Vulnerabilities and attacks

Mozilla released a new version of Firefox (Windows, Mac) today, one day after yanking the Web browser to address security flaws.

Firefox 16 was pulled off Mozilla's installer page yesterday, just one day after its release, to fix a vulnerability that could have allowed a malicious site to identify which Web sites a user had visited, said Michael Coates, Mozilla's director of Security Assurance. The flaw was publicly disclosed yesterday by security researcher Gareth Heyes, who published proof-of-concept code to demonstrate the vulnerability.

Though Mozilla said it had no evidence that the vulnerability was being exploited in the … Read more

Hack into Google Chrome, and you could win $60,000, at least if you do it through Google's Pwnium 2 competition.

That's just what happened to a hacker dubbed Pinkie Pie, who won the award on Tuesday by exploiting a security hole in Chrome.

In an effort to shore up its browser's defenses, Google holds the competition to challenge hackers to hack their way through Chrome's security to find previously unknown holes. Tuesday's Pwnium 2 contest was held at the Hack in the Box 2012 event in Kuala Lumpur, Malaysia.

"We're happy to … Read more

Anonymous is typically a big fan of Wikileaks and its founder, Julian Assange, but earlier today, several of its members sent out tweets calling for people to stop donating to the site until further notice.

A Twitter tit-for-tat ensued and finally ended in what looks like a success for Anonymous.

What got the online hacker group all riled up was an overlay donation page that was first seen when accessing Wikileaks' Global Intelligence Files, according to The Next Web. These files contain more than five million emails from the international intelligence company Stratfor.

Anonymous publicly labeled the donation page a &… Read more

Just a day after its debut, Firefox 16 has been "temporarily removed" from Mozilla's installer page while it addresses what is apparently a serious security flaw in the browser's latest version.

"The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters," Michael Coates. Mozilla's director of Security Assurance, said on the company's security blog. "At this time we have no indication that this vulnerability is currently being exploited in the wild."

Mozilla is currently working on … Read more

Hackers have accessed the confidential information of nearly 300,000 students, employees, and faculty in a massive security breach at a Florida college, officials said today.

The breach was first thought to have been isolated to employees at Northwest Florida State College but may involve student records from across the state, education officials said. More than 200,000 records were stolen in the breach, including the names, birth dates, and Social Security numbers of any student who was eligible for Florida's Bright Futures scholarships from 2005 to 2007.

"We speculate this was a professional, coordinated attack by one … Read more

A group of hackers claims to have stolen thousands of personal records by breaching the servers of more than 50 universities around the world, including Harvard, Stanford, Cornell, and Princeton.

A group calling itself GhostShell posted to text-sharing site Pastebin more than 120,000 records from the breached servers, including thousands of names, usernames, passwords, addresses, and phone numbers of students and faculty. While most hacker activity is motivated by a desire to steal identities or pranksterism, GhostShell said the goal of its data dump was to focus public attention on the state of higher education:

Here we go again.

Three months after it first began warning users of state-sponsored cyber attacks, Google is saying that the assault has only intensified.

The New York Times reports that since it began warning users of state-sponsored attacks, "it has picked up thousands more instances of cyberattacks than it anticipated." Many of the attacks appear to be originating in the Middle East.

Starting on Tuesday, the company began inserting a message at the top of affected users' Gmail inboxes: "Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.

The attacks affect … Read more

Regulators from five countries joined together in an operation to crack down on a series of companies they say orchestrated one of the most widespread Internet scams of the decade.

The U.S. Federal Trade Commission (FTC) and other international regulatory authorities today said they shut down a global criminal network that allegedly bilked tens of thousands of consumers by pretending to be tech support providers.

FTC Chairman Jon Leibowitz, speaking during a press conference with a Microsoft executive and regulators from Australia and Canada, said 14 companies and 17 individuals were targeted in the investigation. In the course of … Read more

Twitter users -- especially those with desirable handles -- risk having their accounts stolen, according to one recently hacked user who says there's a fundamental vulnerability in the service's security system.

According to Daniel Dennis Jones, whose account, @blanket, was recently hijacked, Twitter's password reset process allows hackers to attempt a more wide-ranging brute force approach to breaking into accounts than other services with more restrictive systems.

In a lengthy write-up of his recent experience, Jones says he discovered that the security system Twitter employs limits log-in attempts by IP address, rather than by account, meaning that … Read more