Adobe said it was looking for anomalous check-in activity on its code repositories and for other things that might seem out of place before it could understand the scope of the source code exposure.Īccess to the source code is potentially the most damaging part of the Adobe breach, security experts told CRN. Adobe credited noted security blogger Brian Krebs and Alex Holden, chief information security officer of Hold Security, for their role in helping investigate the incident.Īdobe told Krebs that investigators believe that hackers accessed a source code repository sometime in mid-August 2013. The guide and documentation provide security best practices for installing and using the platforms as well as implementing system updates and information for developers to build secure ColdFusion applications. "However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide." "We are not aware of any zero-day exploits targeting any Adobe products," Adobe said. Security experts told CRN that source code leaks can be used by hackers to discover vulnerabilities that can be exploited in widely used Adobe products. Few details were released, but the company said that based on its findings it is not aware of any increased risk to customers as a result of the source code leak. Meanwhile, Adobe is investigating the illegal access to the sensitive servers that contained the source code for its Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products. Banks and credit card processors have been notified of the incident, Adobe said. Adobe said it also is notifying customers whose credit or debit card information was exposed in the breach. Affected customers will receive an email notification with information on how to change the Adobe password. The company said it is resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. We will work aggressively to prevent these types of events from occurring in the future." "Very recently, Adobe's security team discovered sophisticated attacks on our network," the company said in a statement. The information included customer names, encrypted credit and debit card numbers, expiration dates and other information related to customer orders. Adobe Systems has acknowledged a massive data breach of its systems, resulting in the exposure of personal data on millions of its customers as well as the precious source code that serves as the foundation to its Adobe Acrobat, ColdFusion and other products.Īdobe Thursday said attackers stole the personal data of 2.9 million people.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |