Author Archives: BrianKrebs

Exploiting the Exploiters

June 23, 2010

Most computer users understand the concept of security flaws in common desktop software such as media players and instant message clients, but those same users often are surprised to learn that the very software tools attackers use to break into networks and computers typically are riddled with their own hidden security holes. Indeed, bugs that reside in attack software of the sort sold to criminals are extremely valuable to law enforcement officials and so-called “white hat” hackers, who can leverage these weaknesses to spy on the attackers or interfere with their day-to-day operations.

Security Updates for Firefox, Opera Browsers

June 23, 2010

5 Comments

Mozilla has shipped a new version of Firefox that corrects a number of vulnerabilities in the browser. Separately, a new version of Opera is available that fixes at least five security flaws in the software. Firefox version 3.6.4 addresses seven… Read More »

The Case for Cybersecurity Insurance, Part I

June 22, 2010

60 Comments

In very few of the many stories I’ve written about online banking fraud against businesses has insurance paid for much — if any — of the losses victim companies suffered. However, several victims I’ve interviewed from recent incidents did have cybersecurity insurance coverage bundled as part of a larger business risk insurance policies; in each case, the businesses suffered fairly substantial thefts, and appear likely to recoup all of their direct financial losses.

A Spike in Phone Phishing Attacks?

June 20, 2010

33 Comments

A couple of readers have written in to say they recently received scam telephone calls warning them about fraud on their credit card accounts and directing them to call a phone number to “verify” their credit card numbers.

These sometimes-automated attacks prompt people to call a supplied telephone number — often a toll-free line. In most cases, the calls will be answered by bogus interactive voice response system designed to coax account credentials and other personal information from the caller.

Sophisticated ATM Skimmer Transmits Stolen Data Via Text Message

June 17, 2010

45 Comments

Operating and planting an ATM skimmer — cleverly disguised technology that thieves attach to cash machines to intercept credit and debit card data — can be a risky venture, because the crooks have to return to the scene of the crime to retrieve their skimmers along with the purloined data. Increasingly, however, criminals are using ATM skimmers that eliminate much of that risk by relaying the information via text message.

Drug Charges Against Accused AT&T/iPad Hacker

June 17, 2010

18 Comments

A hacker in a group that discovered the AT&T iPad-related flaw was arrested on drug charges following the execution of an FBI search warrant of his home in Arkansas on Tuesday, according to published reports. CNET’s Elinor Mills writes that… Read More »

Police Arrest 178 in U.S.-Europe Raid on Credit Card ‘Cloning Labs’

June 15, 2010

12 Comments

Police have arrested 178 people in Europe and the United States suspected of cloning credit cards in an international scam worth over 20 million euro ($24.52 million), according to a report from Reuters.

The stories so far are all light on details or whether this bust was connected to specific fraud forums that facilitate the trade in stolen credit card data, but the wire reports include the following information:

Unpatched Windows XP Flaw Being Exploited

June 15, 2010

31 Comments

A security vulnerability in Microsoft Windows XP systems that was first disclosed a week ago is now being actively exploited by malicious Web sites to foist malware on vulnerable PCs, according to reports. Last week, Google researcher Tavis Ormandy disclosed… Read More »

Cloud Keyloggers?

June 14, 2010

6 Comments

Keystroke-logging computer viruses let crooks steal your passwords, and sometimes even read your e-mails and online chats. Recently, however, anonymous criminals have added insult to injury, releasing a keylogger that publishes stolen information for all the world to see at online notepad sharing sites such as pastebin.com.

Security Alert for Windows XP Users

June 14, 2010

16 Comments

Microsoft is warning Windows XP and Server 2003 users that exploit code has been posted online showing attackers how to break into these operating systems remotely via a newly-discovered security flaw.

The security flaw has to do with a weakness in the way the Windows Help and Support Center processes links. Both Windows XP and Server 2003 retrieve help and support information from a fixed set of Web pages that are included on a whitelist maintained by Windows. But Google security research Tavis Ormandy discovered that it was possible to add URLs to that whitelist.