Author Archives: BrianKrebs

Spear Phishing Attacks Snag E-mail Marketers

November 24, 2010

Criminals have been conducting complex, targeted e-mail attacks against employees at more than 100 e-mail service providers (ESPs) over the past several months in a bid to hijack computers at companies that market directly to customers of some of the world’s largest corporations, anti-spam experts warn.

The attacks are a textbook example of how organized thieves can abuse trust relationships between companies to access important resources that are then recycled in future attacks.

Escrow Co. Sues Bank Over $440K Cyber Theft

November 23, 2010

61 Comments

An escrow firm in Missouri is suing its bank to recover $440,000 that organized cyber thieves stole in an online robbery earlier this year, claiming the bank’s reliance on passwords to secure high-dollar transactions failed to measure up to federal e-banking security guidelines.

Crooks Rock Audio-based ATM Skimmers

November 23, 2010

26 Comments

Criminals increasingly are cannibalizing parts from handheld audio players and cheap spy cams to make extremely stealthy and effective ATM skimmers, devices designed to be attached to cash machines and siphon card +PIN data on the sly, a report released last week warned.

Adobe Reader X: Seeking Safety in the Sandbox

November 22, 2010

25 Comments

Adobe has at long last released Reader X, a fortified version of its PDF Reader software that is built to withstand attacks from the sort of zero-day security vulnerabilities that repeatedly have threatened its user base over the past several years.

Why Counting Flaws is Flawed

November 18, 2010

31 Comments

Once or twice each year, some security company trots out a “study” that counts the number of vulnerabilities that were found and fixed in widely used software products over a given period and then pronounces the most profligate offenders in a Top 10 that is supposed to tell us something useful about the relative security of these programs. And nearly without fail, the security press parrots this information as if it were newsworthy.

Critical Updates for Adobe Reader, Acrobat

November 17, 2010

19 Comments

Adobe on Tuesday issued a critical update to patch at least two security holes in its PDF Reader and Acrobat software, including one flaw that was publicly disclosed earlier this month. Updates are available for Windows, Mac and UNIX versions… Read More »

Captchabot: Blurring Human and Machine

November 16, 2010

25 Comments

Last week, I wrote about a “bulletproof hosting” provider that offers dodgy Web hosting that is insulated from takedown by abuse complaints or requests from Western law enforcement agencies. Today, I’ll look at one of that bulletproof provider’s biggest clients: Captchabot.com, a service that automates the solving of “CAPTCHAs,” those annoying agglomerations of squiggly numbers and letters that many online services require users to solve to help ensure that new accounts are not being auto-created by a computer.

OS X Patch Catch-Up

November 15, 2010

10 Comments

Apple recently released a massive update to address at least 130 security vulnerabilities in Mac OS X systems, including a monster patch that fixes 55 flaws in Adobe Flash Player. The seventh major update to OS X this year includes… Read More »

Pursuing Koobface and ‘Partnerka’

November 12, 2010

18 Comments

In any given week, I read at least a dozen reports and studies, but I seldom write about them because their conclusions either are obvious or appear slanted toward generating demand for specific products and services. Occasionally, though, a report… Read More »

Charting the Carnage from eBanking Fraud II

November 12, 2010

5 Comments

Several readers have asked to be notified if the U.S. map showing recent victims of high-dollar online banking thefts was updated. Below is a (non-interactive) screen shot of the updated, interactive map that lives here. Click the red markers to… Read More »