularly exchanges emails with — increases the chances that recipients of a phishing email will fall for the scam. Forbes specifically warns users to look out for phishing attacks seemingly coming from Forbes.com.

If individuals are reusing their credentials or maintaining the same password, the exposed information may also provide access to other websites and Web services, including corporate systems. Although access to online consumer applications and services facilitates fraudulent activities, access to corporate systems can enable a full enterprise breach. There is no doubt that users who used their Forbes.com email address and password combination to log in to various other websites are at risk.

More from Software Vulnerabilities

Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”

September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code execution exploitation on that machine.” Pure remote vulnerabilities usually yield a lot of interest, but even over a month after the patch, no additional information outside of Microsoft’s advisory had been publicly published. From my side, it had been a…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022-37958). On December 13, Microsoft reclassified the vulnerability as “Critical” severity after IBM Security X-Force Red Security Researcher Valentina Palmiotti discovered the vulnerability could allow attackers to remotely execute code. The vulnerability is in the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism, which allows a client and server to negotiate the choice of security mechanism to use. This vulnerability is a pre-authentication remote code execution vulnerability impacting a wide…

Containers, Security, and Risks within Containerized Environments

Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its floor plan. In older approaches to application development, a developer would have a targeted system or set of systems for which they intend to create an application. This targeted system would be the mall. Then, when building the application, they would…