Yearly Archives: 2012

ATM Thieves Swap Security Camera for Keyboard

December 4, 2012

This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like child’s play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine.

Vrublevsky Sues Kaspersky

December 3, 2012

34 Comments

The co-founder and owner of ChronoPay, one of Russia’s largest e-payment providers, is suing Russian security firm Kaspersky Lab, alleging that the latter published defamatory blog posts about him in connection with his ongoing cybercrime trial.

Online Service Offers Bank Robbers for Hire

November 29, 2012

47 Comments

An online service boldly advertised in the cyber underground lets miscreants hire accomplices in several major U.S. cities to help empty bank accounts, steal tax refunds and intercept fraudulent purchases of high-dollar merchandise.

All Banks Should Display A Warning Like This

November 27, 2012

24 Comments

One of my Twitter account followers whose tweets I also follow — @spacerog — shared with me the following image, which he recently snapped with his phone while waiting in line at the Philadelphia Federal Credit Union. It’s an excellent public awareness campaign, and one that I’d like to see replicated at bank branches throughout the country.

Java Zero-Day Exploit on Sale for ‘Five Digits’

November 27, 2012

18 Comments

Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle’s Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.

Yahoo Email-Stealing Exploit Fetches $700

November 23, 2012

21 Comments

A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits. The exploit, being sold for $700 by an Egyptian hacker… Read More »

Beware Card- and Cash-Trapping at the ATM

November 20, 2012

17 Comments

Many security-savvy readers of this blog have learned to be vigilant against ATM card skimmers and hidden devices that can record you entering your PIN at the cash machine. But experts say an increasing form of ATM fraud involves the use of simple devices capable of snatching cash and ATM cards from unsuspected users.

MoneyGram Fined $100 Million for Wire Fraud

November 19, 2012

19 Comments

A week ago Friday, the U.S. Justice Department announced that MoneyGram International had agreed to pay a $100 million fine and admit to criminally aiding and abetting wire fraud and failing to maintain an effective anti-money laundering program. Loyal readers of this blog no doubt recognize the crucial role that MoneyGram and its competitors play in the siphoning of millions of dollars annually from hacked small- to mid-sized business, but incredibly this settlement appears to be unrelated to these cyber heists.

Infamous Hacker Heading Chinese Antivirus Firm?

November 14, 2012

71 Comments

What does a young Chinese hacker do once he’s achieved legendary status for developing Microsoft Office zero-day exploits and using them to hoover up piles of sensitive data from U.S. Defense Department contractors? Would you believe: Start an antivirus firm?

That appears to be what’s happened at Anvisoft, a Chinese antivirus startup that is being somewhat cagey about its origins and leadership. I stumbled across a discussion on the informative Malwarebytes user forum, in which forum regulars were scratching their heads over whether this was a legitimate antivirus vendor. Anvisoft had already been whitelisted by several other antivirus and security products (including Comodo), but the discussion thread on Malwarebytes about who was running this company was inconclusive, prompting me to dig deeper.

Microsoft Patches 19 Security Holes

November 13, 2012

28 Comments

Microsoft today issued six software updates to fix at least 19 security holes in Windows and other Microsoft products. Thirteen of those vulnerabilities earned a “critical” rating, which means miscreants or malicious code could leverage them to break into vulnerable systems without any help from users.