Miscellaneous
Facebook hit by `sophisticated` attack, says no data compromised
Facebook said the attack occurred last month when several of its employees visited a developer`s website that had been compromised. "The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops," the social media giant wrote on its security blog. The website was using a previously unseen exploit to bypass built-in protections in Java`s sandbox, allowing the malware to install itself despite the affected laptops running up-to-date anti-virus software. "As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day," the company said. Oracle, which owns the Java software, provided a patch on February 1 that addresses the vulnerability. Facebook said its security team found no evidence that user data was compromised but said other businesses had been attacked and infiltrated as well. "We will continue to work with law enforcement and the other organizations and entities affected by this attack," the blog post said. Earlier this month, the social networking website Twitter also revealed it was also the victim of a cyber attack that exploited a vulnerability in Java software. That attack allowed hackers to access user names, e-mail address, session tokens, and encrypted passwords for approximately 250,000 users.
Liability for this article lies with the author, who also holds the copyright. Editorial content from USPA may be quoted on other websites as long as the quote comprises no more than 5% of the entire text, is marked as such and the source is named (via hyperlink).