Security Experts:

Connect with us

Hi, what are you looking for?


Security Architecture

NASDAQ Hackers Helped by Shoddy Security, Says Reuters

Update: Reuters Accused of Omitting Disclosures in NASDAQ Breach Reports

Update: Reuters Accused of Omitting Disclosures in NASDAQ Breach Reports

According to a report from Reuters, anonymous sources connected to the FBI’s probe into the mater, said that lax security practices made NSADAQ an easy target, when its Director’s Desk platform was breached last year.

NASDAQ Directors Lax SecurityThe FBI continues to probe the incident, and while the basic architecture of NASDAQ’s network was fine, investigators discovered that systems were running with misconfigured firewalls, out-of-date software, and missing security patches. The investigators told Reuters that servers running Windows 2003 for example were not properly updated.

When asked, Carl-Magnus Hallberg, the Senior VP of ITS for Nasdaq OMX, said that calling the exchange’s security practices lax was unfair, as the last year’s incident was a sophisticated attack, noting that it would have been “virtually impossible to defend against the hackers who used malware that had not been disclosed.”

This is the second Reuters scoop on the NASDAQ investigation, following one in October that revealed the fact that malicious software worked its way into a web-based communications platform at NASDAQ last year allowed attackers the ability to monitor business leaders using its Director’s Desk system.

“Gaining remote access to confidential data held within the Director’s Desk application could have been through SQL injection, broken authentication and session management, and URL restriction failures. In my years of running penetration tests against Fortune-500 companies, these were the most common vulnerabilities that could be exploited to reveal this level of confidential data,” commented Damballa’s Gunter Ollman at the time.

The addition of failed patching, and misconfigured firewalls certainly doesn’t help the situation, zero-day malware or not. More from Reuters is here.

Update: Reuters Accused of Omitting Disclosures in NASDAQ Breach Reports

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Security Architecture

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.

Incident Response

Implementation of security automation can be overwhelming, and has remained a barrier to adoption

Application Security

Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to...