Hacks


Leaders from China, U.S. Meet, Agree to Rally Against Cyber Threats

In an attempt to clear the cybersecurity air, the United States and the People’s Republic of China agreed Monday to work in tandem to prevent future cyber threats. Meeting at the Pentagon, Defense Secretary Leon Panetta and General Liang Guanglie, China’s Minister of National Defense, insisted the two nations should be seen as equals and according to Guanglie, “build a new state-to-state relationship that’s not a stereotype of two major powers predestined for conflict.”


In a post on the F-Secure Labs blog, Chief Research Officer Mikko Hypponen says the firm received a hard drive image from a “contact” within Syria who believed that his computer had been compromised. An F-Secure analysis of the drive’s contents and Web history revealed evidence of a targeted attack that used a malicious Skype chat link to install a copy of Xtreme RAT, a remote access tool that’s commercially available online.

A vulnerability in Skype that could expose members’ IP addresses may have been known to Skype officials as far back as November 2010. A researcher who first discovered the flaw speculates it may have been left exposed perhaps because it was deeply embedded in the code and could cause other problems, according to a Wall Street Journal blog.

UPDATE: Security researchers are warning about the risk posed by an embarrassing security hole in industrial control software by the firm RuggedCom. A hidden administrative account could give remote attackers easy access to critical equipment that is used to manage a wide range of critical infrastructure, including rail lines, traffic control systems and electrical substations.

In what looks like the IT equivalent of the Deepwater Horizon oil spill disaster, purloined data and documents, including source code belonging to the U.S. software firm VMWare, continue to bubble up from the networks of a variety of compromised Chinese firms, according to “Hardcore Charlie,” an anonymous hacker who has claimed responsibility for the hacks.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.