Vulnerabilities and attacks

Several U.S. media outlets experienced a massive wave of cyberattacks allegedly coming from the Chinese military over the last few months. While some newspapers have claimed that their networks are now safe, the Wall Street Journal may still be a victim of the online onslaught.

The newspaper's owner Rupert Murdock tweeted today, "Chinese still hacking us, or were over weekend."

Chinese still hacking us, or were over weekend.

The Wall Street Journal confirmed last week that it had been the target of cyberattacks in recent months because of its coverage … Read more

The wave of high-level cyberattacks continues as the Federal Reserve confirmed that one of its internal Web sites was hacked into today, according to Reuters.

"The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," a Fed spokeswoman told Reuters. "Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system."

Apparently the hackers accessed data associated with specific individuals, according to Reuters.

This attack comes on the heels of the hacking group … Read more

The U.S. Department of Energy has confirmed that its computer systems were hacked into last month. According to The New York Times, the federal agency sent around an internal e-mail on Friday telling its employees about the cyberattack.

"The Department of Energy has just confirmed a recent cyber incident that occurred in mid-January which targeted the Headquarters' network and resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information," the e-mail said.

The agency said that it is working to figure out the "nature and scope of the incident" but that so far … Read more

A couple of Android apps masquerading as cleanup tools actually had a sneakier mission in mind.

Uncovered last month by Kaspersky, two apps named Superclean and DroidCleaner posed as software that claimed to clean up your Android smartphone or tablet. Instead, these two were actually pieces of malware designed to snoop on your conversations by infecting your computer.

The programs worked by downloading files that automatically execute after plugging an Android device into a Windows PC, according to Kaspersky's blog. After executing, the malware would trigger the audio recorder function in Windows, write the information to a file, and … Read more

Oracle has rushed out a new Java security patch designed to plug up a range of holes in the software.

The February Critical Patch Update for Java SE addresses 50 security vulnerabilities, 44 of which affect the use of Java as a plug-in for Web browers, according to an Oracle blog posted Friday. If not properly patched, the plug-in could open the door for attackers to remotely execute code on a PC or Mac by directing users to malicious Web sites.

"The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is … Read more

Hot on the heels of reports from The New York Times and The Wall Street Journal, another storied U.S. newspaper -- The Washington Post -- has confirmed that it too was attacked by what it suspects were Chinese hackers. And a new book from Google's Eric Schmidt reportedly calls the Asian country "the most sophisticated and prolific" hacker of foreign companies.

In an article published today, the Post says attackers gained access to the paper's computer systems as early as 2008 or 2009 and that malware installed on the systems was neutralized in 2011 by … Read more

The Obama administration is considering further action after the failure of high-level talks with Chinese officials over cyberattacks against America, according to the Associated Press.

The AP reports that two former U.S. officials say the administration is currently preparing a new National Intelligence Estimate -- a governmental assessment of concerns relating to security -- in order to better understand and analyze the persistence of cyberattacks that come from China.

Once this is complete, it will apparently be possible to better address the security threat, as well as justify actions to defend both the general public and national security.

The … Read more

The Wall Street Journal said today that it's been the target of Chinese hackers stemming from its coverage of China, echoing reports from other news organizations.

Hackers infiltrated the newspaper's computer system through its Beijing bureau in order to monitor the paper's coverage of China, according to the report. Paula Keve, chief spokeswoman for the Journal's parent company, Dow Jones, issued a statement that said the hacks "are not an attempt to gain commercial advantage or to misappropriate customer information." The company completed a "network overhaul" on Thursday to increase security.

The … Read more

After a lengthy newspaper investigation on China's prime minister, The New York Times claims, the newspaper's computer systems were infiltrated and attacked by Chinese hackers.

The attacks began four months ago and culminated with hackers stealing the corporate password for every Times employee, according to the paper. The personal computers of 53 of these employees were also broken into and spied on.

The Times discovered the attacks after observing "unusual activity" in its computer system. Security investigators were then able to get into the system and track the hackers' movements, see what the infiltrators were after, … Read more