Forbes' 'Thought of the Day' Used To Hack Readers
Forbes' "Thought of the Day" was used in a sophisticated hack that targeted U.S. defense contractors and financial companies.
One of the most popular websites in the United States — Forbes.com — was recently the target of an exploit aimed at gathering data from U.S. defense contractors and financial companies.
According to cyber intelligence firm iSight Partners — one of two firms that discovered the attack — a Chinese cyber espionage team used a vulnerability in Adobe's Flash player and Microsoft's Internet Explorer browser to plant malware in Forbes' "Thought of the Day" splash page. (Video via Microsoft)
iSight says it can confirm the attack took place between Nov. 28 and Dec. 1 of 2014, but it may have lasted longer.
Fortunately, Adobe was quick to fix its Flash player — an update was released on Dec. 9 that patched the vulnerability.
But as you know, that update would have to be installed in order for the vulnerability to be patched. So the exploit may have been available to the hackers for more than the few days between Nov. 28 and Dec. 9.
According to The Wall Street Journal, Forbes refrained from notifying readers of the vulnerability during its duration. Though the article quotes a Forbes spokesperson who has now confirmed the hack and said, when Forbes found out on Dec. 1, it "took immediate actions to remediate the incident."
If you visited the Forbes site between Nov. 28 and Dec. 1 on an Internet Explorer browser with Adobe Flash installed, you were vulnerable to the attack. But should you be concerned? Well, yes. But should you be set-fire-to-your-computer-and-change-all-your-credit-card-numbers distraught? No, and here's why:
The second security firm, Invincea, says the hackers executed what's called a watering hole attack.
Basically, the hackers are after a specific group and are certain people within that group will visit the site — or watering hole — they've loaded with malware. Once those group members drink from the watering hole, they become infected with the malware and subsequently infect the rest of the group. (Video via National Geographic)
In other words, the Forbes hackers probably weren't after your data.
Still, you should always keep up with the latest updates to your browser, your computer, your antivirus and plug-ins like Adobe Flash Player. On Tuesday, Microsoft released a patch for its Internet Explorer browser.
This video includes images from Getty Images.
Google urges Android phone users to switch off Wi-Fi calling
Google found multiple security flaws in Samsung Galaxy and other smartphones that could allow hackers access into the devices.
Trump gets YouTube access reinstated
Former President Donald Trump can post videos to YouTube for the first time since he was restricted following the January 6, 2021, insurrection.
Analyzing how a U.S. reconnaissance drone was downed
Authorities have released video that gives clues about where and how Russian jets collided with a U.S. surveillance drone.
Taylor Swift delivers promise of tour tickets to teen burn survivor
13-year-old Isabella McCune enjoyed Taylor Swift's Eras Tour in Arizona, thanks to the pop star's promise she made five years ago.
California to manufacture its own insulin, cap cost at $30
California has partnered with a manufacturer to produce insulin that is expected to save residents hundreds of dollars every month.
Research finds climate change is making allergy season worse
A review of data shows the rate of temperature increase correlates to a rise in the number of patients suffering from nasal and sinus problems.