Vulnerabilities and attacks

Federal Reserve confirms its Web site was hacked

The wave of high-level cyberattacks continues as the Federal Reserve confirmed that one of its internal Web sites was hacked into today, according to Reuters.

"The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," a Fed spokeswoman told Reuters. "Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system."

Apparently the hackers accessed data associated with specific individuals, according to Reuters.

This attack comes on the heels of the hacking group … Read more

Hackers hit U.S. Department of Energy

The U.S. Department of Energy has confirmed that its computer systems were hacked into last month. According to The New York Times, the federal agency sent around an internal e-mail on Friday telling its employees about the cyberattack.

"The Department of Energy has just confirmed a recent cyber incident that occurred in mid-January which targeted the Headquarters' network and resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information," the e-mail said.

The agency said that it is working to figure out the "nature and scope of the incident" but that so far … Read more

Android malware uses your PC's own mic to record you

A couple of Android apps masquerading as cleanup tools actually had a sneakier mission in mind.

Uncovered last month by Kaspersky, two apps named Superclean and DroidCleaner posed as software that claimed to clean up your Android smartphone or tablet. Instead, these two were actually pieces of malware designed to snoop on your conversations by infecting your computer.

The programs worked by downloading files that automatically execute after plugging an Android device into a Windows PC, according to Kaspersky's blog. After executing, the malware would trigger the audio recorder function in Windows, write the information to a file, and … Read more

Oracle pushes out new Java update to patch security holes

Oracle has rushed out a new Java security patch designed to plug up a range of holes in the software.

The February Critical Patch Update for Java SE addresses 50 security vulnerabilities, 44 of which affect the use of Java as a plug-in for Web browers, according to an Oracle blog posted Friday. If not properly patched, the plug-in could open the door for attackers to remotely execute code on a PC or Mac by directing users to malicious Web sites.

"The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is … Read more

China cyberspies highlighted by Schmidt book, Post report

Hot on the heels of reports from The New York Times and The Wall Street Journal, another storied U.S. newspaper -- The Washington Post -- has confirmed that it too was attacked by what it suspects were Chinese hackers. And a new book from Google's Eric Schmidt reportedly calls the Asian country "the most sophisticated and prolific" hacker of foreign companies.

In an article published today, the Post says attackers gained access to the paper's computer systems as early as 2008 or 2009 and that malware installed on the systems was neutralized in 2011 by … Read more

U.S. weighs retaliation to alleged Chinese cyberattacks

The Obama administration is considering further action after the failure of high-level talks with Chinese officials over cyberattacks against America, according to the Associated Press.

The AP reports that two former U.S. officials say the administration is currently preparing a new National Intelligence Estimate -- a governmental assessment of concerns relating to security -- in order to better understand and analyze the persistence of cyberattacks that come from China.

Once this is complete, it will apparently be possible to better address the security threat, as well as justify actions to defend both the general public and national security.

The … Read more

Wall Street Journal: China hackers hit us, too

The Wall Street Journal said today that it's been the target of Chinese hackers stemming from its coverage of China, echoing reports from other news organizations.

Hackers infiltrated the newspaper's computer system through its Beijing bureau in order to monitor the paper's coverage of China, according to the report. Paula Keve, chief spokeswoman for the Journal's parent company, Dow Jones, issued a statement that said the hacks "are not an attempt to gain commercial advantage or to misappropriate customer information." The company completed a "network overhaul" on Thursday to increase security.

The … Read more

Chinese hackers said to wage cyberwar on The New York Times

After a lengthy newspaper investigation on China's prime minister, The New York Times claims, the newspaper's computer systems were infiltrated and attacked by Chinese hackers.

The attacks began four months ago and culminated with hackers stealing the corporate password for every Times employee, according to the paper. The personal computers of 53 of these employees were also broken into and spied on.

The Times discovered the attacks after observing "unusual activity" in its computer system. Security investigators were then able to get into the system and track the hackers' movements, see what the infiltrators were after, … Read more

In Swartz protest, Anon hacks U.S. site, threatens leaks

In response to the death of tech activist Aaron Swartz, hacktivist collective Anonymous hacked a U.S. government Web site related to the justice system and posted a screed saying it would begin leaking a cache of government documents if the justice system is not reformed.

The group hacked the Web site for the United States Sentencing Commission late Friday, posting a message about what it's calling "Operation Last Resort," along with a set of downloadable encrypted files it said contain sensitive information. The sentencing commission is the caretaker of the guidelines for sentencing in U.S. … Read more

'Cyber 9/11' may be on horizon, Homeland Security chief warns

The head of Homeland Security announced today that she believes a "cyber 9/11" could happen "imminently," according to Reuters. If such an event were to occur it could cripple the country -- taking down the power grid, water infrastructure, transportation networks, and financial networks.

"We shouldn't wait until there is a 9/11 in the cyber world," Homeland Security Secretary Janet Napolitano said during a talk at the Wilson Center think tank today, according to Reuters. "There are things we can and should be doing right now that, if not prevent, … Read more