Chinese hackers hijacked Forbes.com and used the site as part of an attack, including of some members of the U.S. defense and financial industry, according to cybersecurity researchers at iSIGHT Partners and Invincea.
For three days late last year, the news site's "Thought of the Day" widget, which appears when readers visit the site, was compromised -- seamlessly redirecting visitors from certain organizations to another site where their computers could be infected with malware without their knowledge.
Forbes acknowledged the incident. "On December 1, 2014, Forbes discovered that on November 28, 2014, a file had been modified on a system related to the Forbes web site," the outlet said in a statement. "The file was immediately reverted and an investigation by Forbes into the incident began. Forbes took immediate actions to remediate the incident." The news outlet's investigation found "no indication of additional or ongoing compromise nor any evidence of data exfiltration," according to the statement.
The hack comes amid growing concerns that even the most trusted sites can be used by hackers aimed at infiltrating sensitive industries.
Using Forbes.com was "fairly brazen" and a shrewd move, said Steve Ward, senior director at iSIGHT Partners. "It's a trusted place that all of the employees in a targeted organization are going to be allowed to go to," he explained.
The attack worked by leveraging two undisclosed coding flaws -- typically called "zero day" vulnerabilities.
The first was a problem with Adobe Flash, which the company patched December 9th, and the second was an Internet Explorer flaw, which Microsoft released a fix for on Tuesday. The Internet Explorer flaw was deployed by the attackers when the Flash flaw alone was not enough to compromise targeted visitors' systems.
The hack redirected some of the site's visitors to a malicious site where their computers were silently attacked by malware. The researchers said they believe the malware was only used to infect a select group of targets, despite the broad audience of Forbes.com, which is ranked among the top 200 most visited sites globally by Alexa. The researchers said they confirmed the attack targeted at least some companies within the defense and financial services industries although it's possible its reach was larger.
The researchers attributed the hack to a cyberespionage group called Team Codoso, also known as the Sunshop Group, which has a long history of similar "watering hole" style attacks. Researchers at FireEye linked the group to attacks affecting multiple Korean military and strategy think tanks and a Uighur news and discussion site, among others, in 2013.
The Washington Post
Wed Feb 11 2015
The hack comes amid growing concerns that even the most trusted sites can be used by hackers aimed at infiltrating sensitive industries.
Stres tempat kerja wujud, perlu kemahiran tanganinya
Stres di tempat kerja sememangnya wujud, tetapi perlukan kemahiran untuk menanganinya.
Pakar Psikologi Kaunseling UPNM, Prof Datuk Dr Mohd Fadzil Che Din berpandangan jika stress tidak ditangani ia akan menyebabkan seseorang individu merasa tertekan yang boleh menjurus kepada masalah kesihatan mental.
Pakar Psikologi Kaunseling UPNM, Prof Datuk Dr Mohd Fadzil Che Din berpandangan jika stress tidak ditangani ia akan menyebabkan seseorang individu merasa tertekan yang boleh menjurus kepada masalah kesihatan mental.
Boleh guna kad debit & kredit di semua kaunter khidmat pelanggan - Rapid Rail
Pengguna perkhidmatan pengangkutan awam rel kini boleh menggunakan kad debit atau kredit di semua kaunter khidmat pelanggan Rapid Rail Sdn Bhd (Rapid Rail), bermula Selasa.
Sistem pendidikan ketinggalan, MASA gesa kerajaan tidak bersikap pasif
Kerajaan digesa untuk mengambil tindakan segera dan tidak hanya bersikap pasif terhadap laporan Bank Dunia bertajuk “Bending Bamboo Shoots: Strengthening Foundational Skills” yang memberi gambaran membimbangkan tentang sistem pendidikan tahap awal di Malaysia.
Gaji penjawat awam akan dinaikkan dengan kadar lebih 13 peratus
Kenaikan gaji Penjawat Awam akan meningkat lebih 13 peratus yang akan melibatkan peruntukan lebih RM10 billion.
Perkara ini akan dilaksanakan bermula Disember 2024.
#AWANInews
Perkara ini akan dilaksanakan bermula Disember 2024.
#AWANInews
Kepentingan pekerja Semenanjung, Sabah dan Sarawak diselaraskan
Kerajaan Sabah dan Sarawak telah bersetuju untuk membuat pindaan ke atas Ordinan Buruh Sabah (Labour Ordinance Cap 67) dan Sarawak (Ordinan Buruh Sarawak - Bab 76) untuk diselaraskan dengan Akta Kerja 1955 yang terpakai di Semenanjung Malaysia.
RUU Ordinan Buruh Sabah (Pindaan) 2024 dan RUU Ordinan Buruh Sarawak akan dibentangkan dalam sidang Parlimen akan datang.
#AWANInews
RUU Ordinan Buruh Sabah (Pindaan) 2024 dan RUU Ordinan Buruh Sarawak akan dibentangkan dalam sidang Parlimen akan datang.
#AWANInews
Pendapatan penjawat awam lebih RM2,000 sebulan di bawah SSPA baharu
Pada masa ini, jumlah pendapatan minimum, meliputi gaji dan elaun tetap penjawat awam sedia ada adalah RM1,795 sebulan.
Di bawah SSPA yang sedang diperincikan, Kerajaan akan meningkatkan gaji bagi memastikan jumlah pendapatan minimum penjawat awam melebihi RM2,000 sebulan.
#AWANInews
Di bawah SSPA yang sedang diperincikan, Kerajaan akan meningkatkan gaji bagi memastikan jumlah pendapatan minimum penjawat awam melebihi RM2,000 sebulan.
#AWANInews
Sistem Saraan Perkhidmatan Awam yang baharu tidak terpakai untuk semua
Sistem Saraan Perkhidmatan Awam yang baharu melihat aspek menyeluruh dan tidak terpakai untuk semua.
"Kalau rekod kerja tidak membanggakan, malas, sering lambat, tidak memberi tumpuan yang baik, mereka akan dipantau dan tidak diberi ganjaran seperti yang dijanjikan," tegas Perdana Menteri, Datuk Seri Anwar Ibrahim.
#AWANInews
"Kalau rekod kerja tidak membanggakan, malas, sering lambat, tidak memberi tumpuan yang baik, mereka akan dipantau dan tidak diberi ganjaran seperti yang dijanjikan," tegas Perdana Menteri, Datuk Seri Anwar Ibrahim.
#AWANInews
Pemimpin kerajaan perlu akur dengan SSPA
Mana-mana pemimpin yang memegang tampuk kepimpinan negara, perlu akur bahawa penjawat awam perlu diberikan sokongan dengan menambahbaik sistem saraan perkhidmatan awam (SSPA).
Agong, Raja Permaisuri zahir penghargaan warga pekerja
Yang di-Pertuan Agong Sultan Ibrahim dan Raja Permaisuri Agong Raja Zarith Sofiah berkenan menzahirkan penghargaan kepada semua warga pekerja negara sempena sambutan Hari Pekerja hari ini.
Kerajaan lancar Kerangka Dasar Sumber Manusia Kebangsaan
Kementerian Sumber Manusia (KESUMA) memperkenalkan Kerangka Dasar Sumber Manusia Kebangsaan yang julung buat Malaysia.