by Sara Ashley O’Brien   @saraashleyo

October 22, 2016: 6:57 PM ET

Tens of millions of IP addresses were used to take down popular websites like Twitter and Netflix as part of a massive cyberattack on Friday.

Dyn, an Internet middleman company, was the target of the distributed denial-of-service, or DDoS, attack that hit in three waves. Dyn directs traffic when people type a URL into a browser. So the attack on the company caused temporary outages at many of the internet’s most widely-trafficked sites.

On Saturday, Dyn revealed that a “sophisticated” attack involved “10s of millions of IP addresses.” The outages were caused, at least in part, by malware sent by hackers to devices connected to the internet.

“The sheer volume and consistency of these attacks was unprecedented,” said Dyn’s chief security officer Kyle York. “We run 18 data centers globally and it was hitting all of them at different and unique times.”

Dyn said it is continuing its investigation into the root cause.

Software IT company Dynatrace monitors more than 150 websites — it found that 77 were affected on Friday. The disruption may have lost companies up to $110 million in revenue and sales, according to CEO John van Siclen.

Linux Systems analyst Hayden James said the impact of the cyberattack on businesses can be significant. “Even though its not a physical bomb, it has some similar effects,” James told CNNMoney, citing the loss in business and advertising revenue.

While James said he believes this to be the worst DDoS attack in recent memory, future attacks could last longer and cripple the U.S., like one that impacts trains or the stock market.

“There’s a strong possibility of far more sophisticated attacks that could shut down the entire internet for everyone for hours, if not an entire day,” added James.

The FBI said Friday that it was “investigating all potential causes of the attack,” and the U.K.’s Home Office said it was looking into the matter.

— CNN’s Jim Sciutto and Samuel Burke contributed reporting.

Following a major attack on the iTunes App Store, Apple is removing dozens of popular apps that had been infected by malware.
The malicious apps were capable of duping customers into giving up their iCloud passwords and opening dangerous websites.

The first sign of trouble appeared over the weekend, after security researchers from Palo Alto Networks (PANW, Tech30) discovered that 39 iPhone and iPad apps were infected with malware.
Among the infected apps was WeChat, the super-popular Chinese mobile messaging app used by 600 million people.
All of the affected apps were developed in China, and they all used a modified version of Apple’s software development kit, known as Xcode, which had been manipulated by hackers.
Apple’s Xcode provides the tools developers need to build iOS apps.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple said in a statement. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Though Apple (AAPL, Tech30) makes Xcode available for free on its website, the hackers were able to convince the Chinese app makers to download Xcode from their servers instead of Apple’s.
It’s not yet known why the Chinese developers downloaded Xcode from the hackers, but it’s possible the app makers were looking for a faster way to retrieve the Xcode software.
It can be painfully slow to download items from Apple while in China. People in China often try to download apps and tools from alternate websites and servers — but sometimes face bitter consequences for doing so.

Tencent, which makes WeChat, said in a blog post that it has fixed the problem, and customers should upgrade to the latest version of the WeChat app in case they had downloaded the version that contained the malware.
The company said it does not believe the hackers were able to steal customers’ information or money, though it continues to investigate the impact of the attack.
Among the other impacted apps were Didi Chuxing, which is the leading taxi-hailing service in China. Popular train-ticket purchasing app Railway 12306 and China Unicom Mobile Office were also infected by malware.

Some Apple Macs have a particularly terrible flaw that lets hackers sneak in and remain undetected, a security researcher has found.
It means a hacker could — from far away — force a Mac into a coma. Personal, corporate or government Macs could be spied on in a way that even the best security checks wouldn’t discover — until it’s way too late.

“This is scary,” said Sarah Edwards, a forensic analyst at the SANS Institute who specializes in reviewing computers for evidence of hacks. “I would never see this. There could be funky stuff going on in the computer system, and I would never know why.”

What makes this one so bad? It’s a computer bug that runs especially deep in the machine.
All computers have some kind of basic input/output system (BIOS), the core program that brings a machine to life. It’s the kind of thing you should never tamper with. And it should obviously remain heavily guarded.

But Macs purchased one year ago or before, apparently, leave a door open. When a Mac goes into sleep mode and wakes back up, it allows direct access to the BIOS. It’s a weird quirk that lets someone tamper with the code there. That’s what was discovered recently by Pedro Vilaça, a curious independent computer security researcher in Portugal.

He revealed this vulnerability publicly in a blog post last Friday. He told CNNMoney he alerted Apple directly soon thereafter.

Apple (AAPL, Tech30) did not respond to questions about this flaw — nor would it say when it plans to release an update to fix it.

Several cybersecurity experts confirmed to CNNMoney that this is a real problem, and they plan to research further in the next few weeks.

This isn’t an easy hack. An attacker first needs administrative access to a machine. But what this means is that if a Mac gets hacked with a low-level computer virus, it can bury so deep you’ll never find it.

That’s the real problem here. It gives hackers more time to plot a massive bank heist or a huge corporate takedown, like the Sony Pictures hack.

So, who’s in real danger? High-value targets: think company executives, bankers, politicians, the wealthy, journalists, or anyone else worth spying on for a long period of time.

The average Mac user doesn’t have to worry about this one, because they’re actually susceptible to cheaper, easier hacks — that are easier to spot and fix. So says Katie Moussouris, an executive at HackerOne, which helps companies fix dangerous computer bugs.

Tod Beardsley, a security research manager at cybersecurity firm Rapid7, stressed that most Mac users aren’t likely to get hacked because of this bug. He said the flaw is “certainly surprising … but the bar of difficulty is pretty high.”

This is the second major flaw in Apple devices discovered in the last week. Recently, people discovered that you can crash someone’s iPhone simply by sending it a text message.

Vilaça decided not to name this bug. But every major computer flaw nowadays deserves a name. Given that it involves a poisonous kiss that wakes a sleeping Mac, Moussouris suggests this one: Prince Harming.