Exploit This

Security News, Exploits, and Vulnerabilities.

A List of North Korean IP Addresses

This is my first post related to North Korea, it will be simple and straight to the point. In this post you will find information on North Korea’s internet IP addresses. Both their allocated addresses and assigned addresses. For those that do not know the difference between allocated and assigned: Allocated: address space is distributed to members […]

Flash Patch Targets Zero-Day Exploit

Adobe today released an important security update for its Flash Player software that fixes a vulnerability which is already being exploited in active attacks. Compounding the threat, the company said it is investigating reports that crooks may have developed a separate exploit that gets around the protections in this latest update.

Password Re-use Fuels Starwood Fraud Spike

Two different readers have written in this past week to complain about having their Starwood Preferred Guest loyalty accounts hijacked by scammers. The spike in fraud appears to be tied to a combination of password re-use and the release of tool that automates the checking of account credentials at the Web site for the popular travel rewards program.

An analysis of Regin’s Hopscotch and Legspin

Perhaps one of the most interesting things we observed in the Regin malware operation are the forgotten codenames for some of its modules. We decided to analyse two of these modules in more detail.

Windows 10 Preview and Security

Microsoft presented a preview of their newest “experience”, Windows 10, over a live stream this morning.

Java Patch Plugs 19 Security Holes

Oracle this week released its quarterly patch update for Java, a widely-installed program that for most casual users has probably introduced more vulnerability than utility. If you have Java installed and require it for some application or Web site, it’s time to update it. If you’re not sure you have Java on your computer or are unsure why you still have it, read on for advice that could save you some security headaches down the road.

How Was Your Credit Card Stolen?

Almost once a week, I receive an email from a reader who has suffered credit card fraud and is seeking help figuring out which hacked merchant was responsible. I generally reply that this is a fruitless pursuit, and instead encourage readers to keep a close eye on their card statements and report any fraud. But it occurred to me recently that I’ve never published a primer on the types of card fraud and the likelihood with each of the cardholder ever learning how their account was compromised. This post is an effort to remedy that.

Another Lizard Arrested, Lizard Lair Hacked

Several media outlets are reporting that authorities in the United Kingdom early this morning arrested an 18-year-old in connection with the denial-of-service attacks on Sony Playstation and Microsoft Xbox systems over Christmas. The arrest is one of several tied to a joint U.K. and U.S. law enforcement investigation into a group calling itself the “Lizard Squad,” and comes as the group’s attack-for-hire online service was completely compromised and leaked to investigators.

Microsoft Security Updates January 2015

Microsoft’s security team begins 2015 with a minimal set of Security Bulletins, MS15-001 through MS15-008.

Park ‘N Fly, OneStopParking Confirm Breaches

Late last year, KrebsOnSecurity wrote that two huge swaths of credit card numbers put up for sale in the cybercrime underground had likely been stolen from Park ‘N Fly and from OneStopParking.com, competing airport parking services that lets customers reserve spots in advance of travel via Internet reservation systems. This week, both companies confirmed that they had indeed suffered a breach.

%d bloggers like this: