Vulnerabilities and attacks

A security certificate problem triggered warnings not to use Bing over a secure Web connection Friday, and Microsoft said an issue with network service provider Akamai is to blame.

Browsers displayed prominent error messages and warnings at about 9 a.m. PT when visiting https://bing.com.

The HTTPS standard governs how Web browsers and Web servers set up encrypted communications, for example so that others can't eavesdrop on network activity to find out what you're searching for, but valid and up-to-date security certificates are required for such communications.

"An attacker on your network could be trying … Read more

The Wi-Fi router you use to broadcast a private wireless Internet signal in your home or office is not only easy to hack, says a report released today, but the best way to protect yourself is out of your hands.

The report, written by research firm Independent Security Evaluators of Baltimore, found that 13 of the most popular off-the-shelf wireless routers could be exploited by a "moderately skilled adversary with LAN or WLAN access." It also concludes that your best bet for safer Wi-Fi depends on router vendors upping their game. All 13 routers evaluated can be taken … Read more

Internet users are seeing less spam but more targeted attacks, according to security software company Symantec.

Looking at last year's security landscape, Symantec's Internet Security Threat Report 2013 found that traditional spam accounted for 69 percent of all e-mail in 2012, down from 75 percent in 2011. Yet, 30 billion spam messages are still sent on a daily basis.

Junk e-mails that hawk sex or dating products and services now account for 55 percent of all spam, taking the top spot away from pharmaceutical spam.

Malware is also part of one out of every 291 e-mail messages, with … Read more

Oracle will release today 128 fixes for security vulnerabilities that affect "hundreds" of its products.

The software giant and Java maker said in a pre-release announcement today that four of the patches include fixes for Oracle's flagship database product, which can be exploited remotely without the need for a username or password.

Also, 29 security fixes will arrive for Oracle Fusion Middleware, with 22 of these also for preventing attacks without the need for authentication.

Affected components include Oracle HTTP Server, JRockit, WebCenter, and WebLogic.

Both Oracle products have a common vulnerability scoring system (CVSS) rating of … Read more

Anonymous is once again trying to raise the hackles of North Korea by hacking into one of the country's official news sites.

For the second time this month, the North Korean news and information site Uriminzokkiri.com has been taken down. Trying to access the site today delivers an eventual timeout error. In the official Twitter account for Uriminzokkiri, which Anonymous took over earlier this month, the group tweeted that "more of North Korean websites are in our hand. They will be brought down."

North Korean Web sites minjok.com, jajusasang.com, and paekdu-hanna.com had also … Read more

In an institution already cloaked in mystery, puzzling happenings seem to be afoot at Guantanamo Bay prison.

Not only have many legal files suddenly disappeared from the defense team's computers, but also hundreds of thousands their documents have landed on the prosecution's computers, according to Reuters. This debacle has caused several pretrial hearings in the prison's military tribunals to be delayed.

It's not clear how the files vanished or if there was any illegal action behind the disappearance. It could have been a simple computer blip, IT issues, a security breach, hackers, or one of the … Read more

South Korea has accused North Korea of launching a recent cyberattack that hit tens of thousands of PCs.

A spokesman for South Korea's Internet agency said today that six computers in North Korea were identified as the source of the attack, according to The Guardian. Those computers used more than 1,000 IP addresses from across the world to infect 48,000 PCs and servers at South Korean banks and broadcasting stations.

The spokesman told the Associated Press that the attack mimicked past hacking attempts by North Korea and pointed the finger at an espionage agency run by the military. … Read more

Anonymous claims that a cyberattack launched against Israeli government Web sites this weekend has caused billions of dollars of damage, although Israeli officials say there have been no major disruptions.

The group claimed it hacked more than a dozen official Israeli Web sites, including those for the Israel Police, the Prime Minister's Office, the Israel Securities Authority, the Immigrant Absorption Ministry, and the Central Bureau of Statistics. The country's page for the Ministry of Defense was offline today as well, which Anonymous took credit for hacking in a tweet:

Anonymous Operation Israel | Target: DOWN | mod.gov.il | #Anonymous … Read more

Anonymous continues to target North Korea with its latest round of exploits.

Citing the threat posed by the North Korean government, the "hacktivist" group defaced the country's official Twitter and Flickr accounts yesterday.

The North Korean Twitter feed now displays a series of tweets with links that poke fun at the country's leader Kim Jong-un. One linked image portrays Kim Jong-un in a less than flattering light and criticizes him for "threatening world peace with ICBMs and nuclear weapons" and "wasting money while his people starve." The country's Flickr account shows … Read more