News - Security

Reports from Internet monitoring services show that recent news of a cyber attack so big that it made the Internet slow to a crawl around the world was a bit dramatic.

The New York Times reported about spam-fighting nonprofit Spamhaus and a distributed-denial-of-service attack on the Dutch group's site that became the "largest computer attacks on the Internet" and caused a "widespread congestion and jamming crucial infrastructure around the world."

Matthew Prince, the CEO of CloudFlare, the company enlisted to fight the attacks for Spamhaus, told CNET today that the attacks -- which ceased yesterday … Read more

A cyberwar is under way between two companies over a recent move made by one.

Spam-fighting organization, Spamhaus, which works with e-mail providers around the globe to block spam from entering in-boxes, has been in a battle over the last week that has seen distributed denial of service (DDoS) attacks exceed by several times the typical attacks inflicted on organizations.

Spamhaus hosts a blacklist made up of servers that, it believes, are designed to send spam around the world. Recently, the organization added a Dutch Web hosting company named Cyberbunker to its blacklist. Cyberbunker, which gets its name from its … Read more

Wells Fargo was the target of another distributed denial-of-service attack.

The bank's Web site was slowed down by the attack yesterday, affecting a certain number of customers, according to Fox Business News.

"Yesterday we saw an unusually high volume of Web site traffic which we believe was a denial of service attack," a Wells Fargo spokeswoman told CNET today. "The vast majority of customers were not impacted and customer information is safe. For customers who had difficulty accessing the site, we encouraged them to call us by phone, use ATMs or try logging on again as … Read more

A new Websense report suggests that approximately 94 percent of endpoints that run Oracle's Java are vulnerable to at least one exploit, and we are ignoring updates at our own peril. 

According to security researchers at Websense, it's not just zero-day attacks that remain a persistent threat. Instead, Java exploits are now a popular tool for cybercriminals.

With so many vulnerabilities, keeping browsers up-to-date can become an issue -- especially as Java has to be updated independently from our preferred browser, and a mobile, cross-browser workforce is difficult to manage securely. Keeping this in mind, the security … Read more

The People's Liberation Army unit (PLA) allegedly responsible for cyberspying on Western targets has collaborated with a top Chinese university on networking and security research papers.

In a finding uncovered by Reuters, Shanghai Jiaotong's School of Information Security Engineering (SISE) and the People's Liberation Army Unit 61398 have worked in partnership on at least three papers in recent years. PLA Unit 61398 is well-known for its alleged links to cyberattacks on the West, after a report was released by security firm Mandiant which stated that an "overwhelming" number of cyberattacks originate from the single unit … Read more

Apple has fixed the security issue involving its Apple ID password-reset page, a vulnerability that had made it possible for hackers with a user's e-mail address and birth date to reset the user's password.

Apple said yesterday that it was aware of the issue and was preparing a fix. Meanwhile, the company had taken the "iForgot" reset page offline for maintenance. Now the page is back up, and Apple has confirmed the fix with CNET.

The security exploit made use of a special URL that got around the need to answer a security question. Apple had … Read more

A bipartisan group of lawmakers has introduced a new bill, known as the Geolocation Privacy and Surveillance Act, to force law enforcement to obtain a warrant to track suspects with GPS devices.

The bill, which was introduced to Congress yesterday, is sponsored by Reps. Jason Chaffetz (R-Utah) and Jim Sensenbrenner (R-Wis.), as well as Sen. Ron Wyden (D-Ore.) and House judiciary committee ranking member Rep. John Conyers (D-Mich.). If passed, it would provide a "legal framework" that provides clear guidelines on when and how GPS devices can be accessed and used.

"New technologies are making it increasingly … Read more

South Korea apparently still has a mystery on its hands. Who launched a cyberattack against several of its banks and broadcasters this week?

Regulators for the country initially pointed the finger at China, saying that the attacks originated from a Chinese IP address. But they admitted today that they jumped the gun.

The IP address used in the attack was actually traced to one of the banks hit on Wednesday. South Korea's NongHyup Bank had been using the address as a virtual one for its internal network, according to Reuters. By coincidence, that address matched one registered in China.… Read more

Apple today added an extra layer of security to its Apple ID system that can harden the password people use to log in to various Apple services.

Users with an Apple ID can now sign up for two-step verification of their password, a system that sends a four-digit passcode by text message to a user's phone, and must be used on top of a regular password. In practice, this could keep an account from being compromised by an attacker, unless that person had access to the mobile device too.

The move comes a little less than a year after … Read more