Happy 2nd Birthday, KrebsOnSecurity.com!

I’m taking a short break from some year-end downtime to observe that KrebsOnSecurity.com turns two years old today! This past year, KrebsOnSecurity.com has featured more than 200 blog posts, and attracted 5,000+ reader comments. It has been humbling to watch the audience here steadily grow and mature into a community. The expertise and conversations offered … Читать далее

New Tools Bypass Wireless Router Security

Security researchers have released new tools that can bypass the encryption used to protect many types of wireless routers. Ironically, the tools take advantage of design flaws in a technology pushed by the wireless industry that was intended to make the security features of modern routers easier to use. At issue is a technology called … Читать далее

Who Knows What Youhavedownloaded.com?

You may have never heard of youhavedownloaded.com, but if you recently grabbed movies, music or software from online file-trading networks, chances are decent that the site has heard of you. In fact, you may find that the titles you downloaded are now listed and publicly searchable at the site, indexed by your Internet address. In … Читать далее

Amnesty International Site Serving Java Exploit

Amnesty International‘s homepage in the United Kingdom is currently serving malware that exploits a recently-patched vulnerability in Java. Security experts say the attack appears to be part of a nefarious scheme to target human rights workers. The site’s home page has been booby trapped with code that pulls a malicious script from an apparently hacked … Читать далее

Busy Signal Service Targets Cyberheist Victims

A new service on the cyber criminal underground can be hired to tie up the phone lines of any targeted mobile or land line around the world. The service is marketed as a diversionary tactic to assist e-thieves in robbing commercial customers of banks that routinely call customers to verify large financial transfers. For just … Читать далее

NY ID Theft Ring Used Insiders, Gang Members

Authorities in Manhattan today unsealed indictments against 55 people suspected of operating an identity theft and financial fraud ring, including a number of insiders at banks and companies throughout New York who allegedly helped to steal more than $2 million from hundreds of customers and clients. Prosecutors say the 18-month-long investigation is notable because it … Читать далее

Ukrainian General Arrested in Cyber Heists

A decorated Ukrainian general was arrested last week in Romania along with two other men suspected of being part of an organized cybercrime gang that laundered at least $1.4 million stolen from U.S. and Italian firms. Gen. Valeriu Gaichuck, far right. Apprehended in Iasi, Romania last week were Matei Vitalie, 37, of Moldova; Konstantin Ossipov, … Читать далее

Security Updates for Microsoft Windows, Java

Microsoft today issued software updates to patch at least 19 security holes in Windows, including three flaws that earned the company’s most serious “critical” rating. Separately, Oracle released a security update that fixes several issues in its Java software. The most talked-about vulnerability fixed in December’s patch batch is a critical flaw in all supported … Читать далее

Bugs Money

Talk about geek chic. Facebook has started paying researchers who find and report security bugs by issuing them custom branded “White Hat” debit cards that can be reloaded with funds each time the researchers discover new flaws. Facebook's Bug Bounty debit card for security researchers who report security flaws in its site and applications. I … Читать далее

Pro Grade (3D Printer-Made?) ATM Skimmer

In July 2011, a customer at a Chase Bank branch in West Hills, Calif. noticed something odd about the ATM he was using and reported it to police. Authorities who responded to the incident discovered a sophisticated, professional-grade ATM skimmer that they believe was made with the help of a 3D printer. Below is a … Читать далее