Forbes' 'Thought of the Day' Used To Hack Readers
Forbes' "Thought of the Day" was used in a sophisticated hack that targeted U.S. defense contractors and financial companies.
According to cyber intelligence firm iSight Partners — one of two firms that discovered the attack — a Chinese cyber espionage team used a vulnerability in Adobe's Flash player and Microsoft's Internet Explorer browser to plant malware in Forbes' "Thought of the Day" splash page. (Video via Microsoft)
iSight says it can confirm the attack took place between Nov. 28 and Dec. 1 of 2014, but it may have lasted longer.
Fortunately, Adobe was quick to fix its Flash player — an update was released on Dec. 9 that patched the vulnerability.
But as you know, that update would have to be installed in order for the vulnerability to be patched. So the exploit may have been available to the hackers for more than the few days between Nov. 28 and Dec. 9.
According to The Wall Street Journal, Forbes refrained from notifying readers of the vulnerability during its duration. Though the article quotes a Forbes spokesperson who has now confirmed the hack and said, when Forbes found out on Dec. 1, it "took immediate actions to remediate the incident."
If you visited the Forbes site between Nov. 28 and Dec. 1 on an Internet Explorer browser with Adobe Flash installed, you were vulnerable to the attack. But should you be concerned? Well, yes. But should you be set-fire-to-your-computer-and-change-all-your-credit-card-numbers distraught? No, and here's why:
The second security firm, Invincea, says the hackers executed what's called a watering hole attack.
Basically, the hackers are after a specific group and are certain people within that group will visit the site — or watering hole — they've loaded with malware. Once those group members drink from the watering hole, they become infected with the malware and subsequently infect the rest of the group. (Video via National Geographic)
In other words, the Forbes hackers probably weren't after your data.
Still, you should always keep up with the latest updates to your browser, your computer, your antivirus and plug-ins like Adobe Flash Player. On Tuesday, Microsoft released a patch for its Internet Explorer browser.
This video includes images from Getty Images.
AI, like ChatGPT, is creating teaching challenges on college campuses
Plagiarism is nothing new, but the role artificial intelligence is playing in it is now a concern at colleges across the country.By Scripps News
Drones are being tested to deliver AEDs to cardiac arrest emergencies
Sweden is one of the first places to develop an AED drone delivery program, and over the span of four months, they made 11 deliveries.By Scott Sonner / City of Flirtey via AP
Can machines be creative?
Generative AI is a subfield of artificial intelligence that involves training models to generate new content such as text, images, or music.By John Minchillo / AP
Beloved Hollywood mountain lion P-22 draws thousands of mourners
Wildlife officials had to capture and ultimately euthanize the beloved animal after encounters with humans.By Jae C. Hong / AP
Do State of the Union speeches still matter?
Does this annual tradition of our president addressing Congress still have the same impact that it used to?By Mariam Zuhaib / AP
From Great Resignation to Great Rethink, the workforce is changing
Many people left their jobs amid the pandemic, but experts found workers are actually switching jobs to find more flexible environments.By Scripps News