Exploit This

Security News, Exploits, and Vulnerabilities.

Inside Target Corp., Days After 2013 Breach

In December 2013, just days after a data breach exposed 40 million customer debit and credit card accounts, Target Corp. hired security experts at Verizon to probe its networks for weaknesses. The results of that confidential investigation — until now never publicly revealed — confirm what pundits have long suspected: Once inside Target’s network, there was nothing stop attackers from gaining direct and complete access to every single cash register in every Target store.

Who’s Behind Bluetooth Skimming in Mexico?

In the previous two stories, I documented the damage wrought by an organized crime gang in Mexico that has been systematically bribing ATM technicians to install Bluetooth skimming components that allow thieves to steal card and PIN data wirelessly. What follows is a look at a mysterious new ATM company in Mexico that sources say may be tied to the skimming activity.

Coinvault, are we reaching the end of the nightmare?

After obtaining the new MD5 hashes for the CoinVault files, we set out to find more clues, more files, and to analyse what these new malware variants had to reveal. However, the best thing was that, based on our analysis, the National High Tech Crime Unit of the Dutch police was able to apprehend two suspects last Monday.

Can an inevitable evil be conquered?

Scanning an object (a file or web resource) with an Internet security program essentially comes down to making a binary decision: dangerous or safe? An antivirus engine puts forward the hypothesis that an object is malicious and then checks whether this is true or not. Since there are, unfortunately, no perfect antivirus solutions, errors can occur.

Tracking Bluetooth Skimmers in Mexico, Part II

I spent four days last week in Mexico, tracking the damage wrought by an organized crime ring that is bribing ATM technicians to place Bluetooth skimmers inside of cash machines in and around the tourist areas of Cancun. Today’s piece chronicles the work of this gang in coastal regions farther south, following a trail of hacked ATMs from Playa Del Camen down to the ancient Mayan ruins in Tulum.

The Shade Encryptor: a Double Threat

A family of ransomware Trojans emerged in late 2014/early 2015, and quickly established itself among the top three most widespread encryptors. This threat has been assigned the verdict Trojan-Ransom.Win32.Shade according to Kaspersky Lab’s classification. The original name given to the encryptor by its creator is not known.

Tracking a Bluetooth Skimmer Gang in Mexico

-Sept. 9, 12:30 p.m. CT, Yucatan Peninsula, Mexico: Halfway down the southbound four-lane highway from Cancun to the ancient ruins in Tulum, traffic inexplicably slowed to a halt. There was some sort of checkpoint ahead by the Mexican Federal Police. I began to wonder whether it was a good idea to have brought along the ATM skimmer instead of leaving it in the hotel safe. If the cops searched my stuff, how could I explain having ultra-sophisticated Bluetooth ATM skimmer components in my backpack?

Ex-Ashley Madison CTO Threatens Libel Suit

Last month, KrebsOnSecurity posted an exclusive story about emails leaked from AshleyMadison that suggested the company’s former chief technology officer Raja Bhatia hacked into a rival firm in 2012. Now, an attorney for the former executive is threatening a libel lawsuit against this author unless the story is retracted.

Satellite Turla: APT Command and Control in the Sky

When you are an APT group, you need to deal with the constant seizure and takedown of C&C domains and servers. Some of the most advanced threat actors have found a solution — the use of satellite-based Internet links. In the past, we’ve seen three different actors using such links to mask their operations. The most interesting and unusual of them is the Turla group.

Attacking Diffie-Hellman protocol implementation in the Angler Exploit Kit

In Angler, threat actors used the Diffie-Hellman protocol to creating difficulties in firewall detection of the exploit and also making it harder for the analysts to get the exploit code. However, the experts from Kaspersky Lab managed to perform a successful attack against Diffie-Hellman protocol implementation and decipher the shellcode.

%d bloggers like this: