A few weeks ago, I blogged about the financial troubles afflicting ePassporte, an online payment provider whose sudden disconnection from the Visa network left many account holders without access to millions of dollars. I became interested in ePassporte because it… Read More »
The “Stuxnet” computer worm made international headlines in July, when security experts discovered that it was designed to use a previously unknown security hole in Microsoft Windows computers to steal industrial secrets and potentially disrupt operations of critical information networks. But new information about the worm shows that it leverages at least three other previously unknown security holes in Windows PCs, including a vulnerability that Redmond fixed in a software patch released today.
Company owner Christopher Mallick broke the news to ePassporte customers in an e-mail sent Thursday, saying Visa International had suspended the company’s ePassporte Visa program, which is processed through St. Kitts Nevis Anguilla National Bank.
Cyber crooks stole just shy of $1 million from a satellite campus of The University of Virginia last week, KrebsOnSecurity has learned.
Organized thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa earlier this month, sending the money in small chunks overseas with the help of dozens of co-conspirators here in the United States.
Security researchers have dealt a mighty blow to a spam botnet known as Pushdo, a massive grouping of hacked PCs that until recently was responsible for sending more than 10 percent of all e-mail worldwide.
The Obama administration is inviting leaders at the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications.
I was pretty bummed this year when I found out that a previous engagement would prevent me from traveling to Las Vegas for the annual back-to-back Black Hat and Defcon security conventions. But I must say I am downright cranky that I will be missing MalCon, a conference being held in Mumbai later this year that is centered around people in the “malcoder community.”
According to the conference Web site, MalCon is “the worlds [sic] first platform bringing together Malware and Information Security Researchers from across the globe to share key research insights into building the next generation malwares. Spread across the world, malcoders now have a common platform to demonstrate expertise, get a new insight and be a part of the global MALCODER community. This conference features keynotes, technical presentations, workshops as well as the EMERGING CHALLENGES of creating undetectable stealthy malware.”
Roughly half of the exploits tested were exact copies of the first exploit code to be made public against the vulnerability. NSS also tested detection for an equal number of exploit variants, those which exploit the same vulnerability but use slightly different entry points in the targeted system’s memory. None of the exploits used evasion techniques commonly employed by real-life exploits to disguise themselves or hide from intrusion detection systems.
Among all ten products, NSS found that the average detection rate against original exploits was 76 percent, and that only three out of ten products stopped all of the original exploits. The average detection against exploits variants was even lower, at 58 percent, NSS found.
A man identified as one of the world’s top purveyors of junk e-mail has been imprisoned in Russia for allegedly having sex with underage girls, KrebsOnSecurity.com has learned.
According to multiple sources, Leonid “Leo” Aleksandorovich Kuvayev, 38, was sent to a prison in the Russian Federation roughly six months ago. It is not clear how long his sentence is or precisely where he is being held.
