Yearly Archives: 2010

A Spike in Phone Phishing Attacks?

June 20, 2010

A couple of readers have written in to say they recently received scam telephone calls warning them about fraud on their credit card accounts and directing them to call a phone number to “verify” their credit card numbers.

These sometimes-automated attacks prompt people to call a supplied telephone number — often a toll-free line. In most cases, the calls will be answered by bogus interactive voice response system designed to coax account credentials and other personal information from the caller.

Sophisticated ATM Skimmer Transmits Stolen Data Via Text Message

June 17, 2010

45 Comments

Operating and planting an ATM skimmer — cleverly disguised technology that thieves attach to cash machines to intercept credit and debit card data — can be a risky venture, because the crooks have to return to the scene of the crime to retrieve their skimmers along with the purloined data. Increasingly, however, criminals are using ATM skimmers that eliminate much of that risk by relaying the information via text message.

Drug Charges Against Accused AT&T/iPad Hacker

June 17, 2010

18 Comments

A hacker in a group that discovered the AT&T iPad-related flaw was arrested on drug charges following the execution of an FBI search warrant of his home in Arkansas on Tuesday, according to published reports. CNET’s Elinor Mills writes that… Read More »

Police Arrest 178 in U.S.-Europe Raid on Credit Card ‘Cloning Labs’

June 15, 2010

12 Comments

Police have arrested 178 people in Europe and the United States suspected of cloning credit cards in an international scam worth over 20 million euro ($24.52 million), according to a report from Reuters.

The stories so far are all light on details or whether this bust was connected to specific fraud forums that facilitate the trade in stolen credit card data, but the wire reports include the following information:

Unpatched Windows XP Flaw Being Exploited

June 15, 2010

31 Comments

A security vulnerability in Microsoft Windows XP systems that was first disclosed a week ago is now being actively exploited by malicious Web sites to foist malware on vulnerable PCs, according to reports. Last week, Google researcher Tavis Ormandy disclosed… Read More »

Cloud Keyloggers?

June 14, 2010

6 Comments

Keystroke-logging computer viruses let crooks steal your passwords, and sometimes even read your e-mails and online chats. Recently, however, anonymous criminals have added insult to injury, releasing a keylogger that publishes stolen information for all the world to see at online notepad sharing sites such as pastebin.com.

Security Alert for Windows XP Users

June 14, 2010

16 Comments

Microsoft is warning Windows XP and Server 2003 users that exploit code has been posted online showing attackers how to break into these operating systems remotely via a newly-discovered security flaw.

The security flaw has to do with a weakness in the way the Windows Help and Support Center processes links. Both Windows XP and Server 2003 retrieve help and support information from a fixed set of Web pages that are included on a whitelist maintained by Windows. But Google security research Tavis Ormandy discovered that it was possible to add URLs to that whitelist.

Don’t Need Java? Junk It.

June 11, 2010

67 Comments

I am often asked to recommend security software, but I think it’s important to bear in mind that staying secure is just as often about removing little-used software that increases your exposure to online threats. At the very top of my nix-it-now list is Java, a powerful application that most users have on their systems but that probably few actually need.

Adobe Flash Update Plugs 32 Security Holes

June 10, 2010

33 Comments

As promised, Adobe has released a new version of its Flash Player software to fix a critical security flaw that hackers have been exploiting to break into vulnerable systems. The update also corrects at least 31 other security vulnerabilities in the widely used media player software.

ZeuS Trojan Attack Spoofs IRS, Twitter, Youtube

June 9, 2010

41 Comments

Criminals have launched an major e-mail campaign to deploy the infamous ZeuS Trojan, blasting out spam messages variously disguised as fraud alerts from the Internal Revenue Service, Twitter account hijack warnings, and salacious Youtube.com videos.