Exploit This

Security News, Exploits, and Vulnerabilities.

OpenSSL Patch to Plug Severe Security Holes

The world is about to get another reminder about just how much of the Internet runs on technology maintained by a handful of coders working on a shoestring budget. OpenSSL — the software used by thousands of companies to encrypt online communications — is set to get a security makeover this week: The OpenSSL Software Foundation said it plans to release new versions of its code to fix a number of security weaknesses, including some classified as “high” severity.

Analog OPSEC 101 – operational security in the physical world

For a long time we´ve been interested in operational security (OPSEC), and although you can find tons of cool technical tips about protecting digital information, we always felt that something was missing.

Dark Web’s ‘Evolution Market’ Vanishes

The Evolution Market, an online black market that sells everything contraband — from marijuana, heroin and ecstasy to stolen identities and malicious hacking services — appears to have vanished in the last 24 hours with little warning. Much to the chagrin of countless merchants hawking their wares in the underground market, the curators of the project have reportedly absconded with the community’s bitcoins — a stash that some Evolution merchants reckon is worth more than USD $12 million.

Premera Blue Cross Breach Exposes Financial, Medical Records

Premera Blue Cross, a major provider of health care services, disclosed today that an intrusion into its network may have resulted in the breach of financial and medical records of 11 million customers. Although the company isn’t saying so just yet, there are independent indicators that this intrusion is once again the work of state-sponsored espionage groups based in China.

Door Skimmer + Hidden Camera = Profit

If an ATM you’d like to use is enclosed in a vestibule that requires a card swipe at the door, it might be a good idea to go find another ATM, or at least use something other than a payment card to gain entry. Thieves frequently add skimmers to these key card locks and then hide cameras above or beside such ATMs, allowing them to steal your PIN and card data without ever actually tampering with the cash machine itself.

Yeti still Crouching in the Forest

Last July, we published details on Crouching Yeti (aka Energetic Bear), an advanced threat actor involved in several APT campaigns. A quick summary: Campaign status: Active Discovery: January 2014 Targeted platforms: Windows First known sample: 2010 Number of targets: 2,001-3,000… Read Full Article

‘AntiDetect’ Helps Thieves Hide Digital Fingerprints

As a greater number of banks in the United States shift to issuing more secure credit and debit cards with embedded chip technology, fraudsters are going to direct more of their attacks against online merchants. No surprise, then, that thieves increasingly are turning to an emerging set of software tools to help them evade fraud detection schemes employed by many e-commerce companies.

Adobe Flash Update Plugs 11 Security Holes

Adobe has released an update for its Flash Player software that fixes at least 11 separate, critical security vulnerabilities in the program. If you have Flash installed, please take a moment to ensure your systems are updated.

Kaspersky Security Bulletin. Spam in 2014

In 2014, the proportion of spam in email traffic was 66.76%, which is 2.84 percentage points lower than in the previous year. Spam levels have fallen consistently from a peak of 85.2% in 2009. This is due to the fact that adverts for legal goods and services are abandoning spam in favor of more effective legal advertising platforms.

MS Update 3033929 Causing Reboot Loop

One of the operating system updates Microsoft released on Tuesday of this week — KB3033929 — is causing a reboot loop for a fair number of Windows 7 users, according to postings on multiple help forums. The update in question does not appear to address a pressing security vulnerability, so users who have not yet installed it should probably delay doing so until Microsoft straightens things out.

%d bloggers like this: