Vulnerabilities / Threats
1/15/2010
05:20 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Other Targets In Google Cyber Attack Surface

The U.S. has formally asked Chinese officials for an explanation; China says it welcomes companies that obey the law.

The names of other companies targeted in the cyber attack disclosed by Google earlier this week have started to emerge.

Google reportedly asked the other 33 companies targeted in the attack to come forward.

A Google spokesperson said that while the company provided technical information, that was the extent of its communication to other affected organizations.

Adobe was the first company after Google to acknowledge that it had been targeted. It said on Tuesday that it had learned about "a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies" at the beginning of the month.

According to an Adobe spokesperson, Adobe decided to come forward on its own.

Web hosting provider Rackspace followed suit in a blog post.

Symantec and Juniper Networks have acknowledged being targeted.

Dow Chemical and Northrop Grumman were also among the targets, according to The Washington Post. Other reports say Yahoo was attacked as well.

A spokesperson for Northrop Gruman declined to comment. Dow Chemical and Yahoo did not respond to requests for comment.

Microsoft on Thursday acknowledged that the cyber attack leveraged an Internet Explorer vulnerability and issued a security advisory. It condemned the attacks and noted that its network and online properties appear not to have been affected.

"At this time, we have no indication that Microsoft's corporate network or our mail properties were attacked as part of these attacks," said Mike Reavey, director of Microsoft Security Response, in an online post on Thursday.

A report in the English-language China Daily noted that Microsoft and HP failed to back Google's move. It includes a quote from Microsoft CEO Steve Ballmer, referring to the incident as "the Google problem."

Following Microsoft's announcement, Verisign iDefense on Friday retracted its claim that the likely attack vector was "malicious PDF file attachments delivered via e-mail."

The U.S. government has formally asked Chinese diplomatic officials for an explanation of the incident.

"We have had a discussion today here in Washington with officials from the Embassy, where we raised the issue," said State Department spokesman P.J. Crowley at Thursday's press briefing. "And as the Secretary said, it is a serious issue. The incident raises questions about both Internet freedom and the security of the Internet in China. And we've asked them for an explanation."

China's Foreign Ministry Spokesperson Jiang Yu in a briefing on Thursday said that "China's Internet is open," and that "China welcomes international Internet corporations to do business in China in line with law."

Asked about reports that U.S. Secretary of State Hillary Clinton said she would seek an explanation, Jiang responded, "if the US contacts us, we will reiterate our position on this issue."

Update: Added Google response.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.