Chinese hackers strike EADS and ThyssenKrupp | TechEye
Part of wider industrial espionage effort. Aerospace EADS and German steelmaker ThyssenKrupp recorded major attacks by Chinese hackers in 2012, it has emerged. According to Der Spiegel, the efforts were part of a wider trend of increasingly significant cyber attacks targeting German companies. EADS confirmed the attacks, telling Reuters that they were “standard attacks” and that the company is working closely [...]
Another iPhone Passcode Bypass Vulnerability Discovered | threatpost
It’s getting hard to keep track of all the bugs piling up for Apple’s iPhone. Now it seems a glitch in the iOS kernel of Apple’s much maligned iOS 6.1 is responsible for yet another passcode bypass vulnerability, the second to surface this month. Attackers can apparently access users’ photos, contacts and more by following [...]
Apple Breached by Facebook Hackers Using Java Exploit | threatpost
Apple is the latest major American company to enter the security confessional and disclose it has been breached. The company told Reuters today it was attacked by the same crew that hit Facebook, which disclosed its breach last Friday, and that like the social media giant, no data had been stolen. In both cases, a Java zero-day [...]
Chinese Military Tied To Major Cyberespionage Operation | Dark Reading
Mandiant calls out People’s Liberation Army Unit 61398 as the APT1 group responsible for cyberspying against multiple industries; Dell SecureWorks discovers new victims of APT1/aka the “Comment Crew,” “Comment Group”. Finally, convincing evidence of a long-suspected Chinese military link to cyberespionage against U.S. firms: A prolific and especially persistent cyberespionage group out of China has [...]
Facebook breaks the Internet | TechEye
Users unable to see some websites. Facebook briefly broke parts of the internet yesterday as millions of users were unable to access websites. Facebook plugins found on thousands of web pages, which allow people to share or recommend articles turned out to be broken. Those visiting websites including Fairfax news sites, BuzzFeed, The Huffington Post, The Washington [...]
VMware Fixes Privilege Escalation Vulnerability | threatpost
Virtualization software maker VMware issued an update last Thursday resolving a virtual machine communication interface (VMCI) vulnerability in its ESX Server, Workstation, Fusion and View products that could lead to a privilege escalation if unpatched. According to the VMware security advisory, a local attacker could potentially exploit a control code handling vulnerability in vmci.sys in order [...]
U.S. Energy Department Hack Exposes Employee, Contractor Information | Dark Reading
No classified data was compromised, but the attack is believed to have affected several hundred people. Hackers hit the U.S. Department of Energy (DOE) in mid-January and accessed personal information belonging to possibly hundreds of employees and contractors, according to an internal DOE email. The email circulated Friday and was reported Monday after The Washington Free [...]
Twitter breach leaks emails, passwords of 250,000 users | The Register
Links to media site attacks suspected. If you find that your Twitter password doesn’t work the next time you try to login, you won’t be alone. The service was busy resetting passwords and revoking cookies on Friday, following an online attack that may have leaked the account data of approximately 250,000 users. “This week, we [...]
IE bug allows Windows PCs to be hijacked | TechEye
Microsoft warns of Zero Day vulnerability. Software giant Microsoft has found a zero-day vulnerability in ancient versions of Internet Explorer. According to Vole, the problem exists in browsers from IE 6 through IE 8 but not later versions. The attack means that hackers can gain control of Windows-based computers so that they host malicious Web sites. In the [...]
Changes to Mozilla Security Program Foster Open Source Security Tool Development | threatpost
Mozilla recently announced some changes to the way it will interact with members of the security community who contribute code, bug reports and fixes for the Firefox Web browser and other open source tools under Mozilla’s watch. Michael Coates, director of security assurance at Mozilla, recently answered some questions about the changes and how they [...]
Security exploit opens Samsung Galaxy S III, Note II to attack, could let apps from Google Play write to Kernel | Engadget
Amid the XDA community’s ongoing quest to root every Android handset it comes across, one forum user appears to have found a serious exploit that affects certain Exynos devices. While fiddling with his Galaxy S III, XDA user Alephzain discovered a way to obtain root without flashing with Odin. The Samsung kernel apparently allows read / write access to all [...]
Russian ransomware strikes Queensland doctor | The Register
Seven years of patients’ files encrypted by crooks. A medical practice in the Australian state of Queensland, the Miami Family Medical Centre, has been hit by ransomware said to originate in Russia. ABC News reports staff arrived at the practice last week, turned on computers and found messages proclaiming that patients’ records had been encrypted. Seven years’ [...]
Team Ghostshell Allegedly Dumps 1.6 M Aerospace, Nanotechnology Records | threatpost
Hacktivist collective Team Ghostshell is claiming this morning to have spilled 1.6 million accounts from a handful of companies in the aerospace, nanotechnology, banking, law, education and government realm, a hack the group deems Project White Fox. The group claims White Fox is its “final stand” this year in a lengthy diatribe posted to Pastebin. The [...]
Power detection could point to malicious code | TechEye
Startup’s ‘power fingerprint’ could plug AV holes. Virus detection could be improved with technology developed by a US startup, detecting tiny increases in power consumption to reveal the presence of malicious code. With the growing sophistication of threats, there is scepticism over whether conventional antivirus protections will provide adequate defence in the future. For many years, [...]
Dockster Mac Malware Targets Dalai Lama Website Through Flashback Vulnerability | threatpost
Mac malware targeting Tibetan supporters is being served on a website connected to the Dalai Lama. The Dockster Trojan, discovered by researchers at F-Secure, exploits the same Java vulnerability as the virulent Flashback Trojan that hit more than 600,000 OS X users earlier this year. F-Secure researcher Sean Sullivan said current versions of OS X are [...]
