In early October, Adobe® was hacked and 3 million customer account details (IDs, passwords, and credit card information) were stolen. Seems whopping? There’s more. Last week, it was revealed that the real number is actually 38 million. Yes, usernames and encrypted passwords of 38 million active Adobe users were stolen as part of this cyber-attack. This is ginormous hacking even for global hacking standards, and the hackers had posted the stolen data on public sites on the Internet. Part of the Adobe breach involved the theft of source code for Adobe Acrobat and Reader, as well as its ColdFusion Web application platform.

 

Adobe Hacked.png

 

While Adobe is still looking to identify the actual source and means of this data breach, it is also making amends to the customers whose account credentials were stolen and redeeming the company’s reputation.

 

Nothing held back against Adobe which is just one of the victims of large-scale cybercrimes, what can you do when such malicious security threats are on the rise and you are left defenseless to detect these attacks on time and happen to compromise on security and compliance? If you do not want to see this happen to your organization, you must act now and equip yourself with the right security techniques and technology to defend against security threats.

 

Heighten Network & Data Security

Security information & event management (SIEM) is a cutting-edge security practice that allows you to get visibility into all suspicious happenings on your network and data center by correlating and monitoring event log data from across the IT infrastructure – systems, network devices, security appliances, etc. Start at the basics – “the logs” – and work your way to the fore with security analysis and actionable intelligence. Logs provide a wealth of information about just about everything on a particular device or operating system. When you have the means to analyze these logs in real time to be able to isolate suspicious behavior patterns and policy violations, you’d be in a much better position to diagnose a security threat. Once detected, you can then take counteractive measures to contain or eliminate the threat thereby securing your network and secure corporate data.

 

There’s more security bulletin on Adobe …

  

There have been 2 security fixes silently released by Adobe in October following the massive security breach.

  • The first update is for RoboHelp 10 on the Windows operating system, a publishing software that enables users to collaboratively develop HTML 5-based video-enabled websites. This update addresses a vulnerability that could allow an attacker to run malicious code on the affected system by exploiting a memory corruption vulnerability (CVE-2013-5327).
  • The second update addresses issues in both Adobe Reader and Acrobat XI (11.0.04) for Windows. The fix addresses a regression that occurred in version 11.0.04, affecting JavaScript security controls. It permitted the launch of JavaScript scheme URIs when viewing a PDF in a browser (CVE-2013-5325).

 

Again, this is not uncommon in the software industry, and application vendors keep discovering new security loopholes and vulnerabilities and keep pushing new patches to their software. Though these Adobe security patches have no relation to the data heist, it only makes us think about the very many security lapses and subsequent fixes that keep coming about in the digital world.

 

Constantly Update Your System Software & Third-Party Apps

Only by keeping afoot with the application patch updates and security fixes will we be able to avoid vulnerabilities in software to compromise system security. Implement an automated patch management system in place to ensure all your systems and servers in your enterprise are running the most latest and updated software versions – especially in the likes of the highly risky Java® application platform.

 

IT security need not bother you to the brink to driving you into paranoia. If you have the right tools, security policies and processes in place, and the personnel to put these in action, you can rest assured your organization can be safeguarded against the detriment of hacking and its forays.