Dental Assn Mails Malware to Members
The American Dental Association (ADA) says it may have inadvertently mailed malware-laced USB thumb drives to thousands of member dentists nationwide.
Author Archives: BrianKrebs
All About Fraud: How Crooks Get the CVV
A longtime reader recently asked: “How do online fraudsters get the 3-digit card verification value (CVV or CVV2) code printed on the back of customer cards if merchants are forbidden from storing this information? The answer: Probably by installing a Web-based keylogger at an online merchant so that all data that customers submit to the site is copied and sent to the attacker’s server.
SpyEye Makers Get 24 Years in Prison
Two hackers convicted of making and selling the infamous SpyEye botnet creation kit were sentenced in Atlanta today to a combined 24 years in prison for helping to infect hundreds of thousands of computers with malware and stealing millions from unsuspecting victims.
Giant Food Sees Giant Card Fraud Spike
Citing a recent and large increase in credit card fraud, Washington, DC-area grocer Giant Food says it will no longer allow customers to use credit cards when purchasing gift cards and reloadable or prepaid debit cards.
US-CERT to Windows Users: Dump Apple Quicktime
Microsoft Windows users who still have Apple Quicktime installed should ditch the program now that Apple has stopped shipping security updates for the platform, warns the Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT). The advice came just as researchers are reporting two new critical security holes in Quicktime that likely won’t be patched.
‘Blackhole’ Exploit Kit Author Gets 7 Years
A Moscow court this week convicted and sentenced seven hackers for breaking into countless online bank accounts — including “Paunch,” the nickname used by the author of the infamous “Blackhole” exploit kit. Once an extremely popular crimeware-as-a-service offering, Blackhole was for several years responsible for a large percentage of malware infections and stolen banking credentials, and likely contributed to tens of millions of dollars stolen from small to mid-sized businesses over several years.
‘Badlock’ Bug Tops Microsoft Patch Batch
Microsoft released fixes on Tuesday to plug critical security holes in Windows and other software. The company issued 13 patches to tackle dozens of vulnerabilities, including a much-hyped “Badlock” file-sharing bug that appears ripe for exploitation. Also, Adobe updated its Flash Player release to address at least two-dozen flaws — in addition to the zero-day vulnerability Adobe patched last week.
New Threat Can Auto-Brick Apple Devices
If you use an Apple iPhone, iPad or other iDevice, now would be an excellent time to ensure that the machine is running the latest version of Apple’s mobile operating system — version 9.3.1. Failing to do so could expose your devices to automated threats capable of rendering them unresponsive and perhaps forever useless.
Adobe Patches Flash Player Zero-Day Threat
Adobe Systems this week rushed out an emergency patch to plug a security hole in its widely-installed Flash Player software, warning that the vulnerability is already being exploited in active attacks.
FBI: $2.3 Billion Lost to CEO Email Scams
The U.S. Federal Bureau of Investigation (FBI) this week warned about a “dramatic” increase in so-called “CEO fraud,” e-mail scams in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters. The FBI estimates that these scams have cost organizations more than $2.3 billion in losses over the past three years.
