The largest cyber security blog
An online service boldly advertised in the cyber underground lets miscreants hire accomplices in several major U.S. cities to help empty bank accounts, steal tax refunds and intercept fraudulent purchases of high-dollar merchandise. The service, advertised on exclusive, Russian-language forums that cater to cybercrooks, claims to have willing and ready foot soldiers for hire in … Читать далее
One of my Twitter account followers whose tweets I also follow — @spacerog — shared with me the following image, which he recently snapped with his phone while waiting in line at the Philadelphia Federal Credit Union. It’s an excellent public awareness campaign, and one that I’d like to see replicated at bank branches throughout … Читать далее
Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle’s Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned. The flaw, currently being sold by an established member of an invite-only Underweb forum, targets an unpatched vulnerability in Java … Читать далее
What does a young Chinese hacker do once he’s achieved legendary status for developing Microsoft Office zero-day exploits and using them to hoover up piles of sensitive data from U.S. Defense Department contractors? Would you believe: Start an antivirus firm? That appears to be what’s happened at Anvisoft, a Chinese antivirus startup that is being … Читать далее
A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits. The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets … Читать далее
Many security-savvy readers of this blog have learned to be vigilant against ATM card skimmers and hidden devices that can record you entering your PIN at the cash machine. But experts say an increasing form of ATM fraud involves the use of simple devices capable of snatching cash and ATM cards from unsuspected users. Security … Читать далее
A week ago Friday, the U.S. Justice Department announced that MoneyGram International had agreed to pay a $100 million fine and admit to criminally aiding and abetting wire fraud and failing to maintain an effective anti-money laundering program. Loyal readers of this blog no doubt recognize the crucial role that MoneyGram and its competitors play … Читать далее
Microsoft today issued six software updates to fix at least 19 security holes in Windows and other Microsoft products. Thirteen of those vulnerabilities earned a “critical” rating, which means miscreants or malicious code could leverage them to break into vulnerable systems without any help from users. Of note in these patches is a critical update … Читать далее
Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets. The discovery, by Oslo-based antivirus and security firm Norman ASA, is the latest in a series of revelations involving digital surveillance activity of unknown origin that … Читать далее
Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they’ve discovered that a new exploit capable … Читать далее