Apple on Monday released a critical update to its version of Java for Mac OS X systems that plugs at least a dozen security holes in the program. More importantly, the patch includes fixes for a flaw that attackers have recently pounced on to broadly deploy malicious software, both on Windows and Mac systems.
It was mid November 2011. I was shivering on the upper deck of an aging cruise ship docked at the harbor in downtown Rotterdam. Inside, a big-band was jamming at a reception for attendees of the GovCert cybersecurity conference, where I had delivered a presentation earlier that day on a long-running turf war between two of the largest sponsors of spam.
The evening was bracingly frigid and blustery, and I was waiting there to be introduced to investigators from the Russian Federal Security Service; several FSB agents who attended the conference told our Dutch hosts that they wanted to meet me in a private setting. Stepping out the night air, a woman from the conference approached, formally presented the three men behind her, and then hurried back inside to the warmth of the reception
Global Payments Inc., the Atlanta-based credit and debit card processor that recently announced a breach that exposed fewer than 1.5 million card accounts, held a conference call this morning to discuss the incident. Unfortunately, that call created more questions than… Read More »
Global Payments, the credit and debit card processor that disclosed a breach of its systems late Friday, said in a statement late Sunday that the incident involved at least 1.5 million accounts. The news comes hours ahead of planned conference call with investors, and after Visa said it had pulled its seal of approval for the company.
In a press release issued 9:30 Sunday evening, Atlanta based Global Payments Inc. said it believes “the affected portion of its processing system is confined to North America and less than 1,500,000 card numbers may have been exported…Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained. ”
VISA and MasterCard are alerting banks across the country about a recent major breach at a U.S.-based credit card processor. Sources in the financial sector are calling the breach “massive,” and say it may involve more than 10 million compromised card numbers.
Adobe has issued a security update for its Flash Player software that fixes at least two critical vulnerabilities in the widely-used browser plugin. At long last, this latest version also includes an auto-updating mechanism designed to streamline the deployment of Flash security fixes across multiple browsers.
If it seems like you just updated Flash to fix security holes, it’s not your imagination. This is the third security update for Flash in the last six weeks. Flash Player v. 11.2 addresses a couple of flaws in Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x. Adobe warns that these vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.
Experts from across the security industry collaborated this week to quarantine more than 110,000 Microsoft Windows PCs that were infected with the Khelios worm, a contagion that forces infected PCs to blast out junk email advertising rogue Internet pharmacies.
Most botnets are relatively fragile: If security experts or law enforcement agencies seize the Internet servers used to control the zombie network, the crime machine eventually implodes. But Khelios (a.k.a. “Kelihos”) was built to withstand such attacks, employing a peer-to-peer structure not unlike that used by popular music and file-sharing sites to avoid takedown by the music and entertainment industry.
If your computer is running Java and you have not updated to the latest version, you may be asking for trouble: A powerful exploit that takes advantage of a newly-disclosed security hole in Java has been rolled into automated exploit kits and is rapidly increasing the success rates of these tools in attacking vulnerable Internet users.
Microsoft today announced the execution of a carefully planned takedown of dozens of botnets powered by ZeuS and SpyEye — powerful banking Trojans that have helped thieves steal more than $100 million from small to mid-sized businesses in the United… Read More »
Last week was a bad one to be a cybercrook. Authorities in Russia arrested several men thought to be behind the Carberp banking Trojan, and obtained a verdict of guilty against the infamous spammer Leo Kuvayev. In the United States, a jury returned a 33-month jail sentence against a Belarusian who ran a call service for cyber thieves. At the same time, U.S. prosecutors secured a guilty plea against a Russian man who was part of a gang that stole more than $3 million from U.S. businesses fleeced with the help of the ZeuS Trojan.
