Ad: Manage updates with the Download App

Vulnerabilities and attacks

FBI investigating how sensitive celebrity data landed on Web

Some hacker or hackers has it out for a handful of celebrities, politicians, and law enforcement officials, including First Lady Michelle Obama, Vice President Joe Biden, and pop singer Beyonce.

Collected onto one Web site -- called "The Secret Files" -- is a slew of financial and personal information on these public figures. The data is so sensitive that it has sparked investigations by the FBI and other law enforcement agencies.

The U.S. Department of Justice announced yesterday that the government agencies are looking into how www.exposed.su obtained the Social Security numbers, credit reports, telephone … Read more

Denial-of-service attack takes down JP Morgan Chase sites

The Web sites for banking giant JP Morgan Chase are offline this afternoon as the result of a distributed-denial-of-service attack, a representative told CNET.

The site's usual banking tools and content were replaced this afternoon with a message that said:

Our website is temporarily down, but our branches and Mobile Apps are available. Please try again later. The representative couldn't say how long the site had been down or how long it would be until service was resumed.

Hackers have ratcheted up their assaults on financial institutions in recent months, using DDoS attacks to take down Wells Fargo, … Read more

Intelligence chief offers dire warning on cyberattacks

If he was trying to scare the hell out of his listeners about the current state of cybersecurity, consider the newest warning from the nation's top intelligence official a mission accomplished.

In stark testimony delivered today to Congress, Director of National Intelligence James Clapper described a fast-eroding economic and national security landscape that's being rapidly penetrated by foreign agents infiltrating the nation's computer networks. This was the first time Clapper has included cyberattacks in his yearly congressional report on security threats facing the nation -- the Worldwide Threat Assessment of the U.S. Intelligence Community (PDF) -- … Read more

China claims it's willing to talk to U.S. about cybersecurity

The U.S. and China both say they want to directly discuss the issue of cybersecurity, but the odds of an open discussion are slim at best.

The Chinese government today responded to a U.S. invitation to enter into a dialogue with the U.S. over acceptable behavior in cyberspace, Reuters reported.

At a daily news briefing, Foreign Ministry spokeswoman Hua Chuying said that "China is willing, on the basis of the principles of mutual respect and mutual trust, to have constructive dialogue and cooperation on this issue with the international community including the United States to maintain … Read more

Researchers highlight potential security risk to iOS users

Android usually gets smacked around for playing host to mobile malware, but iOS isn't totally immune, according to researchers at Skycure Security.

iOS profiles, aka mobileconfig files, are used by mobile carriers to configure key settings for e-mail, Wi-Fi, and other features. But these files could be abused by attackers to sneak past Apple's normally tight security and and hijack a mobile device, the security firm revealed in a blog post today.

The process would be similar to that of a typical malware infection.

An attacker might tempt users to visit a malicious Web site by promising something … Read more

Apple, Facebook hackers hit car and candy companies too

More details have been revealed about the massive cyberattack that hit several tech companies last month. Not only were Apple, Facebook, Microsoft, and Twitter hit -- but other industries' computer systems were also hacked, including prominent car manufacturers, U.S. government agencies, and a candy company.

According to The Security Ledger, people familiar with the matter said that hackers infiltrated computer networks by using at least three third-party "watering hole" Web sites, which made it possible for hackers to put malware on those companies' computers.

"The breadth of types of services and entities targeted does not reflect … Read more

Colin Powell's Facebook page defaced

Gawker's headline tells the story: Either Colin Powell's official Facebook page got hacked or the former U.S. Secretary of State has had a drastic change of heart about the president he served.

Powell's Facebook page was pulled down today after it wound up hosting a series of sometimes scatological references to George W. Bush, according to Gawker which saved some of the posts.

This is just the latest in a spate of high-profile hacks launched against personal and private accounts. Sometimes the object has been public embarrassment, other times an effort to insert malware. In mid-February, … Read more

Apple finally fixes App Store flaw by turning on encryption

Apple has finally fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.

The flaw arose because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store, meaning an attacker can hijack the connection. In addition to a security flaw, the unencrypted connections also created a privacy vulnerability because the complete list of applications installed on the device are disclosed over Wi-Fi.

It also allows the installation of apps, including extremely expensive ones that top out at … Read more

Microsoft to patch critical holes in IE, Office, Silverlight

Windows users will get the usual round of security patches from Microsoft next Tuesday.

Among the seven fixes due to roll out March 12, four are rated critical, which means they address flaws that could let an attacker execute malware on a remote PC by steering a user to a malicious Web site or e-mail link.

The patch for Internet Explorer is designed to shore up all versions from IE6 to IE10 across all iterations of Windows from XP to Windows 8 and RT. The patch for Microsoft's Silverlight, a browser plug-in that can display online videos and other … Read more

Oracle issues emergency Java update to patch vulnerabilities

In response to discovering that hackers were actively exploiting two vulnerabilities in Java running in Web browsers, Oracle has released an emergency patch that it says should deal with the problem.

"These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password," Oracle wrote in a security alert today. "For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and … Read more