Emergency Maintenance: SVCasewestern Compromised
Posted by postprob on August 30, 2007 at 06:06 PM
Problem: SVCasewestern Compromised Cause: Administrator account accessed Affects: Stockval application users Started: 08/30/2007 05:56 PM Resolved: 08/30/2007 06:05 PM
Notes:
Just set a resolved date on this.
Unusual activity noticed in the early afternoon. Investigation discovered all accounts, including Guest w/blank password, had admin rights and remote desktop access. Anti-virus and software firewall protections removed/disabled.
Removed from the network and contacting application owners. Will rebuild with hardened security.
Created: 08/30/2007 18:06:34 by cxl34
Updates: 10/19/2007 13:40:28 by dak