Vulnerabilities and attacks

The U.S. government had been hacking into computers in Hong Kong and China for years, says NSA whistleblower Edward Snowden.

The former CIA employee stirred up a hornet's nest recently when he leaked details about PRISM, a National Security Agency program that collects certain user information from Internet companies and phone service providers in an effort to track down terrorists.

In an interview with the South China Morning Post, Snowden said that PRISM actually extends to people and institutions in Hong Kong and mainland China. The NSA itself has been hacking into computers in Hong Kong and China … Read more

On the eve of President Barack Obama's high-level meeting with Chinese President Xi Jinping, U.S. intelligence officials have revealed that a slew of documents and e-mails were stolen during the 2008 presidential campaign from both the president and then GOP presidential candidate John McCain. Officials are accusing China's government for the hack.

According to NBC News, officials said that they first detected the major cyberattack in the summer of 2008 and were then able to trace the culprits back to China.

"Based on everything I know, this was a case of political cyberespionage by the Chinese … Read more

Noting the contribution made by those who try to hack its security, Google has once again increased the cash rewards it pays out for identifying vulnerabilities in its services.

The Internet giant, which began swapping security research for cash a couple of years ago, announced the higher payouts and new rules for the program Thursday on the company's Online Security Blog.

The bounty for cross-site scripting bugs on Google Accounts more than doubled from $3,133.70 to $7,500. The reward for reporting cross-site scripting bugs in other sensitive areas such as Gmail and Google Wallet more than … Read more

Security researchers have found a proof-of-concept attack that appears to be the first true viral malware approach for compromising OS X.

The malware is called "Clampzok.A" and is a cross-platform malware package that alters the binary files on an affected system so when executed, the binary will infect neighboring binary files.

The malware is written in assembly code, and was originally released in 2006 for Windows and Linux systems, but was recently updated to affect 32-bit Mach-O binary files in OS X machines.

Unlike Trojan horses, spyware, and adware that hide in one location on the system … Read more

Megaupload founder Kim Dotcom has won another one.

A New Zealand court on Friday ruled that the warrants used by law enforcement officials to raid Dotcom's home in 2012 were illegal. Therefore, the court said, police are required to provide copies of all relevant evidence in the prosecution of Dotcom for alleged piracy. Any material that is deemed by the court not to be relevant must be returned to Dotcom.

Until now, Dotcom's defense attorneys did not have access to the seized evidence. According to Reuters, which earlier reported on the story, the attorneys asserted that there were … Read more

There is no question that regardless of the computing platform you use, malware happens. To help prevent these and other unwanted programs from running, Apple includes a data execution prevention routine called GateKeeper, which offers three layers of protection. The first allows everything to run, the second allows only applications signed with a valid Apple Developer ID to run, and the third allows only programs distributed through the Mac App Store to run.

Apple provides the Developer ID option with the assumption that most who use its Developer program create legitimate and trustworthy code, since their works will be easily … Read more

Power utilities in the U.S. are under daily cyberattacks, according to report released Tuesday by members of Congress.

Of about 160 utilities surveyed in the 35-page report (PDF), more than a dozen reported "daily," "constant," or "frequent" attempted cyberattacks on their computer systems.

"Grid operations and control systems are increasingly automated, incorporate two-way communications, and are connected to the Internet or other computer networks," the report said. "While these improvements have allowed for critical modernization of the grid, this increased interconnectivity has made the grid more vulnerable to remote cyber … Read more

After the hacking collective Anonymous launched a Twitter campaign pledging to go after the Guantanamo Bay Naval Base in Cuba, the U.S. military barred all Wi-Fi access on the base, according to the Associated Press. All social media, including Facebook and Twitter, also has been banned.

Army Lt. Col. Samuel House told the Associated Press that the shuttering of the base's Wi-Fi was because of Anonymous' public plans to "disrupt activities" at the military prison.

While no disruptions have yet been reported, according to the Associated Press, Anonymous has promised to make good on its threats.… Read more

U.S. officials are concluding that the 2010 hacks into Google's servers may have ended with Chinese hackers getting ahold of sensitive data, according to The Washington Post.

Current and former government officials told the Post that the hackers were able to access information on U.S. intelligence, as well as find out which possible Chinese spies government officials may have been targeting.

In January 2010, Google shocked the security community by being one of the first tech companies to disclose that it and other companies had been hit by attacks that originated in China. The Web giant said … Read more