city officials said Wednesday . Such a ttacks Attack.Ransom— another of which occurred in Atlanta last week — take over parts of private or municipal computer networks and then d emand payment,Attack.Ransomor r ansom,Attack.Ransomfor their release . Frank Johnson , chief information officer in the Mayor ’ s Office of Information Technology , said he was not aware of any specific r ansom request Attack.Ransommade by the hackers of Baltimore ’ s network , but federal authorities are investigating . “ The systems and the software and the files are all being investigated by the FBI right now , ” Johnson said . No personal data of city residents w as compromised,Attack.Databreachhe added . Dave Fitz , an FBI spokesman , could not be reached Wednesday . On Tuesday , Fitz said the agency was aware of the breach and providing assistance to the city , but otherwise declined to comment . The attack infiltrated a server that runs the city ’ s computer-aided dispatch , or CAD , system for 911 and 311 calls . The system automatically populates 911 callers ’ locations on maps and dispatches the closest emergency responders there more seamlessly than is possible with manual dispatching . It also relays information to first responders in some cases and logs information for data retention and records . The breach shut down the CAD system from Sunday morning until Monday morning , forcing the city to revert to manual dispatching during that time . While the city ’ s 911 calls are normally recorded online on Open Baltimore , the city dispatch logs stopped recording them at 9:54 a.m. Sunday and didn ’ t resume recording them again until 7:42 a.m. Monday . Johnson said the attack was made possible after a city information technology team troubleshooting a separate communications issue with the server inadvertently changed a firewall and left a port , or a channel to the Internet , open for about 24 hours , and hackers who were likely running automated scans of networks looking for such vulnerabilities f ound Vulnerability-related.DiscoverVulnerabilityit and gained access . The Baltimore hack comes amid increasing hacking of municipal systems across the country , and follows one in Atlanta last week that paralyzed that city ’ s online bill-payment system , with hackers d emanding Attack.Ransoma $ 51,000 p ayment Attack.Ransomin bitcoin to unlock it . T hat attack Attack.Ransomoccurred Thursday , and Atlanta employees only turned their computers back on Tuesday . Johnson said his office works diligently to prevent cyberattacks and is looking to invest more in safeguarding its networks . Baltimore also faced cyberattacks during the unrest in 2015 , when its website was taken offline . Johnson said he was unaware of any other successful attacks on the city ’ s networks . He said the city would be obligated to disclose any a ttacks Attack.Databreachthat c ompromised Attack.Databreachresidents ’ personal information , health information or crime data . Johnson said he feels the city recovered well from the breach once it was identified , but that he did not want to go into detail about what was done lest he expose the city to more attacks . The city has a $ 2.5 million contract with TriTech Software Systems to maintain its CAD software and provide “ technical support services to ensure the functional integrity ” of the city ’ s CAD system . Scott MacDonald , TriTech ’ s vice president of public safety strategy , said the company worked with city IT personnel to shut down the CAD software after the attack . The breach was not related to the company ’ s software , MacDonald said . “ Our techs connected and worked with the IT staff there , and the CAD system was taken down manually , in combination between our staff and theirs , while the servers could be troubleshooted by the city . ”
The exploit , which h as now been patched,Vulnerability-related.PatchVulnerabilityaffected customers banking with hundreds of financial institutions US-based financial services firm Fiserv h as just fixed Vulnerability-related.PatchVulnerabilitya flaw in its web platform that exposed the personal and financial details of a vast number of banking customers . With more than 12,000 clients across the world using the company 's services , it is hard to establish how many customers ' details w ere exposed Attack.Databreachin the 'information disclosure vulnerability ' f ound Vulnerability-related.DiscoverVulnerabilityby security researcher Kristian Erik Hermansen . When logging into his local bank , which uses Fiserv 's platform , Hermansen learned email alerts for financial transactions were assigned an 'event number ' , which he successfully predicted were distributed in sequence , according to KrebsOnSecurity . Using this knowledge , the researcher was able to directly view alerts set up by another customer by rewriting the site 's code in his browser and sending a request for an altered event number . He was able to view the customer 's email address , phone number and bank account number - as well as view and edit alerts they had previously set up . `` I should n't be able to see this data , '' he said . `` Anytime you spend money that should be a private transaction between you and your bank , not available for everyone else to see . '' He added a criminal could have exploited the flaw to s teal Attack.Databreachinformation from customers . Together with KrebsOnSeceurity author Brian Krebs , Hermansen worked to v erify Vulnerability-related.DiscoverVulnerabilitywhether or not the flaw was exclusive to his own bank 's installation of the platform . They soon d iscovered Vulnerability-related.DiscoverVulnerabilityhundreds of other Fiserv-affiliated banks may h ave been just as vulnerable Vulnerability-related.DiscoverVulnerabilityas those they had tested . IT Pro approached Fiserv for comment , and to establish how many institutions in the UK may have been affected , if any , but the company did not respond at the time of writing . A spokesperson told Krebs that Fiserv had responded accordingly , and c orrected Vulnerability-related.PatchVulnerabilitythe issue . `` After receiving your email , we promptly engaged appropriate resources and worked around the clock to research and remediate the situation , '' the spokesperson said . `` We d eveloped Vulnerability-related.PatchVulnerabilitya security patch within 24 hours of receiving notification and d eployed Vulnerability-related.PatchVulnerabilitythe patch to clients that utilise a hosted version of the solution . We w ill be deploying Vulnerability-related.PatchVulnerabilitythe patch this evening to clients that utilise an in-house version of the solution . '' While information disclosure vulnerabilities are among the most common types of website security issues , according to Krebs , they are also the most preventable and easy to f ix.Vulnerability-related.PatchVulnerabilityBut they can also cause just as much damage to a company 's brand as more severe security risks .
For weeks , perhaps months , hackers could take control of a victim 's ' computer , or install malware on it , just by tricking them into opening a booby-trapped document , thanks to a critical `` zero-day '' bug in most versions of Microsoft Word . When bugs a re unknown Vulnerability-related.DiscoverVulnerabilityto the vendor , and s till unpatched,Vulnerability-related.PatchVulnerabilitythey 're called zero-days . That 's their value : they will work no matter what , as there 's no fix for them . Criminal hackers , as well as hackers working for governments , sometimes use zero-days , but it 's rare for the same zero-day exploit to be used by both groups . Somehow , however , that 's what happened with that Microsoft Word zero-day . The exploit was used by government hackers , likely inside Russia , to target victims and infect them with the infamous FinFisher spyware since at least late January . The same exploit , according to security firm FireEye , was also used by a criminal gang spreading malware known as Latentbot in March . To add even more mystery to the mix , it appears that multiple researchers independent of each other f ound Vulnerability-related.DiscoverVulnerabilitythe original bug on which the exploit was developed . When Microsoft p atched Vulnerability-related.PatchVulnerabilityit on Tuesday , it credited three researchers , as well as its own internal teams . That 's not unheard of , but as a recent study pointed out , it 's rare for different teams or researchers to find the same bug , something that 's known as `` bug-collision . '' Ryan Hanson , a security researcher , c laimed Vulnerability-related.DiscoverVulnerabilityin a tweet that he o riginally found Vulnerability-related.DiscoverVulnerabilityit in July and d isclosed Vulnerability-related.DiscoverVulnerabilityit to Microsoft in October . Hanson did not respond to a request for comment , but Motherboard was able to confirm this timeline . For some reason , however , Microsoft did n't p atch Vulnerability-related.PatchVulnerabilityit until this week . ( For example , previous office bugs f ound Vulnerability-related.DiscoverVulnerabilityby Google Project Zero g ot patched Vulnerability-related.PatchVulnerabilitywithin 90 days . ) The company said in a statement that they heard of a `` small number '' of targeted attacks in the wild using the exploit `` approximately one month ago , '' and added that there were no widespread attacks until McAfee d isclosed Vulnerability-related.DiscoverVulnerabilitythe bug publicly last Saturday . `` This was a complex investigation that took time to thoroughly investigate and patch , '' a Microsoft spokesperson told Motherboard . `` We performed an investigation to identify other potentially similar methods , and ensure that o ur fix addresses Vulnerability-related.PatchVulnerabilitymore than just t he issue reported.Vulnerability-related.DiscoverVulnerability`` It 's unclear who developed the exploit used to spread FinFisher and Latentbot , but it 's possible that the same developer sold it to both groups . `` I think whoever sells to FinFisher also does blackmarket business , '' said John Hultquist , a researcher at FireEye . `` Talent , tools , and techniques move between espionage , criminal , and hacktivist worlds . '' As the CEO of Hacking Team , a company that used to buy zero-day exploits , once said , `` exclusive zero-days do n't exist . '' `` Talent , tools , and techniques move between espionage , criminal , and hacktivist worlds . '' A source who works in the surveillance technology industry said that FinFisher buys exploits from private researchers as well as from Zerodium , a well-known exploit seller . The source , who asked to remain anonymous , said FinFisher recently offered access to an exploit subscription portal that seemed similar to what Zerodium 's predecessor , Vupen , used to offer . Zerodium 's founder Chaouki Bekrar declined to comment . ( FinFisher did not respond to a request for comment . )
For weeks , perhaps months , hackers could take control of a victim 's ' computer , or install malware on it , just by tricking them into opening a booby-trapped document , thanks to a critical `` zero-day '' bug in most versions of Microsoft Word . When bugs a re unknown Vulnerability-related.DiscoverVulnerabilityto the vendor , and s till unpatched,Vulnerability-related.PatchVulnerabilitythey 're called zero-days . That 's their value : they will work no matter what , as there 's no fix for them . Criminal hackers , as well as hackers working for governments , sometimes use zero-days , but it 's rare for the same zero-day exploit to be used by both groups . Somehow , however , that 's what happened with that Microsoft Word zero-day . The exploit was used by government hackers , likely inside Russia , to target victims and infect them with the infamous FinFisher spyware since at least late January . The same exploit , according to security firm FireEye , was also used by a criminal gang spreading malware known as Latentbot in March . To add even more mystery to the mix , it appears that multiple researchers independent of each other f ound Vulnerability-related.DiscoverVulnerabilitythe original bug on which the exploit was developed . When Microsoft p atched Vulnerability-related.PatchVulnerabilityit on Tuesday , it credited three researchers , as well as its own internal teams . That 's not unheard of , but as a recent study pointed out , it 's rare for different teams or researchers to find the same bug , something that 's known as `` bug-collision . '' Ryan Hanson , a security researcher , c laimed Vulnerability-related.DiscoverVulnerabilityin a tweet that he o riginally found Vulnerability-related.DiscoverVulnerabilityit in July and d isclosed Vulnerability-related.DiscoverVulnerabilityit to Microsoft in October . Hanson did not respond to a request for comment , but Motherboard was able to confirm this timeline . For some reason , however , Microsoft did n't p atch Vulnerability-related.PatchVulnerabilityit until this week . ( For example , previous office bugs f ound Vulnerability-related.DiscoverVulnerabilityby Google Project Zero g ot patched Vulnerability-related.PatchVulnerabilitywithin 90 days . ) The company said in a statement that they heard of a `` small number '' of targeted attacks in the wild using the exploit `` approximately one month ago , '' and added that there were no widespread attacks until McAfee d isclosed Vulnerability-related.DiscoverVulnerabilitythe bug publicly last Saturday . `` This was a complex investigation that took time to thoroughly investigate and patch , '' a Microsoft spokesperson told Motherboard . `` We performed an investigation to identify other potentially similar methods , and ensure that o ur fix addresses Vulnerability-related.PatchVulnerabilitymore than just t he issue reported.Vulnerability-related.DiscoverVulnerability`` It 's unclear who developed the exploit used to spread FinFisher and Latentbot , but it 's possible that the same developer sold it to both groups . `` I think whoever sells to FinFisher also does blackmarket business , '' said John Hultquist , a researcher at FireEye . `` Talent , tools , and techniques move between espionage , criminal , and hacktivist worlds . '' As the CEO of Hacking Team , a company that used to buy zero-day exploits , once said , `` exclusive zero-days do n't exist . '' `` Talent , tools , and techniques move between espionage , criminal , and hacktivist worlds . '' A source who works in the surveillance technology industry said that FinFisher buys exploits from private researchers as well as from Zerodium , a well-known exploit seller . The source , who asked to remain anonymous , said FinFisher recently offered access to an exploit subscription portal that seemed similar to what Zerodium 's predecessor , Vupen , used to offer . Zerodium 's founder Chaouki Bekrar declined to comment . ( FinFisher did not respond to a request for comment . )