Many of the most widely used third-party software applications for Microsoft Windows do not take advantage of two major lines of defense built into the operating system that can help block attacks from hackers and viruses, according to research released today.
A new study about the (in)efficacy of anti-virus software in detecting the latest malware threats is a much-needed reminder that staying safe online is more about using your head than finding the right mix or brand of security software.
Last week, security software testing firm NSS Labs released the results of its latest controversial test of how the major anti-virus products fared in detecting real-life malware from actual malicious Web sites: Most of the products took an average of more than 45 hours — nearly two days — to detect the latest threats.
A hacker in a group that discovered the AT&T iPad-related flaw was arrested on drug charges following the execution of an FBI search warrant of his home in Arkansas on Tuesday, according to published reports. CNET’s Elinor Mills writes that… Read More »
Police have arrested 178 people in Europe and the United States suspected of cloning credit cards in an international scam worth over 20 million euro ($24.52 million), according to a report from Reuters.
The stories so far are all light on details or whether this bust was connected to specific fraud forums that facilitate the trade in stolen credit card data, but the wire reports include the following information:
Keystroke-logging computer viruses let crooks steal your passwords, and sometimes even read your e-mails and online chats. Recently, however, anonymous criminals have added insult to injury, releasing a keylogger that publishes stolen information for all the world to see at online notepad sharing sites such as pastebin.com.
I am often asked to recommend security software, but I think it’s important to bear in mind that staying secure is just as often about removing little-used software that increases your exposure to online threats. At the very top of my nix-it-now list is Java, a powerful application that most users have on their systems but that probably few actually need.
Criminals have launched an major e-mail campaign to deploy the infamous ZeuS Trojan, blasting out spam messages variously disguised as fraud alerts from the Internal Revenue Service, Twitter account hijack warnings, and salacious Youtube.com videos.
ATM skimmers, fraud devices that criminals attach to cash machines in a bid to steal and ultimately clone customer bank card data, are marketed on a surprisingly large number of open forums and Web sites. For example, ATMbrakers operates a forum that claims to sell or even rent ATM skimmers. Tradekey.com, a place where you can find truly anything for sale, also markets these devices on the cheap.
The truth is that most of these skimmers openly advertised are little more than scams designed to separate clueless crooks from their ill-gotten gains. Start poking around on some of the more exclusive online fraud forums for sellers who have built up a reputation in this business and chances are eventually you will hit upon the real deal.
Organized cyber thieves stole more than $100,000 from a small credit union in Salt Lake City last week, in a brazen online robbery that involved dozens of co-conspirators, KrebsOnSecurity has learned.
Not long after I launched this blog, I wrote about the damage wrought by the Eleonore Exploit Kit, an increasingly prevalent commercial hacking tool that makes it easy for criminals to booby-trap Web sites with malicious software. That post generated tremendous public interest because it offered a peek at the statistics page that normally only the criminals operating these kits get to see.
I’m revisiting this topic again because I managed to have a look at another live Eleonore exploit pack panel, and the data seems to reinforce a previous hunch: Today’s attackers care less about the browser you use and more about whether your third-party browser add-ons and plugins are up-to-date.
