Category Archives: Other

Blowing the Whistle on Bad Attribution

August 18, 2017

The New York Times this week published a fascinating story about a young programmer in Ukraine who’d turned himself in to the local police. The Times says the man did so after one of his software tools was identified by the U.S. government as part of the arsenal used by Russian hackers suspected of hacking into the Democratic National Committee (DNC) last year. It’s a good read, as long as you can ignore that the premise of the piece is completely wrong.

Beware of Security by Press Release

August 10, 2017

On Wednesday, the security industry once again witnessed an all-too-familiar cycle: I call it “Security by press release.” It goes a bit like this: A security firm releases a report claiming to have unearthed a major flaw in a competitor’s product; members of the trade press uncritically republish the claims without adding much clarity or waiting for responses from the affected vendor; blindsided vendor responds in a blog post showing how the issue is considerably less dire than originally claimed.

At issue are claims made by Denver-based security company DirectDefense, which published a report this week warning that Cb Response — a suite of security tools sold by competitor Carbon Black (formerly Bit9) — was leaking potentially sensitive and proprietary data from customers who use its product.

Critical Security Fixes from Adobe, Microsoft

August 8, 2017

Adobe has released updates to fix at least 67 vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, it’s time once again to get your patches on.

More than two dozen of the vulnerabilities fixed in today’s Windows patch bundle address “critical” flaws that can be exploited by malware or miscreants to assume complete, remote control over a vulnerable PC with little or no help from the user. According to Microsoft, none of flaws in August’s Patch Tuesday are being actively exploited in the wild, although Bleeping Computer notes that three of the bugs were publicly detailed before today’s patch release.

Flash Player is Dead, Long Live Flash Player!

August 2, 2017

Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple, Facebook, Google, Microsoft and Mozilla. But don’t break out the bubbly just yet: Adobe says Flash won’t be put down officially until 2020.

New Bill Seeks Basic IoT Security Standards

August 1, 2017

Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government’s purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras. The legislation, which also seeks to remedy some widely-perceived shortcomings in existing cybercrime law, was developed in direct response to a series of massive cyber attacks in 2016 that were fueled for the most part by poorly-secured “Internet of Things” (IoT) devices.

Suspended Sentence for Mirai Botmaster Daniel Kaye

July 28, 2017

Last month, KrebsOnSecurity identified U.K. citizen Daniel Kaye as the likely real-life identity behind a hacker responsible for clumsily wielding a powerful botnet built on Mirai, a malware strain that enslaves poorly secured Internet of Things (IoT) devices for use in large-scale online attacks. Today, a German court issued a suspended sentence for Kaye, who now faces related cybercrime charges in the United Kingdom.

Gas Pump Skimmer Sends Card Data Via Text

July 27, 2017

Skimming devices that crooks install inside fuel station gas pumps frequently rely on an embedded Bluetooth component allowing thieves to collect stolen credit card data from the pumps wirelessly with any mobile device. The downside of this approach is that Bluetooth-based skimmers can be detected by anyone else with a mobile device. Now, investigators in the New York say they are starting to see pump skimmers that use cannibalized cell phone components to send stolen card data via text message.

How a Citadel Trojan Developer Got Busted

July 25, 2017

A U.S. District Court judge in Atlanta last week handed a five year prison sentence to Mark Vartanyan, a Russian hacker who helped develop and sell the once infamous and widespread Citadel banking trojan. This fact has been reported by countless media outlets, but far less well known is the fascinating backstory about how Vartanyan got caught.

Exclusive: Dutch Cops on AlphaBay ‘Refugees’

July 20, 2017

Following today’s breaking news about U.S. and international authorities taking down the competing Dark Web drug bazaars AlphaBay and Hansa Market, KrebsOnSecurity caught up with the Dutch investigators who took over Hansa on June 20, 2017. When U.S. authorities shuttered AlphaBay on July 5, police in The Netherlands saw a massive influx of AlphaBay refugees who were unwittingly fleeing directly into the arms of investigators. What follows are snippets from an exclusive interview with Petra Haandrikman, team leader of the Dutch police unit that infiltrated Hansa.

Vendors on both AlphaBay and Hansa sold a range of black market items — most especially controlled substances like heroin. According to the U.S. Justice Department, AlphaBay alone had some 40,000 vendors who marketed a quarter-million sales listings for illegal drugs to more than 200,000 customers. The DOJ said that as of earlier this year, AlphaBay had 238 vendors selling heroin. Another 122 vendors advertised Fentanyl, an extremely potent synthetic opioid that has been linked to countless overdoses and deaths.

In our interview, Haandrikman detailed the dual challenges of simultaneously dealing with the exodus of AlphaBay users to Hansa and keeping tabs on the giant increase in new illicit drug orders that were coming in daily as a result.