Ad: Manage updates with the Download App

Vulnerabilities and attacks

Apple, Facebook, Twitter hacks said to hail from Eastern Europe

While many security experts have been pointing the blame at China for the recent wave of cyberattacks on U.S. companies and newspapers, Bloomberg reports that some of the malware attacks actually may be coming from Eastern Europe.

Investigators familiar with the matter told Bloomberg they believe a cybercriminal group based in either Russia or Eastern Europe is carrying out the high-level attacks to steal company secrets, research, and intellectual property, which could then be sold on the black market.

Evidence that the attacks may be coming from Eastern Europe is the type of malware being used by the hackers, … Read more

Apple: Employee computers were targeted in hack attack

Apple today said it too was targeted as part of the string of hacking efforts on companies and news agencies.

The iPhone and Mac maker told Reuters that hackers targeted computers used by its employees, but that "there was no evidence that any data left Apple."

In a statement, Apple said it discovered malware that made use of a vulnerability in the Java plug-in, and that it was sourced from a site for software developers:

Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware … Read more

Google warns of an increase in attempted account hijackings

The New York Times' report Monday of state-sponsored hacking in China drew new attention to the sophisticated techniques that would-be infiltrators use to gain access to victims' accounts. But it's not just China, Google said today -- the techniques used against U.S. government agencies and corporations are being used increasingly by hackers around the world.

"Compared to five years ago, more scams [and] illegal, fraudulent, or spammy messages today come from someone you know," security engineer Mike Hearn said in a blog post. "Although spam filters have become very powerful -- in Gmail, less than … Read more

Adobe confirms targeted attacks due to security hole in Reader

A zero-day security flaw in Adobe Reader and Acrobat is being exploited through a series of targeted attacks against vulnerable computers, Adobe Systems said yesterday.

In a security bulletin, Adobe confirmed that the vulnerabilities could cause Reader and Acrobat to crash, potentially opening the door for an attacker to gain control of the system.

"Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message," the company revealed in the bulletin.

Adobe said it's … Read more

Hackers can easily breach Emergency Alert Systems

Hackers broke into several television stations' Emergency Alert Systems this week and broadcast that zombies were "rising from their graves" and "attacking the living."

While a comical hoax, security consultancy firm IOActive warns that this type of behavior is dangerous and not that hard for hackers to do, according to Computerworld. This week it's zombies, but next time it could be something that might make people really panic, such as an anthrax or terrorist attack.

IOActive says that devices used by TV and radio stations to air emergency alerts have critical vulnerabilities that make them … Read more

Old OS X malware used in increased attacks against Uyghur groups

Kaspersky labs and Alienvault have released a new analysis that outlines recent increases in targeted attacks against Uyghur groups in China, where an apparent ongoing politically motivated effort is using old vulnerabilities in Microsoft Word to infect their systems with malware.

The effort is using unpatched versions of Microsoft Word 2004 and 2008 for OS X, where maliciously crafted documents can exploit an old and patched vulnerability to execute code and install backdoor software without the user's consent. The malware in this case installs a common remote-access shell called "TinySHell" that in itself is not intended as … Read more

Microsoft delivers fixes for Windows 8, Windows RT

It's February 12, yet another Patch Tuesday. Among the security fixes aplenty that Microsoft is rolling out today are a few other non-security-specific updates for Windows RT and Windows 8.

As previously announced, the February cumulative update includes fixes designed to improve Surface Wi-Fi reliability and connectivity, a Microsoft spokesperson confirmed.

Microsoft also has provided a fix for the app-store-downloading bug that a number of Surface RT and Windows RT users reported a few weeks back. The problem resulted in Windows RT systems entering "Connected Standby" while the devices were downloading new Windows Updates via Automatic Update. … Read more

Android a growing target for mobile malware -- report

The Android platform is becoming a key mobile target for cybercriminals, who are getting much more efficient with their malware, according to a report from Web-security company Blue Coat Systems.

In a mobile malware report, Blue Coat notes that Android is a popular target. Here's a look at the volume of Android malware:

Blue Coat noted:

The Android-based malware blocked by WebPulse included an Android root exploit and a variety of rogue Android software. Forty percent of Android malware was delivered via malnets, demonstrating how cybercriminals can successfully utilize embedded infrastructures to attack mobile users. In the most recent … Read more

Gmail of journalists in Myanmar said to be hacked

A handful of journalists who cover Myanmar received warnings from Google over the past week. The Web giant told them that their Gmail accounts might have been hacked by "state actors" or "state-sponsored attackers" and that they should change their passwords and tighten their security settings, according to the Wall Street Journal.

Google said that it has systems in place to detect possible state-sponsored malware or hacking but would not give the Wall Street Journal further information on how these systems work.

The Myanmar government has now responded to these allegations and denies any involvement in … Read more

Cyberattacks reanimate CISPA, spark move by Obama -- reports

Recent reports of cyberespionage and hacking against important U.S. targets have triggered cybersecurity rumblings in Washington, with the leaders of the House Intelligence Committee reportedly planning to bring back the controversial CISPA -- Cyber Intelligence Sharing and Protection Act -- and President Obama reportedly readying his own executive order on the issue.

House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.) say they plan to re-introduce CISPA -- unaltered -- next week during a speech at the Center for Strategic and International Studies in Washington, according to Beltway tech blog The Hill.

"American … Read more