Exploit This

Security News, Exploits, and Vulnerabilities.

Inside ‘The Attack That Almost Broke the Internet’

In March 2013, a coalition of spammers and spam-friendly hosting firms pooled their resources to launch what would become the largest distributed denial-of-service (DDoS) attack the Internet had ever seen. The assault briefly knocked offline the world’s largest anti-spam organization, and caused a great deal of collateral damage to innocent bystanders in the process. Here’s a never-before-seen look at how that attack unfolded, and a rare glimpse into the shadowy cybercrime forces that orchestrated it.

United Airlines Sets Minimum Bar on Security

United Airlines has rolled out a series of updates to its Web site that the company claims will help beef up the security of customer accounts. But at first glance, the core changes — moving from a 4-digit PINs to password and requiring customers to pick five different security questions and answers — may seem like a security playbook copied from Yahoo.com, circa 2009. Here’s a closer look at what’s changed in how United authenticates customers, and hopefully a bit of insight into what the nation’s fourth-largest airline is trying to accomplish with its new system.

A Life or Death Case of Identity Theft?

Identity thieves have perfected a scam in which they impersonate existing customers at retail mobile phone stores, pay a small cash deposit on pricey new phones, and then charge the rest to the victim’s account. In most cases, switching on the new phones causes the victim account owner’s phone(s) to go dead. This is the story of a Pennsylvania man who allegedly died of a heart attack because his wife’s phone was switched off by ID thieves and she was temporarily unable to call for help.

Wildfire, the ransomware threat that takes Holland and Belgium hostage

While ransomware is a global threat, every now and then we see a variant that targets one specific region. Today we can add a new one to the list: Wildfire.

Threat intelligence report for the telecommunications industry

The telecoms sector is under fire on all sides – hit by direct attacks on organizations and networks, indirect attacks in search of subscribers, and collateral damage from unrelated, targeted campaigns. This report reveals the many layers of vulnerability.

Malware Infected All Eddie Bauer Stores in U.S., Canada

Clothing store chain Eddie Bauer said today it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of January may have been compromised in the breach. The acknowledgement comes nearly six weeks after KrebsOnSecurity first notified the clothier about a possible intrusion at stores nationwide.

Massive Email Bombs Target .Gov Addresses

Over the weekend, unknown assailants launched a massive cyber attack aimed at flooding .gov email inboxes with subscription requests to thousands of email lists. According to experts, the attack was successful largely thanks to the staggering number of email newsletters that don’t take the basic step of validating new signup requests.

Brazilian banking Trojans meet PowerShell

Brazil is the most infected country worldwide when it comes to banking Trojans, and the quality of the malware is evolving dramatically. Now Brazilian bad guys have made an important addition to their arsenal: the use of PowerShell.

Spam and phishing in Q2 2016

In the second quarter of 2016, the proportion of spam in email traffic increased insignificantly – by 0.33 p.p. – compared to the previous quarter and accounted for 57.25%. The US remained the biggest source of spam. As in the previous quarter, the top three sources also included Vietnam and India.

Operation Ghoul: targeted attacks on industrial and engineering organizations

We recently identified a cybercriminal operation targeting a large number of organizations, with focus on few countries more than others. Attackers are utilizing simple tools with proficient social engineering, highly successful with Industrial and engineering SMBs. Attacks are ongoing, slowly crippling businesses, spreading harm and ruin wherever they land, like a Ghoul.

%d bloggers like this: