The New York Times claims to have been under attack by Chinese hackers after its investigation into China’s Prime Minister Wen Jiabao. All 53 employees had their computers spied on and information concerning the newspaper’s sources and contributors were targeted.
Security issues in a widely used suite of network protocols known as uPnP (Universal Plug-and-Play) could expose millions of devices to attacks, even without their users’ intervention.
Long passwords with any semblance of grammar are easier to crack than short passwords without structure, according to a study by Carnegie Mellon University. Researchers found that grammar – good or bad – offers clues to hackers because it narrows the possible word combinations and sequences.
A number of private cryptographic keys associated with GitHub accounts were inadvertently leaked on the web and cached in the Git search engine.
Denial of service attacks on US banks intensified last year and caught IT security experts either off guard or with insufficient resources to efficiently repel them, according to a report commissioned by Corero Network Security.
CERT Poland has taken down the central command and control servers of the Virut botnet, curtailing the activity of this zombie herder after confirming that systems infected with Virut were remotely controlled by crooks from those servers.
Two-year old Shylock Trojan is expanding its reach to Skype users with an upgrade that allows it to message itself to new victims, according to Danish security consultancy CSIS. The new module, dubbed msg.gsm, lets the Trojan covertly send messages and transfer files using Skype by bypassing the warnings and restrictions enforced by the client application.
The US Computer Fraud and Abuse Act (CFAA) that enforces anti-hacking punishments may face revision in light of Reddit co-founder Aaron Swartz’ suicide, following a conviction that would have landed him 35 years in jail.
Chinese security researchers have issued a public warning about a botnet comprised of a hazardous 1 million smartphones running Android, writes the local Xinhua News Agency.
Oracle released an emergency software update to fix the Java vulnerability that allowed cyber-criminals to hack computers after a new zero-day exploit targeting Java 1.7 rev 10 was integrated into a specially tailored exploit kit.
One of the most popular alternatives to Adobe Reader is currently vulnerable to an exploitation technique that can totally compromise the security of the computer it runs on. According to independent security researcher Andrea Micalizzi, the exploit affects all versions of the reader application prior to 184.108.40.2068.
Comparing distributed denial-of-service attacks with the Occupy movement, Anonymous posted a petition to President Obama asking DDoS attacks to be recognized as a legal form of protest in which users can participate online, instead of standing outside a building.