Exploit This

Security News, Exploits, and Vulnerabilities.

Kaspersky Security Bulletin. Spam in 2014

In 2014, the proportion of spam in email traffic was 66.76%, which is 2.84 percentage points lower than in the previous year. Spam levels have fallen consistently from a peak of 85.2% in 2009. This is due to the fact that adverts for legal goods and services are abandoning spam in favor of more effective legal advertising platforms.

MS Update 3033929 Causing Reboot Loop

One of the operating system updates Microsoft released on Tuesday of this week — KB3033929 — is causing a reboot loop for a fair number of Windows 7 users, according to postings on multiple help forums. The update in question does not appear to address a pressing security vulnerability, so users who have not yet installed it should probably delay doing so until Microsoft straightens things out.

‘Locked Out’

In this article we look at the evolution of complication of the encryption schemes used by virus writers and the methods they adopt to put pressure on their victims. At the end of the article there is some advice for users which might help them protect important files.

Apple Pay: Bridging Online and Big Box Fraud

Lost amid the media firestorm these past few weeks about fraudsters turning to Apple Pay is this stark and rather unsettling reality: Apple Pay makes it possible for cyber thieves to buy high-priced merchandise from brick-and-mortar stores using stolen credit and debit card numbers that were heretofore only useful for online fraud.

Inside the EquationDrug Espionage Platform

EquationDrug represents the main espionage platform from the Equation Group. It’s been in use for over 10 years, replacing EquationLaser until it was itself replaced itself by the even more sophisticated GrayFish platform.

Patch Tuesday March 2015 – Stuxnet LNK 0day Fixed

Wait, what? Wasn’t the Stuxnet LNK vulnerability CVE-2010-2568, in part reported by Sergey I. Ulasen, patched years ago? Didn’t Kim Zetter have enough time to write 448 pages of thoroughly footnoted research on this digital weaponry? Yes, it was, but MS10-046 didn’t… Read Full Article

Microsoft Fixes Stuxnet Bug, Again

Microsoft today shipped a bundle of security updates to address more than three dozen vulnerabilities in Windows and associated software. Included in the batch is a fix for a flaw first patched in 2010 — the very same vulnerability that led to the discovery of the infamous cyberweapon known as Stuxnet. Turns out, the patch that Microsoft shipped to fix that flaw in 2010 didn’t quite do the trick, leaving Windows users dangerously exposed all this time.

Spoofing the Boss Turns Thieves a Tidy Profit

Judy came within a whisker of losing $315,000 in cash belonging to her employer, a mid-sized manufacturing company in northeast Ohio. Judy’s boss had emailed her, asking her to wire the money to China to pay for some raw materials. The boss, who was traveling abroad at the time, had requested such transfers before — at even higher amounts to manufacturers in China and elsewhere — so the request didn’t seem unusual or suspicious.

Until it did.

SMS Trojan bypasses CAPTCHA

Trojan-SMS.AndroidOS.Podec proved to be remarkable: it can send messages to premium-rate numbers employing tools that bypass the Advice of Charge system. It can also subscribe users to premium-rate services while bypassing CAPTCHA.

Understanding the operations of a scam

In Sweden, we’re facing a big issue with scammers trying to buy items for sale on various auction websites. Since one of these scammers tried to scam my wife, I decided to follow their scam and document the entire process.

%d bloggers like this: