Author Archives: BrianKrebs

Dark Web’s ‘Evolution Market’ Vanishes

March 18, 2015

The Evolution Market, an online black market that sells everything contraband — from marijuana, heroin and ecstasy to stolen identities and malicious hacking services — appears to have vanished in the last 24 hours with little warning. Much to the chagrin of countless merchants hawking their wares in the underground market, the curators of the project have reportedly absconded with the community’s bitcoins — a stash that some Evolution merchants reckon is worth more than USD $12 million.

Premera Blue Cross Breach Exposes Financial, Medical Records

March 17, 2015

58 Comments

Premera Blue Cross, a major provider of health care services, disclosed today that an intrusion into its network may have resulted in the breach of financial and medical records of 11 million customers. Although the company isn’t saying so just yet, there are independent indicators that this intrusion is once again the work of state-sponsored espionage groups based in China.

Door Skimmer + Hidden Camera = Profit

March 17, 2015

41 Comments

If an ATM you’d like to use is enclosed in a vestibule that requires a card swipe at the door, it might be a good idea to go find another ATM, or at least use something other than a payment card to gain entry. Thieves frequently add skimmers to these key card locks and then hide cameras above or beside such ATMs, allowing them to steal your PIN and card data without ever actually tampering with the cash machine itself.

‘AntiDetect’ Helps Thieves Hide Digital Fingerprints

March 16, 2015

72 Comments

As a greater number of banks in the United States shift to issuing more secure credit and debit cards with embedded chip technology, fraudsters are going to direct more of their attacks against online merchants. No surprise, then, that thieves increasingly are turning to an emerging set of software tools to help them evade fraud detection schemes employed by many e-commerce companies.

Adobe Flash Update Plugs 11 Security Holes

March 12, 2015

27 Comments

Adobe has released an update for its Flash Player software that fixes at least 11 separate, critical security vulnerabilities in the program. If you have Flash installed, please take a moment to ensure your systems are updated.

MS Update 3033929 Causing Reboot Loop

March 12, 2015

174 Comments

One of the operating system updates Microsoft released on Tuesday of this week — KB3033929 — is causing a reboot loop for a fair number of Windows 7 users, according to postings on multiple help forums. The update in question does not appear to address a pressing security vulnerability, so users who have not yet installed it should probably delay doing so until Microsoft straightens things out.

Apple Pay: Bridging Online and Big Box Fraud

March 11, 2015

84 Comments

Lost amid the media firestorm these past few weeks about fraudsters turning to Apple Pay is this stark and rather unsettling reality: Apple Pay makes it possible for cyber thieves to buy high-priced merchandise from brick-and-mortar stores using stolen credit and debit card numbers that were heretofore only useful for online fraud.

Microsoft Fixes Stuxnet Bug, Again

March 10, 2015

62 Comments

Microsoft today shipped a bundle of security updates to address more than three dozen vulnerabilities in Windows and associated software. Included in the batch is a fix for a flaw first patched in 2010 — the very same vulnerability that led to the discovery of the infamous cyberweapon known as Stuxnet. Turns out, the patch that Microsoft shipped to fix that flaw in 2010 didn’t quite do the trick, leaving Windows users dangerously exposed all this time.

Spoofing the Boss Turns Thieves a Tidy Profit

March 10, 2015

68 Comments

Judy came within a whisker of losing $315,000 in cash belonging to her employer, a mid-sized manufacturing company in northeast Ohio. Judy’s boss had emailed her, asking her to wire the money to China to pay for some raw materials. The boss, who was traveling abroad at the time, had requested such transfers before — at even higher amounts to manufacturers in China and elsewhere — so the request didn’t seem unusual or suspicious.

Until it did.

Point-of-Sale Vendor NEXTEP Probes Breach

March 9, 2015

30 Comments

NEXTEP Systems, a Troy, Mich.-based vendor of point-of-sale solutions for restaurants, corporate cafeterias, casinos, airports and other venues, was recently notified by law enforcement that some of its customer locations have been compromised in a potentially wide-ranging credit card breach, KrebsOnSecurity has learned.