Monthly Archives: May 2016

Got $90,000? A Windows 0-Day Could Be Yours

May 31, 2016

How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000.

Did the Clinton Email Server Have an Internet-Based Printer?

May 26, 2016

116 Comments

The Associated Press today points to a remarkable footnote in a recent State Department inspector general report on the Hillary Clinton email scandal: The mail was managed from the vanity domain “clintonemail.com.” But here’s a potentially more explosive finding: A review of… Read More »

Skimmers Found at Walmart: A Closer Look

May 25, 2016

123 Comments

Recent local news stories about credit card skimmers found in self-checkout lanes at some Walmart locations reminds me of a criminal sales pitch I saw recently for overlay skimmers made specifically for the very same card terminals.

Noodles & Company Probes Breach Claims

May 19, 2016

43 Comments

Noodles & Company [NASDAQ: NDLS], a fast-casual restaurant chain with more than 400 stores in 31 U.S. states, says it has hired outside investigators to probe reports of a credit card breach at some locations.

As Scope of 2012 Breach Expands, LinkedIn to Again Reset Passwords for Some Users

May 18, 2016

34 Comments

A 2012 data breach that was thought to have exposed 6.5 million hashed passwords for LinkedIn users instead likely impacted more than 117 million accounts, the company now says. In response, the business networking giant said today that it would once again force a password reset for individual users thought to be impacted in the expanded breach.

Microsoft Disables Wi-Fi Sense on Windows 10

May 18, 2016

42 Comments

Microsoft has disabled its controversial Wi-Fi Sense feature, a component embedded in Windows 10 devices that shares access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in — your Facebook friends.

Carding Sites Turn to the ‘Dark Cloud’

May 12, 2016

54 Comments

Crooks who peddle stolen credit cards on the Internet face a constant challenge: Keeping their shops online and reachable in the face of meddling from law enforcement officials, security firms, researchers and vigilantes. In this post, we’ll examine a large collection of hacked computers around the world that currently serves as a criminal cloud hosting environment for a variety of cybercrime operations, from sending spam to hosting malicious software and stolen credit card shops.

Wendy’s: Breach Affected 5% of Restaurants

May 11, 2016

24 Comments

Wendy’s said today that an investigation into a credit card breach at the nationwide fast-food chain uncovered malicious software on point-of-sale systems at fewer than 300 of the company’s 5,500 franchised stores. The company says the investigation into the breach is continuing, but that the malware has been removed from all affected locations.

Adobe, Microsoft Push Critical Updates

May 10, 2016

37 Comments

Adobe has issued security updates to fix weaknesses in its PDF Reader, Cold Fusion and Flash Player products. Microsoft meanwhile today released 16 update bundles to address dozens of security flaws in Windows, Internet Explorer and related software.

Crooks Grab W-2s from Credit Bureau Equifax

May 6, 2016

38 Comments

Identity thieves stole tax and salary data from big-three credit bureau Equifax Inc., according to a letter that grocery giant Kroger sent to all current and some former employees on Thursday. The nation’s largest grocery chain by revenue appears to be one… Read More »