Warning: file_get_contents() [function.file-get-contents]: SSL: The specified procedure could not be found. in D:\Sites\sis\lersais\news\widgets\get_stories.inc.php on line 42

Warning: file_get_contents(http://slashdot.org/stories/security) [function.file-get-contents]: failed to open stream: HTTP request failed! in D:\Sites\sis\lersais\news\widgets\get_stories.inc.php on line 42
All Headlines
Krebs on Security
Infosec Island
 

Drugs Tripped Up Suspects In First Known ATM “Jackpotting” Attacks in the US

Jan 30, 2018 | Krebs on Security

On Jan. 27, 2018, KrebsOnSecurity published what this author thought a scoop about the first known incidence of U.S. ATMs being hit with "jackpotting" attacks, a crime in which thieves deploy malware that forces cash machines to spit out money like a loose Las Vegas slot machine. As it happens, the first known jackpotting attacks in the United States were reported in November 2017 by local media on the west coast, although the reporters in those cases seem to have completely buried the lede.

  (Read Story...)

Attackers Exploiting Unpatched Flaw in Flash

Feb 02, 2018 | Krebs on Security

Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this still-ubiquitous program and harden your defenses. Adobe said a critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.

  (Read Story...)

Alleged Spam Kingpin ‘Severa’ Extradited to US

Feb 05, 2018 | Krebs on Security

Peter Yuryevich Levashov, a 37-year-old Russian computer programmer thought to be one of the world's most notorious spam kingpins, has been extradited to the United States to face federal hacking and spamming charges. Levashov, who allegedly went by the hacker name "Peter Severa," or "Peter of the North," hails from St. Petersburg in northern Russia, but he was arrested last year while in Barcelona, Spain with his family. Authorities have long suspected he is the cybercriminal behind the once powerful spam botnet known as Waledac (a.k.a. "Kelihos"), a now-defunct malware strain responsible for sending more than 1.5 billion spam, phishing and malware attacks each day.

  (Read Story...)

Would You Have Spotted This Skimmer?

Feb 06, 2018 | Krebs on Security

When you realize how easy it is for thieves to compromise an ATM or credit card terminal with skimming devices, it's difficult not to inspect or even pull on these machines when you're forced to use them personally -- half expecting something will come detached. For those unfamiliar with the stealth of these skimming devices and the thieves who install them, read on.

  (Read Story...)

U.S. Arrests 13, Charges 36 in ‘Infraud’ Cybercrime Forum Bust

Feb 08, 2018 | Krebs on Security

The U.S. Justice Department announced charges on Wednesday against three dozen individuals thought to be key members of 'Infraud," a long-running cybercrime forum that federal prosecutors say cost consumers more than a half billion dollars. In conjunction with the forum takedown, 13 alleged Infraud members from the United States and six other countries were arrested. Started in October 2010, Infraud was short for "In Fraud We Trust," and collectively the forum referred to itself as the "Ministry of Fraudulently [sic] Affairs." As a mostly English-language fraud forum, Infraud attracted nearly 11,000 members from around the globe who sold, traded and bought everything from stolen identities and credit card accounts to ATM skimmers, botnet hosting and malicious software.

  (Read Story...)

The Only Gold Russia Can Win at the Winter Olympics Is for Cyber-Hacking

Feb 09, 2018 | Infosec Island

Each time Russia leaks information in connection to doping commissions, it garners less news attention and is increasingly being viewed as a failed operation.

  (Read Story...)

Domain Theft Strands Thousands of Web Sites

Feb 12, 2018 | Krebs on Security

Newtek Business Services Corp. [NASDAQ:NEWT], a Web services conglomerate that operates more than 100,000 business Web sites and some 40,000 managed technology accounts, had several of its core domain names stolen over the weekend. The theft shut off email and stranded Web sites for many of Newtek's customers. An email blast Newtek sent to customers late Saturday evening made no mention of a breach or incident, saying only that the company was changing domains due to "increased" security. A copy of that message can be read here (PDF). In reality, three of their core domains were hijacked by a Vietnamese hacker, who replaced the login page many Newtek customers used to remotely manage their Web sites (webcontrolcenter[dot]com) with a live Web chat service. As a result, Newtek customers seeking answers to why their Web sites no longer resolved correctly ended up chatting with the hijacker instead.

  (Read Story...)

Microsoft Patch Tuesday, February 2018 Edition

Feb 13, 2018 | Krebs on Security

Microsoft today released a bevy of security updates to tackle more than 50 serious weaknesses in Windows, Internet Explorer/Edge, Microsoft Office and Adobe Flash Player, among other products. A good number of the patches issued today ship with Microsoft's "critical" rating, meaning the problems they fix could be exploited remotely by miscreants or malware to seize complete control over vulnerable systems -- with little or no help from users.

  (Read Story...)

New EU Privacy Law May Weaken Security

Feb 15, 2018 | Krebs on Security

Companies around the globe are scrambling to comply with new European privacy regulations that take effect a little more than three months from now. But many security experts are worried that the changes being ushered in by the rush to adhere to the law may make it more difficult to track down cybercriminals and less likely that organizations will be willing to share data about new online threats. On May 25, 2018, the General Data Protection Regulation (GDPR) takes effect. The law, enacted by the European Parliament, requires technology companies to get affirmative consent for any information they collect on people within the European Union. Organizations that violate the GDPR could face fines of up to four percent of global annual revenues.

  (Read Story...)

Three Ways to Take Home the Gold When It Comes to Cybersecurity at the Olympics

Feb 16, 2018 | Infosec Island

Start planning now for the events on the horizon; hopefully you thought ahead for Pyeongchang – but remember Tokyo 2020 isn’t that far way.

  (Read Story...)

SAP Cyber Threat Intelligence Report – February 2018

Feb 16, 2018 | Infosec Island

The second set of SAP Security Notes in 2018 consists of 26 patches with the majority of them rated medium.

  (Read Story...)

IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts

Feb 19, 2018 | Krebs on Security

Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms' clients, the crooks contact those clients posing as a collection agency and demand that the money be "returned." In one version of the scam, criminals are pretending to be debt collection agency officials acting on behalf of the IRS. They'll call taxpayers who've had fraudulent tax refunds deposited into their bank accounts, claim the refund was deposited in error, and threaten recipients with criminal charges if they fail to forward the money to the collection agency. This is exactly what happened to a number of customers at a half dozen banks in Oklahoma earlier this month. Elaine Dodd, executive vice president of the fraud division at the Oklahoma Bankers Association, said many financial institutions in the Oklahoma City area had "a good number of customers" who had large sums deposited into their bank accounts at the same time.

  (Read Story...)

Large Crypto-Mining Operation Targeting Jenkins CI Servers

Feb 20, 2018 | Infosec Island

A large malicious crypto-mining operation has recently started targeting the powerful Jenkins CI server, Check Point security researchers have discovered.

  (Read Story...)

Researchers Detail Linux-Based “Chaos” Backdoor

Feb 20, 2018 | Infosec Island

A Linux-targeting backdoor observed in live attacks in June last year was recently found to have been part of an older rootkit, GoSecure researchers reveal.

  (Read Story...)

Money Laundering Via Author Impersonation on Amazon?

Feb 20, 2018 | Krebs on Security

Patrick Reames had no idea why Amazon.com sent him a 1099 form saying he'd made almost $24,000 selling books via Createspace, the company's on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that's full of nothing but gibberish.

  (Read Story...)

Money Laundering Via Author Impersonation on Amazon?

Feb 20, 2018 | Krebs on Security

Patrick Reames had no idea why Amazon.com sent him a 1099 form saying he'd made almost $24,000 selling books via Createspace, the company's on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that's full of nothing but gibberish.

  (Read Story...)

IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts

Feb 19, 2018 | Krebs on Security

Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms' clients, the crooks contact those clients posing as a collection agency and demand that the money be "returned." In one version of the scam, criminals are pretending to be debt collection agency officials acting on behalf of the IRS. They'll call taxpayers who've had fraudulent tax refunds deposited into their bank accounts, claim the refund was deposited in error, and threaten recipients with criminal charges if they fail to forward the money to the collection agency. This is exactly what happened to a number of customers at a half dozen banks in Oklahoma earlier this month. Elaine Dodd, executive vice president of the fraud division at the Oklahoma Bankers Association, said many financial institutions in the Oklahoma City area had "a good number of customers" who had large sums deposited into their bank accounts at the same time.

  (Read Story...)

New EU Privacy Law May Weaken Security

Feb 15, 2018 | Krebs on Security

Companies around the globe are scrambling to comply with new European privacy regulations that take effect a little more than three months from now. But many security experts are worried that the changes being ushered in by the rush to adhere to the law may make it more difficult to track down cybercriminals and less likely that organizations will be willing to share data about new online threats. On May 25, 2018, the General Data Protection Regulation (GDPR) takes effect. The law, enacted by the European Parliament, requires technology companies to get affirmative consent for any information they collect on people within the European Union. Organizations that violate the GDPR could face fines of up to four percent of global annual revenues.

  (Read Story...)

Microsoft Patch Tuesday, February 2018 Edition

Feb 13, 2018 | Krebs on Security

Microsoft today released a bevy of security updates to tackle more than 50 serious weaknesses in Windows, Internet Explorer/Edge, Microsoft Office and Adobe Flash Player, among other products. A good number of the patches issued today ship with Microsoft's "critical" rating, meaning the problems they fix could be exploited remotely by miscreants or malware to seize complete control over vulnerable systems -- with little or no help from users.

  (Read Story...)

Domain Theft Strands Thousands of Web Sites

Feb 12, 2018 | Krebs on Security

Newtek Business Services Corp. [NASDAQ:NEWT], a Web services conglomerate that operates more than 100,000 business Web sites and some 40,000 managed technology accounts, had several of its core domain names stolen over the weekend. The theft shut off email and stranded Web sites for many of Newtek's customers. An email blast Newtek sent to customers late Saturday evening made no mention of a breach or incident, saying only that the company was changing domains due to "increased" security. A copy of that message can be read here (PDF). In reality, three of their core domains were hijacked by a Vietnamese hacker, who replaced the login page many Newtek customers used to remotely manage their Web sites (webcontrolcenter[dot]com) with a live Web chat service. As a result, Newtek customers seeking answers to why their Web sites no longer resolved correctly ended up chatting with the hijacker instead.

  (Read Story...)

U.S. Arrests 13, Charges 36 in ‘Infraud’ Cybercrime Forum Bust

Feb 08, 2018 | Krebs on Security

The U.S. Justice Department announced charges on Wednesday against three dozen individuals thought to be key members of 'Infraud," a long-running cybercrime forum that federal prosecutors say cost consumers more than a half billion dollars. In conjunction with the forum takedown, 13 alleged Infraud members from the United States and six other countries were arrested. Started in October 2010, Infraud was short for "In Fraud We Trust," and collectively the forum referred to itself as the "Ministry of Fraudulently [sic] Affairs." As a mostly English-language fraud forum, Infraud attracted nearly 11,000 members from around the globe who sold, traded and bought everything from stolen identities and credit card accounts to ATM skimmers, botnet hosting and malicious software.

  (Read Story...)

Would You Have Spotted This Skimmer?

Feb 06, 2018 | Krebs on Security

When you realize how easy it is for thieves to compromise an ATM or credit card terminal with skimming devices, it's difficult not to inspect or even pull on these machines when you're forced to use them personally -- half expecting something will come detached. For those unfamiliar with the stealth of these skimming devices and the thieves who install them, read on.

  (Read Story...)

Alleged Spam Kingpin ‘Severa’ Extradited to US

Feb 05, 2018 | Krebs on Security

Peter Yuryevich Levashov, a 37-year-old Russian computer programmer thought to be one of the world's most notorious spam kingpins, has been extradited to the United States to face federal hacking and spamming charges. Levashov, who allegedly went by the hacker name "Peter Severa," or "Peter of the North," hails from St. Petersburg in northern Russia, but he was arrested last year while in Barcelona, Spain with his family. Authorities have long suspected he is the cybercriminal behind the once powerful spam botnet known as Waledac (a.k.a. "Kelihos"), a now-defunct malware strain responsible for sending more than 1.5 billion spam, phishing and malware attacks each day.

  (Read Story...)

Attackers Exploiting Unpatched Flaw in Flash

Feb 02, 2018 | Krebs on Security

Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this still-ubiquitous program and harden your defenses. Adobe said a critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.

  (Read Story...)

Drugs Tripped Up Suspects In First Known ATM “Jackpotting” Attacks in the US

Jan 30, 2018 | Krebs on Security

On Jan. 27, 2018, KrebsOnSecurity published what this author thought a scoop about the first known incidence of U.S. ATMs being hit with "jackpotting" attacks, a crime in which thieves deploy malware that forces cash machines to spit out money like a loose Las Vegas slot machine. As it happens, the first known jackpotting attacks in the United States were reported in November 2017 by local media on the west coast, although the reporters in those cases seem to have completely buried the lede.

  (Read Story...)

Researchers Detail Linux-Based “Chaos” Backdoor

Feb 20, 2018 | Infosec Island

A Linux-targeting backdoor observed in live attacks in June last year was recently found to have been part of an older rootkit, GoSecure researchers reveal.

  (Read Story...)

Large Crypto-Mining Operation Targeting Jenkins CI Servers

Feb 20, 2018 | Infosec Island

A large malicious crypto-mining operation has recently started targeting the powerful Jenkins CI server, Check Point security researchers have discovered.

  (Read Story...)

Three Ways to Take Home the Gold When It Comes to Cybersecurity at the Olympics

Feb 16, 2018 | Infosec Island

Start planning now for the events on the horizon; hopefully you thought ahead for Pyeongchang – but remember Tokyo 2020 isn’t that far way.

  (Read Story...)

SAP Cyber Threat Intelligence Report – February 2018

Feb 16, 2018 | Infosec Island

The second set of SAP Security Notes in 2018 consists of 26 patches with the majority of them rated medium.

  (Read Story...)

The Only Gold Russia Can Win at the Winter Olympics Is for Cyber-Hacking

Feb 09, 2018 | Infosec Island

Each time Russia leaks information in connection to doping commissions, it garners less news attention and is increasingly being viewed as a failed operation.

  (Read Story...)

Think GDPR Won’t Affect Your U.S. Company? Guess Again

Feb 07, 2018 | Infosec Island

Ignorance is not bliss when it comes to the GDPR, and organizations that have fallen behind in their preparations must ramp up their compliance activities.

  (Read Story...)

Advancing the Usability of PKIs

Feb 06, 2018 | Infosec Island

If your organization is going to rely on PKI, it’s important to also leverage the benefits that automation can provide.

  (Read Story...)

The Five Secrets to Making Security Awareness Work in 2018

Jan 29, 2018 | Infosec Island

Are you ready to make 2018 a break-out year for your security awareness program?

  (Read Story...)

Crypto-Mining Is the Next Ransomware

Jan 19, 2018 | Infosec Island

Since new security threats surface every week, there is a good chance that more devices will be infected with cryptocurrency mining malware in the near future.

  (Read Story...)

Increasing Importance of Mobile Makes Malware a Priority

Jan 17, 2018 | Infosec Island

Businesses should fortify their high value apps with additional security precautions from the inside out.

  (Read Story...)

←  1 / 151010  →