New Clues in the Target Breach

An examination of the malware used in the Target breach suggests that the attackers may have had help from a poorly secured feature built into a widely-used IT management software product that was running on the retailer’s internal network. As I noted in  Jan. 15’s story — A First Look at the Target Intrusion, Malware — the attackers … Читать далее

Feds to Charge Alleged SpyEye Trojan Author

Federal authorities in Atlanta today are expected to announce the arrest and charging of a 24-year-old Russian man who allegedly created and maintained the SpyEye Trojan, a sophisticated botnet creation kit that has been implicated in a number of costly online banking thefts against businesses and consumers. 24-year-old Aleksander Panin is thought to be responsible … Читать далее

Deconstructing the $9.84 Credit Card Hustle

Over the holidays, I heard from a number of readers who were seeing strange, unauthorized charges showing up on their credit and debit cards for $9.84. Many wondered whether this was the result of the Target breach; I suppose I asked for this, having repeatedly advised readers to keep a close eye on their bank … Читать далее

Sources: Card Breach at Michaels Stores

Multiple sources in the banking industry say they are tracking a pattern of fraud on cards that were all recently used at Michaels Stores Inc., an Irving, Texas-based arts-and-crafts retailer that maintains more than 1,250 stores across the United States. On Friday morning, I put a call in to SPM Communications, the public relations company … Читать далее

Feds Infiltrate, Bust Counterfeit Card Shop

Federal authorities in New Jersey announced a series of arrests and indictments of 14 individuals thought to be connected to an online one-stop shop selling embossed, counterfeit credit cards and holographic overlays. According to documents released by prosecutors in New Jersey and North Carolina, the men ran or otherwise profited from the Web site fakeplastic[dot]net, … Читать далее

Bug Exposes IP Cameras, Baby Monitors

A bug in the software that powers a broad array of Webcams, IP surveillance cameras and baby monitors made by Chinese camera giant Foscam allows anyone with access to the device’s Internet address to view live and recorded video footage, KrebsOnSecurity has learned. The issue came to light on the company’s support forum after camera … Читать далее

Gang Rigged Pumps With Bluetooth Skimmers

Authorities in New York on Tuesday announced the indictment of thirteen men accused of running a multi-million dollar fraud ring that allegedly installed Bluetooth-enabled wireless gas pump skimmers at filling stations throughout the southern United States. According to documents released by Manhattan District Attorney Cyrus R. Vance, Jr., the accused stole more than $2.1 million … Читать далее

DHS Alerts Contractors to Bank Data Theft

A security breach at a Web portal for the U.S. Department of Homeland Security has exposed private documents and some financial information belonging to at least 114 organizations that bid on a contract at the agency last year. “This letter is to inform you that your company’s bank account information may have been improperly accessed because … Читать далее

The Adventures of a Cybercrime Gumshoe

I was fortunate to spend several hours this past week with two reporters whose work I admire. Both wanted to learn more about my job as an independent investigative reporter. Their stories about my story are below. Mark Stencel, a former colleague at Washingtonpost.com who similarly worked his way up from an entry-level job at … Читать далее

A Closer Look at the Target Malware, Part II

Yesterday’s story about the point-of-sale malware used in the Target attack has prompted a flood of analysis and reporting from antivirus and security vendors about related malware. Buried within those reports are some interesting details that speak to possible actors involved and to the timing and discovery of this breach. As is the case with … Читать далее