Ad: Manage updates with the Download App
  • CNET
  • All Vulnerabilities and attacks posts

Vulnerabilities and attacks

Skype fixes e-mail security flaw

Skype has resolved a nasty e-mail and password security bug and reinstated its password reset page.

Revealed by Skype earlier today, the vulnerability allowed someone to create a Skype account using the same e-mail address as that of the intended victim. That person was then able to reset the password for all accounts associated with that address, thereby locking out the account owner from Skype.

As a precaution, Skype earlier today took down its password reset page to prevent hackers from taking advantage of the flaw. But the company managed to resolve the security hole not long after announcing it, … Read more

Skype disables password resets due to e-mail security flaw

Update, 10:25 a.m. PT: Skype has since resolved the security issue and reinstated the password reset page.

Skype is investigating a security problem that allows someone to take over a user's account by resetting the account password.

The VoIP service provider best known for video calls confirmed in its blog today that it has taken down its password reset page as it probes the issue:

We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the … Read more

Cyberattacks against Lockheed have 'increased dramatically'

Cyberattacks against Lockheed Martin -- one of the largest defense contractors for the U.S. government -- have stepped up significantly in both pace and savvy, according to Reuters.

"The number of campaigns has increased dramatically over the last several years," Lockheed vice president and chief information security officer Chandra McMahon said in a news conference today, according to Reuters. "The pace has picked up."

McMahon claims that roughly 20 percent of the attacks are being perpetuated by other countries or groups that aim to steal information or threaten the company's operations. She told reporters … Read more

Ransomware a growing menace, says Symantec

Cybercriminals gangs are creating a surge in ransomware, says a new report from Symantec.

Ransomware is a type of malware best described as an online extortion racket. Malware locks or disables your PC in some way and then demands payment in the form of a "fine" to render your PC usable again. Like most scams, the ransomware message claims to come from a legitimate organization, such as the government or a public corporation, to try to convince victims that they did something wrong to incur the fine.

But paying the fine does nothing since the initial malware remains … Read more

SEC staffers leave computers open to cyber attack, report says

Staffers in the SEC's Trading and Markets Division left their computers totally unprotected from possible security attacks, forcing the organization to scramble to determine if any sensitive data was stolen, Reuters reported, citing unidentified sources with knowledge of the situation.

As it turns out, the trading and markets division is charged with ensuring that markets don't fall victim to cyberattacks.

Reuters also reports that the staffers attended the annual Black Hat Conference for hackers and brought the unprotected computers with them.

Soon after the security issues were identified, the SEC hired a third-party company and paid it "… Read more

Windows 8, RT to get first critical security patches next Tuesday

Windows 8 and Windows RT will receive their first security fixes when next week's Patch Tuesday rolls around from Microsoft.

The patches are designed to prevent "remote code execution," which means they'll plug holes in the OS that could let someone remotely run malicious code on a PC.

Beyond securing Windows 8, the fixes cover just about every other version of Windows, including XP, Vista, and Windows 7 as well as Server 2003, 2008, and 2012.

The rollout includes six security patches, four of which are considered critical, one important, and one moderate. Most of the … Read more

Crippling Stuxnet virus infected Chevron's network too

Stuxnet, the sophisticated computer virus that attacked a nuclear enrichment facility in Iran two years ago, also inadvertently infected Chevron's network.

Reportedly created by the U.S. and Israel, the highly destructive worm was designed to infect Iran's Natanz nuclear facility. Rather than steal data, Stuxnet left a back door meant to be accessed remotely to allow outsiders to stealthily knock the facility offline and at least temporarily cripple Iran's nuclear program.

The oil giant discovered the malware in July 2010 after the virus escaped from its intended target, Mark Koelmel, Chevron's general manager of the … Read more

Twitter resets passwords of 'compromised' accounts

Is it a bird? Is it a plane? No, it's a password reset message from Twitter, and you should probably do what it says.

An unknown number of Twitter users have received a genuine e-mail from the company warning they should change their password as soon as possible. 

But a Twitter spokesperson told CNET that the e-mail was sent to a wider group of users than intended.

In the e-mail, the microblogging company noted: "Twitter believes that your account may have been compromised by a Web site or service not associated with Twitter. We've reset your … Read more

U.S. panel labels China largest cyberspace threat, report says

China poses the largest threat in cyberspace, with its hackers increasingly targeting U.S military computers and defense contractors, according to a draft of a Congressional report obtained by Bloomberg.

The report, produced by the U.S.- China Economic and Security Review Commission, found that China's persistence and its advances in hacking activities over the past year poses an increasing threat to information systems and users.

The risks include attempts to blind or disrupt U.S. intelligence and communications satellites, weapons targeting systems, and navigation computers, Bloomberg reported, citing an anonymous U.S. intelligence official.

While the attacks … Read more

Facebook password-bypass flaw fixed

Facebook this weekend disabled a loophole that might have allowed some accounts to be accessed without a password.

The vulnerability, which was posted to Hacker News on Friday, could potentially have allowed an unauthorized user to access another person's Facebook account.

The flaw centered on e-mails sent out by the social network which contained links that, once clicked, would log a user straight into a Facebook account without the need for any secondary authentication, such as entering a password. The e-mails could be discovered through a simple Google search query, with 1.3 million accounts potentially open to the … Read more