Microsoft to Issue Emergency Patch for Critical Windows Bug

Microsoft said Thursday that it will issue an out-of-band security update on Monday to fix a critical, remotely-exploitable security hole present in all versions of Windows, which the software giant says is fueling an increasing number of online attacks. On July 15, KrebsOnSecurity.com first warned that a flaw in the way Windows processes shortcut files … Читать далее

Alleged Mariposa Botnet Author Nabbed

Police in Slovenia have arrested a 23-year-old man in Maribor believed to be responsible for creating the Mariposa botnet, a collection of hacked PCs that spanned an estimated 12 million computers across the globe, according to reports. The Associated Press cites FBI officials in Washington, D.C. stating that authorities had arrested “Iserdo,” the nickname used … Читать далее

Hacked Companies Hit by the Obvious in 2009

As a rule, I tend to avoid writing about reports and studies unless they offer truly valuable and actionable insights: Too often, reports have preconceived findings that merely serve to increase hype and drum up business for the companies that commission them. But I always make an exception for the annual data breach report issued … Читать далее

Rogue Antivirus Victims Seldom Fight Back

Recently I came into possession of a series of documents showing the financial books of an organization that orchestrates the distribution of rogue anti-virus attacks or “scareware,” programs that hijack victim PCs with misleading security alerts in an effort to frighten the user into purchasing worthless security software. I found many interesting details in this … Читать далее

Services Let Malware Purveyors Check Their Web Reputation

Virus writers and botmasters increasingly are turning to new subscription services that test when and whether malicious links have been flagged by Web reputation programs like Google Safe Browsing and McAfee SiteAdvisor. Nothing puts a crimp in the traffic to booby-trapped Web sites like being listed on multiple Internet reputation services that collect and publish … Читать далее

Experts Warn of New Windows Shortcut Flaw

Researchers have discovered a sophisticated new strain of malicious software that piggybacks on USB storage devices and leverages what appears to be a previously unknown security vulnerability in the way Microsoft Windows processes shortcut files. Update, July 16,  7:49 p.m. ET: Microsoft just released an advisory about this flaw, available here. Microsoft said it stems … Читать далее

Tool Blunts Threat from Windows Shortcut Flaw

Microsoft has released a stopgap fix to help Windows users protect themselves against threats that may try to target a newly discovered, critical security hole that is present in every supported version of Windows. Last week, KrebsOnSecurity.com reported that security researchers in Belarus had found a sophisticated strain of malware that was exploiting a previously … Читать далее

Adobe: ‘Sandbox’ Will Stave Off Reader Attacks

Adobe Systems Inc. said today the next release of its free PDF Reader application will include new “sandbox” technology aimed at blocking the exploitation of previously unidentified security holes in its software. Sandboxing is an established security mechanism that runs the targeted application in a confined environment that blocks specific actions by that app, such … Читать далее

Skimmers Siphoning Card Data at the Pump

Thieves recently attached bank card skimmers to gas pumps at more than 30 service stations along several major highways in and around Denver, Colorado, the latest area to be hit by a scam that allows crooks to siphon credit and debit card account information from motorists filling up their tanks. Forced to re-issue an unusually … Читать далее

The Case for Cybersecurity Insurance, Part II

When cyber crooks stole nearly $35,000 this year from Brookeland Fresh Water Supply District in East Texas, the theft nearly drained the utility’s financial reserves. Fortunately for the 1,300 homes and businesses it serves, Brookeland had purchased cyber security insurance, and now appears on track to recoup all of the unrecovered funds in exchange for … Читать далее