A vulnerability in software used by a DHS vendor potentially exposed information ranging from social security numbers to names and birthdays. यू.एस.. Department of Homeland Security is warning current and former employees that their data may have been compromised after a vulnerability was uncovered in software used by a DHS vendor to process personnel [...]
In an effort to prove that it can be almost as menacing as China, Iran has apparently hacked a bunch of US energy companies. The Wall Street Journal claims the hackers were able to access control system software in several oil, gas and power companies. US officials compared the attacks to cyber reconnaissance missions. They believe the small [...]
Security concerns. Huawei’s bad luck in the US continues, after wireless ISP Clearwire announced it will reduce the amount of equipment from the Chinese telco vendor it uses in its TDD-LTE network rollout due to national security concerns. Clearwire chief technical officer John Saw said Huawei currently represents less than five per cent of the [...]
For at least nine months, the Darkleech malware is believed to have injected invisible iFrames that link to malicious web pages into thousands of web sites. The malware uses an Apache web server module to add the iFrames, although no credible attack vector has been identified as the route for the malicious module installation. Darkleech is also [...]
Crooks blasting public-safety phone lines with calls. The US Department of Homeland Security (DHS) has cautioned public-safety call centers against the rise of so-called telephony denial of service (TDoS) आक्रमण, which it says have the potential to cripple local telephone exchanges. The warning was issued in March in a confidential Situational Awareness Update that was obtained by [...]
A new study has found that the market for distributed denial-of-service (DDoS) and DoS attack mitigation solutions is projected to grow 18.2 percent between 2012 और 2017, hitting $870 million in spending. Market intelligence firm IDC last week released its “Worldwide DDoS Prevention Products and Services 2013-2017 Forecast” study. The report predicted “volumetric” attacks will [...]
Security firm Group-IB has identified a malware program called Dump Memory Grabber that can take debit and credit card data from point-of-sale (स्थिति) terminals and ATMs. The researchers say that the program has already been used to steal data from clients of US banks including Chase, Capital One, Citibank, and Union Bank N.A. as well [...]
A handful of Apple developers have found their iMessage accounts the victim of what’s being loosely referred to as a series of denial-of-service attacks. Using rapid-fire AppleScript texts, attackers have been sending many messages at a time to about half a dozen iOS developers over the last week. The attacks, which are really more distracting [...]
Biggest-ever distributed denial-of-service attack originally aimed at Spamhaus escalates and hits other corners of the Net. This was not your typical hacktivist DDoS attack: a massive, 300 gigabits-per-second traffic attack against volunteer spam filtering organization Spamhaus spread yesterday to multiple Internet exchanges and ultimately slowed traffic for users mainly in Europe. Security experts say the [...]
In what has become a familiar refrain, security researchers have spotted another Java zero-dayvulnerability under active attack. Network security company FireEye said the vulnerability being exploited in the wild is present in the most up-to-date versions of Java SE software: संस्करण 6 अद्यतन 41 and version 7 अद्यतन 15, researchers Darien Kindlund and Yichong Lin wrote [...]
Researchers at Duo Security detailed an attack that could have allowed a hacker to hijack a user’s Google account. Google has fixed a security hole that permitted attackers to potentially bypass the company’s two-step verification feature and take over user accounts. According to Duo Security, the vulnerability rested in the way application-specific passwords (ASPs) were used [...]
Part of wider industrial espionage effort. Aerospace EADS and German steelmaker ThyssenKrupp recorded major attacks by Chinese hackers in 2012, it has emerged. According to Der Spiegel, the efforts were part of a wider trend of increasingly significant cyber attacks targeting German companies. EADS confirmed the attacks, telling Reuters that they were “standard attacks” and that the company is working closely [...]
It’s getting hard to keep track of all the bugs piling up for Apple’s iPhone. Now it seems a glitch in the iOS kernel of Apple’s much maligned iOS 6.1 is responsible for yet another passcode bypass vulnerability, the second to surface this month. Attackers can apparently access users’ photos, contacts and more by following [...]
Apple is the latest major American company to enter the security confessional and disclose it has been breached. The company told Reuters today it was attacked by the same crew that hit Facebook, which disclosed its breach last Friday, and that like the social media giant, no data had been stolen. In both cases, a Java zero-day [...]
Mandiant calls out People’s Liberation Army Unit 61398 as the APT1 group responsible for cyberspying against multiple industries; Dell SecureWorks discovers new victims of APT1/aka the “Comment Crew,” “Comment Group”. Finally, convincing evidence of a long-suspected Chinese military link to cyberespionage against U.S. firms: A prolific and especially persistent cyberespionage group out of China has [...]
Mandiant calls out People’s Liberation Army Unit 61398 as the APT1 group responsible for cyberspying against multiple industries; Dell SecureWorks discovers new victims of APT1/aka the “Comment Crew,” “Comment Group”.
Finally, convincing evidence of a long-suspected Chinese military link to cyberespionage against U.S. firms: A prolific and especially persistent cyberespionage group out of China has been tied to the People’s Liberation Army and has been behind attacks on a minimum of hundreds of companies across 20 major industries mainly in natively English-speaking countries.
A comprehensive report published today by Mandiant based on its investigations into around 100 APT-based breaches, including attempts on the security firm itself, exposes characteristics of the so-called APT1 group, which Mandiant believes is part and parcel of China’s secretive People’s Liberation Army Unit 61398. Unit 61398 is located in Shanghai in the same area where Mandiant has traced APT1′s hacking activities, including two of four networks that also serve Unit 61398′s location in Pudong New Area in a 12-story building built in 2007.
According to Mandiant, the APT1 gang—aka the Comment Crew or Comment Group–is one of the most active and has stolen hundreds of terabytes of data from a minimum of 142 organizations and can simultaneously pilfer data from dozens of victims at the same time, and has waged some of the most widespread cyberspying campaigns when it comes to the variety of industries it has targeted, including information technology, aerospace, and energy. But this is just one of 20 APT groups that Mandiant tracks—there are plenty of others, demonstrating just how pervasive this threat really is today.
और अधिक पढ़ें: डार्क पढ़ना