Researchers Tie Bank Attacks to North Korea
ST. MAARTEN–New details discovered in the investigation into the string of attacks on banks around the world using the SWIFT network show have linked the intrusions to attackers based in North Korea. Separate research conducted by experts at SWIFT, Kaspersky Lab, and BAE Systems uncovered a trail of clues that, taken together, point to North […]
New Details Connect Moonlight Maze Attacks on US Government to Modern Campaigns
ST. MAARTEN–Researchers investigating modern cyber espionage operations have found a direct link between the Moonlight Maze attacks that hit a number of United States military and government agencies in the 1990s and operations that are still ongoing today. The connections, through code samples, logs, and other data, show that some of the same tools and […]
Site Hacks Continue to Spike, Google Says
The number of sites hacked last year increased by nearly one third compared to 2015, Google said in a new report, a trend that the company expects will continue in years to come. Google’s crawlers constantly check sites for a number of different properties, including the presence of certain types of content that indicate they’ve […]
Struts Vulnerability Attracting Plenty of Attackers
Attackers are continuing to seek out and exploit vulnerable servers running vulnerable versions of the Apache Struts framework, with hundreds of separate sources trying to take advantage of the bug. The vulnerability lies in the way that some versions of the Struts framework handles some content-type values. An attacker who is able to exploit the […]
Hackers Targeting Critical Apache Struts Flaw
Attackers are targeting a critical vulnerability in the Apache Struts framework, using exploits that have been published online to go after thousands of vulnerable sites. On Monday, the Apache Software Foundation published an advisory about the vulnerability, saying that the bug enabled remote code execution in certain situations. Almost immediately afterward, attackers began going after vulnerable […]
Researchers Find Multiple Bugs in Confide Messaging App
Researchers at IOActive have uncovered a number of serious security flaws in the Confide secure messaging app, some of which could allow an attacker to hijack a user’s session or impersonate a target user. Confide is one of the group of encrypted chat apps that have emerged in the last few years and promises end-to-end […]
Questions Arise Over CIA Handling of Vulnerabilities
The release of a large trove of documents and tools that are linked to CIA’s cyber espionage activities has raised a lot of questions, especially about the way that the agency and other government groups handle information on undisclosed vulnerabilities. Some of the documents, released by Wikileaks Tuesday, show that CIA has had access to […]
Bill Would Legalize Active Defense Against Hacks
A new bill intended to update the Computer Fraud and Abuse Act would allow victims of computer attacks to engage in active defense measures to identify the attacker and disrupt the attack. Proposed by Rep. Tom Graves (R-Ga.), the bill would grant victims of computer intrusions unprecedented rights. Known as the Active Cyber Defense Certainty […]
Yahoo: 32 Million User Cookies Were Stolen
Yahoo executives didn’t understand the severity and scope of the 2014 attack that led to the theft of user data and, as a result, failed to investigate the incident as well as they should have, the company said in a regulatory filing. Attackers, who the company has said were state sponsored, compromised Yahoo’s network in […]