Vulnerabilities and attacks

The Obama administration is considering further action after the failure of high-level talks with Chinese officials over cyberattacks against America, according to the Associated Press.

The AP reports that two former U.S. officials say the administration is currently preparing a new National Intelligence Estimate -- a governmental assessment of concerns relating to security -- in order to better understand and analyze the persistence of cyberattacks that come from China.

Once this is complete, it will apparently be possible to better address the security threat, as well as justify actions to defend both the general public and national security.

The … Read more

The Wall Street Journal said today that it's been the target of Chinese hackers stemming from its coverage of China, echoing reports from other news organizations.

Hackers infiltrated the newspaper's computer system through its Beijing bureau in order to monitor the paper's coverage of China, according to the report. Paula Keve, chief spokeswoman for the Journal's parent company, Dow Jones, issued a statement that said the hacks "are not an attempt to gain commercial advantage or to misappropriate customer information." The company completed a "network overhaul" on Thursday to increase security.

The … Read more

After a lengthy newspaper investigation on China's prime minister, The New York Times claims, the newspaper's computer systems were infiltrated and attacked by Chinese hackers.

The attacks began four months ago and culminated with hackers stealing the corporate password for every Times employee, according to the paper. The personal computers of 53 of these employees were also broken into and spied on.

The Times discovered the attacks after observing "unusual activity" in its computer system. Security investigators were then able to get into the system and track the hackers' movements, see what the infiltrators were after, … Read more

In response to the death of tech activist Aaron Swartz, hacktivist collective Anonymous hacked a U.S. government Web site related to the justice system and posted a screed saying it would begin leaking a cache of government documents if the justice system is not reformed.

The group hacked the Web site for the United States Sentencing Commission late Friday, posting a message about what it's calling "Operation Last Resort," along with a set of downloadable encrypted files it said contain sensitive information. The sentencing commission is the caretaker of the guidelines for sentencing in U.S. … Read more

The head of Homeland Security announced today that she believes a "cyber 9/11" could happen "imminently," according to Reuters. If such an event were to occur it could cripple the country -- taking down the power grid, water infrastructure, transportation networks, and financial networks.

"We shouldn't wait until there is a 9/11 in the cyber world," Homeland Security Secretary Janet Napolitano said during a talk at the Wilson Center think tank today, according to Reuters. "There are things we can and should be doing right now that, if not prevent, … Read more

The United States is responsible for the highest number of botnet servers in the world, according to new data from McAfee.

A map and a list of major countries posted by McAfee yesterday show the greatest concentration of botnet servers to be in the U.S., with 631. That's more than two and a half times higher than the second country on the list -- the British Virgin Islands with 237.

The Netherlands took third place with 154 servers, followed by Russia with 125, Germany with 95, and Korea with 81. Among the Top 10, Canada fared the best … Read more

Sony Computer Entertainment Europe has been fined 250,000 pounds (US$395,775) by the Information Commissioner's Office in the U.K., following the massive hacking of Sony's PlayStation Network in 2011 that saw million of users' personal data leaked.

The monetary penalty on Sony comes after the "serious breach of the Data Protection Act," the ICO said in a statement today.

When the Sony PlayStation Network Platform was hacked in April 2011, it compromised the personal information of millions of customers, including names, addresses, e-mail addresses, dates of birth, and account passwords. Customers' payment card … Read more

Following recent security vulnerabilities in Java, malware developers are taking a new approach to exploit the Java platform by issuing false updates that pose as legitimate updates for the runtime.

The latest version of the Java runtime that fixes recent vulnerabilities is update 11, and Kaspersky labs is reporting that a new malware is out that poses as "Java Update 11." The malware is packaged in a Java archive file called "javaupdate11.jar" that contains two Windows-based executables called "up1.exe" and "up2.exe." When installed the programs open a back door … Read more

Learning a lesson from the Stuxnet attack, Iran has beefed up its cyber forces and poses a greater threat to the United States.

At least, that was the word of warning from U.S. Air Force General William Shelton yesterday, according to Reuters. Speaking with reporters, Shelton said that the Iranian government has increased its cyber efforts since and as a result of being hit by Stuxnet.

In 2010, the infamous computer worm was unleashed in Iran and other countries. Designed to seize control of power grids and other industrial control systems, Stuxnet infected computers at Iran's Natanz nuclear … Read more