On Thursday the Chinese government, long considered the aggressor in highly publicized U.S. cyberattacks, publicly spoke about being the victim. Two of its military Web sites were attacked an average of 144,000 per month and two-thirds of those strikes came from the United States, according to a ministry spokesman.
The cost of a botnet is contingent largely upon the physical location of the malware-infected computers inside of it. Therefore, a botnet containing only American or European machines is worth more than one with machines from less prosperous nations.
SAN FRANCISCO – People who interact with online services have mounting privacy expectations that run in parallel with their need for a full experience with the functionality central to those services. But can users have their privacy cake and eat it too?
SAN FRANCISCO--The discipline of software security has been gaining traction in a lot of organizations both large and small in recent years, thanks in part to the success that vendors such as Microsoft, Adobe and others have had with it. However, for many companies, the time and money spent on software security initiatives could be put to better use simply fixing flaws after products ship or are deployed, an expert said during a constructed debate.
A series of targeted attacks are continuing to bully a signed Nvidia application into dropping a backdoor that lets attackers root their way through the systems of Tibetan sympathizers.
New espionage malware has been discovered that targets a patched sandbox-bypass vulnerability in Adobe Reader. The attacks have hit a relatively small number of government victims in 23 countries, primarily in Europe, and rely on a string of unusual tactics, including the use of steganography to hide backdoor code, as well as the capability to reach out to Twitter accounts created by the attackers for links to command and control servers.
Kaspersky Lab Identifies ‘MiniDuke’, a New Malicious Program Designed for Spying on Multiple Government Entities and Institutions Across the World
Researchers on Tuesday said they have proof the Stuxnet worm used to cripple Iran's nuclear program has been in the wild two years longer than first believed. There's also now evidence the military-grade malware's origins date back to 2005, and possibly earlier.
The third version of the prolific peer-to-peer botnet responsible for volumes of pharmaceutical spam, Bitcoin wallet theft and credential harvesting was shut down before a live audience today at RSA Conference 2013.
Adobe released yet another security update for its Flash Player product, it’s third this month, earlier today. The emergency update patches three vulnerabilities, including two critical (CVE-2013-0643 and CVE-2013-0648) that are targeting Flash Player in Mozilla’s Firefox browser and could let an attacker crash and compromise affected systems.
SAN FRANCISCO--In the current climate of continuous attacks and intrusions by APT crews, government-sponsored groups and others organizations, cryptography is becoming less and less important and defenders need to start thinking about new ways to protect data on systems that they assume are compromised, one of the fathers of public-key cryptography said Tuesday. Adi Shamir, who helped design the original RSA algorithm, said that security experts should be preparing for a "post-cryptography" world.
Website hosting provider cPanel is calling on some users to change their passwords after it informed them on Friday that hackers compromised one of its technical support department’s servers. The hosting provider does not know for certain the extent of the hack or what, if any, information was stolen during the compromise.
Social media supersite Facebook has fixed a vulnerability that could have allowed a hacker to access a user’s account simply by getting them to click through to a specially crafted website. The flaw essentially mimicked the functionality of an authentic Facebook application without actually installing an application to their profile.
The entertainment industry is teaming with five major Internet service providers to this week launch a new Copyright Alert System that will first warn online pirates and then start to strangle bandwidth of repeat offenders.
Dubbed "Six Strikes," the new system began roll out Monday, putting consumers on notice that content owners would be monitoring for illegal downloading or uploading of copyrighted movies, music and televsion shows and notifying participating ISPs such actvitity is detected.
For some time, attackers had the ability to bypass Google's two-step authentication system through access to users' app-specific passwords, giving them full access to victims' Google accounts, including Gmail. The vulnerability that enables this attack, discovered by researchers from DuoSecurity, has been patched by Google.
The seemingly endless list of critical zero day bugs found in Java grew longer today with news that one of the flaws fixed in Oracle’s recent patches for the product is under attack and when that bug is paired with another, separate vulnerability, the sandbox in the latest build of Java can be bypassed.
Dennis Fisher talks with Anup Ghosh of Invincea about the recent wave of companies admitting to being hacked by APT groups, the difference between cyberespionage and cyberwar, what the government can do to encourage more intelligence sharing and whether compromised companies are spending enough time on attribution.
You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.
It’s getting hard to keep track of all the bugs piling up for Apple’s iPhone. Now it seems a glitch in the iOS kernel of Apple’s much maligned iOS 6.1 is responsible for yet another passcode bypass vulnerability, the second to surface this month. Attackers can apparently access users' photos, contacts and more by following a series of steps on an iPhone running iOS 6.1.