Jump to content

Search the Community

Showing results for tags 'Hackers'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • A Test Category
  • Immunet Information
    • Announcements
    • Support Documentation
    • FAQ
  • Immunet Community Discussions
    • Immunet General Forum
    • Ideas
    • Immunet Support (Issues/Defects)
    • False Positives
    • Malware Detections
    • Malware Removal
  • Immunet Local Communities
  • ClamAV For Windows Community
    • ClamAV For Windows General Forum


  • Knowledge Base
  • Installation
  • FAQs

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start








Found 13 results

  1. With the pandemic raging out of control 'many' people have opted to use the video conferencing Zoom app to stay in touch with relatives, friends & co-workers remotely. The Black Hats have taken notice of this since the apps' popularity has risen dramatically too. The most recent scam that I've heard of is to send you either an email or text message stating that your Zoom account has been deactivated/disabled and to click on the link provided to correct the issue with Zoom. Of course if you click on that link you're only going to get arbitrary code being executed and installed on your device instead. This malware will try to steal log-in information and/or other personal data & possibly install additional spyware/malware on your system. There was an instance not long ago where hackers gained access to a grade school using Zoom for remote learning and sent the children pornographic content instead! That's just "too low!" Here's an informative article by the Better Business Bureau that outlines how Zoom is also being used in a very recent phishing scam as well. https://www.bbb.org/article/news-releases/23421-bbb-scam-alert-that-zoom-invite-is-really-a-phishing-scam
  2. It's not recent news that hackers have been targeting our institutions of higher learning. In my home state of Pennsylvania, Penn State University was recently hacked as an example. If that wasn't bad enough read on. What I find "completely reprehensible & totally disgusting" is that a group calling themselves "The Dark Overlord" have now targeted elementary, middle & high schools! In one case they were able to hack into the video surveillance system of an elementary school to spy on the children. In some cases they have actually threatened to harm the children if a ransom was not paid. They have also attempted to steal personal data from the databases of these affected schools, such as names, birth-dates, addresses, social security numbers, etc... There are even some dark web hacker groups that have actually condemned this Dark Overlord group for overstepping their bounds for targeting children! After all even a hacker may be a family man or woman with kids. Internet-security experts are urging all school districts across the country to either invest more money in cyber-security measures or take pro-active steps to better secure their databases because of this. "These scum-bag cyber-criminals have sunk to a new low and I hope they are caught and prosecuted to the fullest extent of the law!!!"
  3. Do you use a Wi-Fi router? I would recommend you read this Reuters news service article. (Reuters) - Cyber security watchdogs and researchers are issuing warnings over risks associated with a widely used system for securing Wi-Fi communications after the discovery of a flaw that could allow hackers to read information thought to be encrypted, or infect websites with malware. An alert from the U.S. Department of Homeland Security Computer Emergency Response Team on Monday said the flaw could be used within range of Wi-Fi using the WPA2 protocol to hijack private communications. It recommended installing vendor updates on affected products, such as routers provided by Cisco Systems Inc or Juniper Networks Inc. Belgian researchers Mathy Vanhoef and Frank Piessens of Belgian university KU Leuven disclosed the bug in WPA2, which secures modern Wi-Fi systems used by vendors for wireless communications between mobile phones, laptops and other connected devices with Internet-connected routers or hot spots. "If your device supports Wi-Fi, it is most likely affected," they said on the www.krackattacks.com website, which they set up to provide technical information about the flaw and methods hackers might use to attack vulnerable devices. It was not immediately clear how difficult it would be for hackers to exploit the bug, or if the vulnerability has previously been used to launch any attacks. Finnish security firm F-Secure said experts have long been cautious about Wi-Fi's ability to withstand security challenges of the 21st century. "But the worst part of it is that it's an issue with Wi-Fi protocols, which means it affects practically every single person in the world that uses Wi-Fi networks," it said on its website. Microsoft Corp said it had released a security update for Windows. Customers who applied the update, or had automatic updates enabled, would already be protected, it said in a statement emailed to Reuters. CERT New Zealand and CERT India asked users to apply security updates. CERT NZ suggested using ethernet cables and to connect directly into the network, when possible. "Given the complexity of updating smart devices such as mobile phones, CERT NZ also strongly recommends disabling Wi-Fi when it isn't required," it said in its advisory. (http://bit.ly/2gfho2b) The Wi-Fi Alliance, an industry group that represents hundreds of Wi-Fi technology companies, said the issue "could be resolved through a straightforward software update". The group said in a statement it had advised members to release patches quickly and recommended that consumers quickly install those security updates. (Reporting by Jim Finkle in Toronto and Dustin Volz in Washington; Additional reporting by Aradhana Aravindan in Singapore; Editing by Susan Thomas, Dan Grebler and Jacqueline Wong)
  4. One of the three major U.S. credit reporting agencys, Equifax, has been hacked! Equifax admitted to the breach today but they knew about it "at the very least" back in July 29th. Why it took so long for Equifax to admit to the breach? Your guess is as good as mine. My opinion is they should have alerted consumers much sooner of the possibility that their personal information may have been compromised. I find that untenable considering the scope of the breach. Some questions need to be answered there. It is estimated that 143 million American's personal information may have been compromised! That's not a type o, "143 million people, that's almost half of the U.S. population!" This also includes some people in the U.K. & Canada. The data that may have been compromised includes names, addresses, dates of birth, social security numbers and even some driver's license information. Also an estimated 209,000 consumers may have had their credit card info stolen. "Yikes!" Equifax claims that data from businesses was not affected as far as their "current research" has determined. The FBI is investigating this breach. Equifax has also hired a private cyber-security firm to do their own investigation. Equifax is doing some "damage control" by offering free one year credit monitoring & identity theft protection for anyone whose information may have been stolen. Here is a link to Equifax if you wish to find out if you were affected and to enroll in the program if you were unfortunate enough to be one of the victims of this hack. There is a deadline to enroll, you have until November 21st to sign up for the service. https://www.equifaxsecurity2017.com/enroll/ Edit: There was a down side to singing up for Equifax's monitoring service. You had to agree to waive your arbitration rights which means you can not file or participate in a class-action law suit against the company but as of Friday they rescinded that requirement amid a backlash of protests. Regards, Ritchie...
  5. Here's an internet article from NBC News regarding the current situation of the massive cyber attack still unfolding as I write this. Read on! Who Shut Down the U.S. Internet Friday?by Robert Windrem, Ken Dilanian, Tom Winter and William M. Arkin Department of Homeland Security Investigating Massive Internet Attack 3:23 Cyber experts and intelligence officials told NBC News it was too early to determine who was responsible for the cyber attacks that caused massive internet outages across the U.S. Friday, with some saying their analysis pointed to Russia and others saying it could just be "internet vandalism." The three "denial of service," or DDoS, attacks, hit at about 7 a.m. , noon and 4 p.m. Eastern Time, knocking out such websites as Vox, Twitter, Spotify, Amazon, PayPal and Reddit. The attacks used the "internet of things," meaning "smart" household appliances like DVRs, routers, printers and cameras that are linked to the web, to create "botnets" that overloaded websites by sending them more than 150,000 requests for information per second. Officials said the attacks were largely aimed at internet infrastructure linked to one company rather than specific websites. Nearly all of those attacked were clients of Dyn, a firm that provides domain name system services and other internet infrastructure services. However, according to one official, there was also targeting of some individual websites. How immune is election to Russian hacks? 2:43 "We have begun monitoring and mitigating a DDoS attack against our Dyn Managed (Domain Name System) infrastructure," Dyn said on its website at 11:52 a.m. ET. "Our engineers are continuing to work on mitigating this issue." A senior intelligence official told NBC News that the current government assessment is that the attacks were a "classic case of internet vandalism," and did not appear to be state-sponsored or directed. But two other senior intelligence officials told NBC News that while forensics on the attacks are far from complete, initial analysis points to the attacks being "Russian in origin" -- based on the methods and magnitude. The Russian intelligence agency known as FSB enlisted Russian cybercriminals in 2008 to mount a similar cyberattack on the Republic of Georgia. Eight years later, there are far more devices hooked up to the internet, and available to be used in bot-nets for DDoS attacks. "This is the Georgia attack on steroids," said an intelligence official. South Korea, India, Spain, Brazil and the U.K. also experienced major outages Friday. Is It Really Russians? Shawn Henry, chief security officer of the cybersecurity firm Crowdstrike, expressed caution about blaming Russians. He said many possible explanations were circulating around the internet Friday. He didn't rule out Russian involvement, but said it was "very, very early" to determine responsibility. Henry said what was most ominous about the attacks is that they reveal that the U.S. is seriously vulnerable to cyber attack: "This demonstrates the fragility of the network and infrastructure." Several internet experts told NBC News that they didn't see any Russian fingerprints. Andrew Komarov of InfoArmor told NBC News he didn't see any sign of Russian involvement at all, whether state or private. He noted that the botnet used in the attack, "Mirai," was developed by an English speaker and that he had found no link between "Mirai" and the Russians, who have their own much more sophisticated methods. He said the attacks seemed more consistent with the methods used by the hacking group known as Lizard Squad, two of whose members, both teens, were arrested earlier this month in the U.S. and the Netherlands and charged in connection with DDoS attacks. US confirms arrest of suspected hacker in Prague 1:30 Said Komarov, "We have some context, that because of similar victims, using Dyn, and also tactics, tools and procedures by threat actors, it may be a revenge for the past arrests of DDoS'ers in the underground, happened several weeks ago." Dmitri Alperovitch of Crowdstrike also expressed doubt about a link to the Russian government, and speculated the attacks might have to do with a recent interview that cybersecurity expert Brian Krebs did with Dyn mentioning Russian organized crime. The Krebs site was among those attacked Friday. Alperovitch said use of a botnet bears the hallmark of a criminal rather than state attack, and the target may simply have been Dyn, not the U.S. A senior federal law enforcement official confirmed that the attacks used a botnet exploiting the internet of things, and that the FBI is investigating. The official said federal law enforcement had not yet made a determination about who launched the attack and why. Richard Greenberg and Pete Williams contributed to this report.
  6. Just when the holiday travel exodus has begun where lots of people will be using hotel/hospitality chains during their road or airline trips comes this rather troublesome news from Reuters News Service. Read on: By Jim Finkle and Radhika Rukmangadhan (Reuters) - Hyatt Hotels Corp said on Wednesday that its payment processing system was infected with credit-card-stealing malware in an attack discovered three weeks ago, the latest in a series of breaches at hospitality firms. Company spokeswoman Stephanie Sheppard said in an email late on Wednesday that the attack was discovered on Nov. 30. She did not say if the attackers succeeded in stealing payment card numbers, how long its network was infected or how many of the chain's 627 hotels were affected. "Customers should review their payment-card account statements closely and report any unauthorized charges to their card issuer immediately," she said. Hyatt, controlled by the billionaire Pritzker family, is the fourth major hotel operator to warn of a breach since October. Hilton Worldwide Holdings Inc and Starwood Hotels & Resorts Worldwide Inc last month disclosed attacks on payment processing systems.. Donald Trump's luxury hotel chain, Trump Hotel Collection, also confirmed the possibility of a data security incident. FireEye Inc said that Hyatt had hired it to help the company investigate the attack. FireEye's Mandiant unit is one of the biggest providers of response services to companies that are victims of cyber attacks. Representatives at a Hyatt call center set up to handle inquiries about the breach said the malware was programmed to collect payment cardholder names, card numbers, expiration dates and internal verification codes. "We have taken steps to strengthen the security of our systems," Sheppard said in the email. "Customers can feel confident using payment cards at Hyatt hotels worldwide." Hyatt did not disclose the type of malware used in the attack. The company said that customers should look for information on the attack at www.hyatt.com/protectingourcustomers. Cyber intelligence firm iSight Partners in late November warned merchants about a new strain of payment-card-stealing malware dubbed ModPOS that it said evades almost all security software. iSight held briefings with dozens of firms, including hospitality companies and retailers, to provide them with information on how to uncover ModPOS infections.
  7. The LinkedIn request seemed ordinary enough. A technology journalist named “Jenifer Lawrence” had asked to connect to me. I clicked OK without thinking. Then I took a closer look at her profile. Meet the other J.Law — posing on LinkedIn as a technology journalist who doesn’t know how to use a spelling or grammar checker. There was something a little off about it. For one, there was her name — like the famous actress but oddly spelled. Her profile picture looked a lot like Angelina Jolie. The publication she claimed to write for didn’t exist. And while her work history was impressive and grammatically correct, the brief biography below her name was written in semi-broken English. That’s because “Jenifer” was a fake, one of an unknown number of fake profiles plaguing LinkedIn, the social network for job seekers that claims hundreds of millions of members. Still, “Jenifer” was convincing enough to persuade more than 500 others, including several well-known tech journalists, to add her to their LinkedIn connections. In fact, “Jenifer” was part of a nest of fakes whose profiles shared similar characteristics: attractive women with job histories copied from actual working journalists, coupled with odd misspellings. “Sarah,” a friend of “Jenifer,” is one of a nest of fake journalist profiles we found on LinkedIn. Note the creative spelling of “Brockton.” Fake profiles are hardly unique to LinkedIn. They’re routinely used to boost Twitter follower counts, promote Facebook pages, and entice you to sign up for dating sites by making it seem like attractive people are interested in you. But unlike those others, fake LinkedIn profiles are much more likely to be used by criminals and hackers to infect your computer, steal your personal information, or compromise your corporate network. And it’s a problem that appears to be getting worse. An epidemic of fakesIn a blog post published today, Satnam Narang, Symantec’s senior security response manager, announced the security company has uncovered dozens of LinkedIn profiles that could be used to launch “spear phishing” attacks against high-profile professionals. The fakes followed the same pattern as those described above, only instead of pretending to be tech journalists, they posed as recruiters offering potential jobs to unsuspecting victims. Once the connection is made, the fakers could obtain their targets’ contact information and use that to send them malware. A fake recruiter’s LinkedIn profile. (Image: Symantec) “LinkedIn is the perfect entry point for any scammer trying to gain access to your network,” Narang said in an interview with Yahoo Tech. “Once you’re connected, they might send you an email saying, ‘Check out this great article.’ Once you click the link or open the attachment, you’re infected.” What makes LinkedIn more dangerous than other social networks is the amount of trust most people put in the site’s profiles, especially those that have a lot of connections and endorsements, says Shaun Murphy, CEO of PrivateGiant, a startup developing a privacy-enhanced messaging and file-sharing app called Sndr. That’s why scammers spend so much time connecting real people to their fake accounts. “It’s all about appearing credible,” he says. “If someone claiming to be Bill Gates reached out to you and said, ‘Click here to join my elite group,’ you’re much more likely to believe it’s really him if he has 10,000 followers instead of just two.” Iranian hackers formed a sophisticated network of primary (green) and secondary (gray) LinkedIn accounts and created connections among them. (Image: Dell Secureworks) The use of LinkedIn fakes as a method of attack seems to be gaining in popularity. In October, Dell Computer’s Counter Threat Unit identified a nest of 25 bogus LinkedIn profiles it believes were created by a group of Iranian hackers. A month previous, security firm F-Secure uncovered a cohort of LinkedIn fakes targeting security researchers. Seriously, LinkedIn?Fake LinkedIn profiles are a serious problem. How seriously LinkedIn is taking the problem, though, is an open question. When asked, a company spokesperson provided this statement: We investigate suspected violations of our Terms of Service, including the creation of false profiles, and take immediate action when violations are uncovered. We have a number of measures in place to confirm authenticity of profiles and restrict or remove those that are fake. We encourage members to utilize our Help Center to report inaccurate profiles and specific profile content to LinkedIn. LinkedIn declined to provide details about how it finds and identifies fake profiles or any estimates as to how many of the site’s more than 400 million accounts are bogus. Sometimes LinkedIn’s algorithms uncover the fakes before the site’s security team does. I first reported the fake “Jenifer Lawrence” to LinkedIn in April, to no effect: The account remained live on the site for months, as did those of her faux companions. When contacted again via media channels in September, LinkedIn removed the false “Jenifer Lawrence” account, as well as some of the other fakes linked to her. But LinkedIn didn’t find all of them. The following fake account was still live at press time. “Taylor” cobbled her résumé together by stealing from the LinkedIn profiles of two actual reporters. There are also multiple questionable “Jenifer Lawrence” and “Sarah Cambell” profiles on the social network targeting different professions. This “Jenifer” borrowed her résumé from an HR website; it’s one of a half dozen nearly identical fakes uncovered by Yahoo Tech in a few minutes of searching. The way to avoid getting duped by a fake is to be highly skeptical and do a bit of legwork, says Narang. If strangers attempt to make a connection, see if they have other social networking accounts. Use reverse image-search sites like TinEye to see if they’ve borrowed someone else’s photos. Copy the unique parts of their résumés into a search engine and see if other profiles show up in the results. Bottom line: If you’ve got a lot of LinkedIn connections, odds are good that at least some of them aren’t real. And that could be bad news for everyone. From a Yahoo Tech News article by Dan Tynan
  8. eBay has confirmed that user's passwords were compromised by a hacker security breach. Supposedly, so far anyway as they are still investigating, the evidence indicates no financial data was accessed. More info here. http://www.cnet.com/news/ebay-hacked-requests-all-users-change-passwords/ Info from CNET on how to change your password: http://www.cnet.com/how-to/how-to-change-your-ebay-password/?tag=nl.e214&s_cid=e214&ttag=e214&ftag=CAD3c77551 Regards, Ritchie...
  9. I installed Immunet because since 2011 I have been electronically harassed with no end in sight. Using Immunet Verbose Tray Notifications allows me to view the hundreds of supposedly clean files being installed to my computer when I am connected to the internet. Why is there no alarm raised for the excessive bombardment I am taking? How do I export my history?
  10. In one of the earliest instances of a Heartbleed attack breaking through a private corporate network, security firm Mandiant reports that a client's virtual private network session was successfully hacked. http://www.cnet.com/...ftag=CAD2e9d5b9
  11. Nationwide retail giant Target is investigating a data breach potentially involving millions of customer credit and debit card records, multiple reliable sources tell KrebsOnSecurity. The sources said the breach appears to have begun on or around Black Friday 2013 — by far the busiest shopping day the year. According to sources at two different top 10 credit card issuers, the breach extends to nearly all Target locations nationwide, and involves the theft of data stored on the magnetic stripe of cards used at the stores. Minneapolis, Minn. based Target Brands Inc. has not responded to multiple requests for comment. Representatives from MasterCard and Visa also could not be immediately reached for comment. Both sources said the breach was initially thought to have extended from just after Thanksgiving 2013 to Dec. 6. But over the past few days, investigators have unearthed evidence that the breach extended at least an additional week — possibly as far as Dec. 15. According to sources, the breach affected an unknown number of Target customers who shopped at the company’s bricks-and-mortar stores during that timeframe. “The breach window is definitely expanding,” said one anti-fraud analyst at a top ten U.S. bank card issuer who asked to remain anonymous. “We can’t say for sure that all stores were impacted, but we do see customers all over the U.S. that were victimized.” There are no indications at this time that the breach affected customers who shopped at Target’s online stores. The type of data stolen — also known as “track data” — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs. It’s not clear how many cards thieves may have stolen in the breach. But the sources I spoke with from two major card issuers said they have so far been notified by one of the credit card associations regarding more than one million cards total from both issuers that were thought to have been compromised in the breach. A third source at a data breach investigation firm said it appears that “when all is said and done, this one will put its mark up there with some of the largest retail breaches to date.” Some of the largest retailer breaches to date may help explain what happened in this case. In 2007, retailer TJX announced that its systems had been breached by hackers. The company later learned that thieves had used the store’s wireless networks to access systems at its Massachusetts headquarters that were used to store data related to payment card, check and return transactions at stores across the country, and that crooks had made off with data from more than 45 million customer credit and debit cards. In 2009, credit card processor Heartland Payment Systems disclosed that thieves had broken into is internal card processing network, and installed malicious software that allowed them to steal track data on more than 130 million cards. Article by: Brian Krebs, krebsonsecurity.com
  12. Researchers have unearthed an online database full to the brim of stolen account information from popular services including Facebook, Yahoo, Twitter, and Google. On Tuesday, the security team at Trustwave's SpiderLabs revealed in a blog post that the database contained 1.58 million stolen usernames and passwords. The login credentials were associated with 318,121 Facebook accounts, 21,708 Twitter accounts, 54,437 Google-based accounts, and 59,549 Yahoo accounts. The database also contained approximately 320,000 stolen email account credentials. The remaining number of compromised accounts on the server were FTP accounts, remote desktop details, and secure shells. (Credit: SpiderLabs) Demographically, the Netherlands seemed to be targeted the most, as 97 percent of the stolen credentials belonged to users in that country -- followed by Thailand, Germany, Singapore, and Indonesia. The United States accounted for less than 2,000 stolen credentials. (Credit: SpiderLabs) "A quick glance at the geolocation statistics above would make one think that this attack was a targeted attack on the Netherlands," the researchers said. "Taking a closer look at the IP log files, however, revealed that most of the entries from NL IP range are, in fact, a single IP address that seems to have functioned as a gateway or reverse proxy between the infected machines and the command-and-control server, which resides in the Netherlands as well." This, in turn, prevents the researchers from truly knowing which countries were most targeted, if any. In addition, as more than 90 countries were accounted for on the list, it shows the cyberattack was global. The culprit is called the Pony Botnet controller. Version 1.9 of the botnet is a powerful spy and keylogging type of malware which captures passwords and login credentials of infected users when they access applications and Internet sites. The botnet can be built and hosted directly on a Web site through a CMS control panel, where hooking up to an SQL database automatically will store details harvested from infected users. The investigation also uncovered terrible password habits of Web site users. The most common passwords were 123456, 123456789, 1234, and simply the word password. Will we ever learn? This story originally appeared as "Hacker database exposed; thousands of stolen Facebook, Twitter, Google passwords found" on ZDNet. CNET article written by: Charlie Osborne, freelance journalist My thoughts: This story is several days old but I thought it important enough to repost here because: It should go without saying but if you have a Facebook, Yahoo, Google or Twitter account it's time to change your password as soon as possible just to be on the safe side!!
  13. BOSTON/SAN FRANCISCO (Reuters) - Apple Inc was recently attacked by hackers who infected Macintosh computers of some employees, the company said Tuesday in an unprecedented disclosure describing the widest known cyber attacks targeting Apple computers used by corporations. Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers. The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook , which the social network disclosed on Friday. The malware was also employed in attacks against Mac computers used by "other companies," Apple said, without elaborating on the scale of the assault. Twitter, which disclosed that it had been breached February 1 and that hackers might gave accessed some information on about 250,000 users, was hit in the same campaign, according to a person close to the investigation. Another person briefed on the case said that hundreds of companies, including defense contractors, had been infected with the same malicious software. Though this person said that the malware could have originated from China, there was no proof. "This is a new campaign. It's not like the other ones you read about where everyone can tell it's China," the first person said. Investigations into the breaches are ongoing. It was not immediately clear when the attacks had begun, the extent to which the hackers had succeeded in stealing data from targeted systems, or whether all infected machines have been identified. The malware was distributed at least in part through a site aimed at iPhone developers, which might still be infecting visitors who haven't disabled Java in their browser, the person close to the case said. There is a version that infects computers running Microsoft Windows as well. Security firm F-Secure wrote that the attackers might have been trying to get access to the code for apps on smartphones, seeking a way to infect millions of end-users. It urged developers to check their source code for unintended changes. Apple disclosed the breach as tensions are heating up over U.S. allegations that the Chinese military engages in cyber espionage on U.S. companies. U.S. cyber security firm Mandiant reported over the weekend that it has uncovered evidence that the Chinese military is behind a slew of cyber attacks on U.S. businesses. The White House said it has repeatedly raised concerns about Chinese cyber theft with Beijing. The breaches described by Apple mark the highest-profile cyber attacks to date on businesses running Mac computers. Hackers have traditionally focused on attacking machines running the Windows operating system, though they have gradually turned their attention to Apple products over the past couple of years as the company gained market share over Microsoft Corp . "This is the first really big attack on Macs," said the source, who declined to be identified because the person was not authorized to discuss the matter publicly. "Apple has more on its hands than the attack on itself." Charlie Miller, a prominent expert on Apple security who is co-author of the Mac Hacker's Handbook, said the attacks show that criminal hackers are investing more time studying the Mac OS X operating system so they can attack Apple computers. For example, he noted, hackers recently figured out a fairly sophisticated way to attack Macs by exploiting a flaw in Adobe Systems Inc's Flash software. "The only thing that was making it safe before is that nobody bothered to attack it. That goes away if somebody bothers to attack it," Miller said. NATIONAL SECURITY Cyber security attacks have been on the rise. In last week's State of the Union address, U.S. President Barack Obama issued an executive order seeking better protection of the country's critical infrastructure from cyber attacks. White House spokesman Jay Carney told reporters on Tuesday that the Obama administration has repeatedly taken up its concerns about Chinese cyber theft with Beijing, including the country's military. There was no indication as to whether the group described by Mandiant was involved in the attacks described by Apple and Facebook. An Apple spokesman declined to specify how many companies had been breached in the campaign targeting Macs, saying he could not elaborate further on the statement it provided. "Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," the statement said. "We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple," it continued. The statement said Apple was working closely with law enforcement to find the culprits, but the spokesman would not elaborate. The Federal Bureau of Investigation declined to comment. Apple said it plans to release a piece of software on Tuesday that customers can use to identify and repair Macs infected with the malware used in the attacks. By Jim Finkle and Joseph Menn | Reuters (Editing by Andre Grenon, Edwin Chan and Richard Chang)
  • Create New...