Security researchers published a proof-of-concept exploit for a recently disclosed vulnerability that allows attackers to launch denial-of-service attacks against websites hosted on Apache Tomcat servers.
Attackers abused insecure Network Time Protocol servers to launch what appears to be one of the largest DDoS (distributed denial-of-service) attacks ever, this time against the infrastructure of CloudFlare, a company that operates a global content delivery network.
A cyberespionage operation that used highly sophisticated multi-platform malware went undetected for more than five years and compromised computers belonging to hundreds of government and private organizations in more than 30 countries.
The Syrian Electronic Army (SEA), a group of hackers who have made a habit of hijacking high-profile domain names, managed to change the domain registration information for Facebook.com, but failed to redirect the domain to a different server.
A new exploit that prompted Adobe to release an emergency patch for Flash Player was used in targeted attacks that distributed malware designed to steal log-in credentials for email and other online services, according to researchers from antivirus firm Kaspersky Lab.
British intelligence agency Government Communications Headquarters (GCHQ) has reportedly infiltrated hacktivist groups and used denial-of-service and other techniques to disrupt their online activities.
Belgian cryptographer Jean-Jacques Quisquater had his personal computer infected with malware as the result of a targeted attack that's believed to be related to a security breach discovered last year at Belgian telecommunications group Belgacom. According to him, other cryptographers have also been targeted by the same attackers.
Over the past several months security researchers have found serious vulnerabilities in many mobile advertising libraries that could be exploited to abuse the permissions of Android apps or to execute unauthorized code on users' devices. The risks resulting from those vulnerabilities would be significantly lower if those libraries would use HTTPS, security researchers said.
GoDaddy has acknowledged that one of its employees fell victim to a social engineering attack allowing a hacker to take over a customer's domain names and eventually extort a coveted Twitter user name from him. PayPal, which the victim claimed also played a role in the attack, denied the accusations.
Copyright 2015 IDG Communications. ABN 14 001 592 650. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.