Vulnerabilities and attacks

South Korean cyberattack may not have come from China

South Korea apparently still has a mystery on its hands. Who launched a cyberattack against several of its banks and broadcasters this week?

Regulators for the country initially pointed the finger at China, saying that the attacks originated from a Chinese IP address. But they admitted today that they jumped the gun.

The IP address used in the attack was actually traced to one of the banks hit on Wednesday. South Korea's NongHyup Bank had been using the address as a virtual one for its internal network, according to Reuters. By coincidence, that address matched one registered in China.… Read more

South Korea traces cyberattack to IP address in China

The cyberattack that targeted banks, TV broadcasters, and an Internet service provider in South Korea yesterday originated from an IP address in China, but the identities of the people responsible remain unknown, South Korean regulators say.

"We've identified that a Chinese IP has connected to the organizations affected," a spokesman for South Korea's Communications Commission told a press conference on Thursday, according to a Reuters account of the event.

The revelation comes a day after a massive coordinated attack on servers in South Korea led officials to raise the alert status for the nation's army … Read more

'Chameleon Botnet' takes $6-million-a-month in ad money

A newly discovered botnet has found a way to siphon cash from advertisers.

Spider.io, a security researcher, yesterday announced that it has discovered a new botnet, called Chameleon, that's targeting "at least" 202 Web sites. The botnet is made up of over 120,000 host machines running Windows, according to Spider.io. Those machines are connecting to the Web with a Flash-friendly Trident-based browser that executes JavaScript. The vast majority of the machines -- 95 percent -- have come from U.S.-based IP addresses.

The botnets have targeted at least 202 Web sites, hitting them … Read more

South Korea probes 'massive' cyberattack

South Korea's police are currently investigating a "massive" hack attack on Internet service provider LG Uplus, which led to server outages at three domestic broadcasters and two major banks.

As a result, the army raised its alert status amid concerns the attacks were initiated by its neighbors in North Korea.

Reuters reported Wednesday that authorities were looking into the attack on LG Uplus, which was suspected to be conducted by a group calling itself the "Whois Team".

The investigations were triggered by disrupted servers at television networks YTN, MBC and KBS. Customers at Shinhan Bank … Read more

What 420,000 insecure devices reveal about Web security

A researcher used a simple, binary technique to take control of more than 420,000 insecure devices including Webcams, routers, and printers running on the Internet -- and says that's just a hint of the potential for real trouble to get started.

In a SecLists posting yesterday, the unnamed researcher describes how he was able to take control of open, embedded devices on the Internet. The researcher did so by using either empty or default credentials such as "root:root" or "admin:admin", indicating how a surprisingly large number of devices connected to the Web … Read more

FBI investigating how sensitive celebrity data landed on Web

Some hacker or hackers has it out for a handful of celebrities, politicians, and law enforcement officials, including First Lady Michelle Obama, Vice President Joe Biden, and pop singer Beyonce.

Collected onto one Web site -- called "The Secret Files" -- is a slew of financial and personal information on these public figures. The data is so sensitive that it has sparked investigations by the FBI and other law enforcement agencies.

The U.S. Department of Justice announced yesterday that the government agencies are looking into how www.exposed.su obtained the Social Security numbers, credit reports, telephone … Read more

Denial-of-service attack takes down JP Morgan Chase sites

The Web sites for banking giant JP Morgan Chase are offline this afternoon as the result of a distributed-denial-of-service attack, a representative told CNET.

The site's usual banking tools and content were replaced this afternoon with a message that said:

Our website is temporarily down, but our branches and Mobile Apps are available. Please try again later. The representative couldn't say how long the site had been down or how long it would be until service was resumed.

Hackers have ratcheted up their assaults on financial institutions in recent months, using DDoS attacks to take down Wells Fargo, … Read more

Intelligence chief offers dire warning on cyberattacks

If he was trying to scare the hell out of his listeners about the current state of cybersecurity, consider the newest warning from the nation's top intelligence official a mission accomplished.

In stark testimony delivered today to Congress, Director of National Intelligence James Clapper described a fast-eroding economic and national security landscape that's being rapidly penetrated by foreign agents infiltrating the nation's computer networks. This was the first time Clapper has included cyberattacks in his yearly congressional report on security threats facing the nation -- the Worldwide Threat Assessment of the U.S. Intelligence Community (PDF) -- … Read more

China claims it's willing to talk to U.S. about cybersecurity

The U.S. and China both say they want to directly discuss the issue of cybersecurity, but the odds of an open discussion are slim at best.

The Chinese government today responded to a U.S. invitation to enter into a dialogue with the U.S. over acceptable behavior in cyberspace, Reuters reported.

At a daily news briefing, Foreign Ministry spokeswoman Hua Chuying said that "China is willing, on the basis of the principles of mutual respect and mutual trust, to have constructive dialogue and cooperation on this issue with the international community including the United States to maintain … Read more