Exploit This

Security News, Exploits, and Vulnerabilities.

Blockchain Technology Abuse: Time to Think About Fixes

Kaspersky Lab and INTERPOL presented research on how blockchain-based cryptocurrencies could be abused through the pollution of public decentralized databases with arbitrary data.

Don’t Feel Left Out: Ransomware for IT Security Enthusiasts!

It’s getting dark outside and our favorite mail client beeps with excitement for a new missive in our inbox, something interesting perhaps?

Hacking ATMs, Literally

Most of the ATM skimming attacks written about on this blog conclude with security personnel intervening before the thieves manage to recover their skimmers along with the stolen card data and PINs. However, an increasingly common form of ATM fraud — physical destruction — costs banks plenty, even when crooks walk away with nothing but bruised egos and sore limbs.

‘Revolution’ Crimeware & EMV Replay Attacks

In October 2014, KrebsOnSecurity examined a novel “replay” attack that sought to exploit implementation weaknesses at U.S. financial institutions that were in the process of transitioning to more secure chip-based credit and debit cards. Today’s post looks at one service offered in the cybercrime underground to help thieves perpetrate this type of fraud.

Sinkholing Volatile Cedar DGA Infrastructure

There is currently some buzz about the Volatile Cedar APT activity in the middle east, a group that deploys not only custom built RATs, but usb propagation components, as reported by Check Point [pdf]. One interesting feature of the backdoors used by… Read Full Article

IoT Research – Smartbands

One of the big trends in sphere of health and fitness are fitness trackers such as smartbands. Tracking devices and their mobile applications from three leading vendors were inspected in this report to shed some light on the current state of security and privacy of wearable fitness trackers.

Sign Up at irs.gov Before Crooks Do It For You

If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Recently, KrebsOnSecurity heard from Michael Kasper, a 35-year-old reader who tried to obtain a copy of his […]

CanSecWest 2015: everything is hackable

Last week, we had the privilege to participate in and present at the 15th edition of CanSecWest in beautiful Vancouver, BC, along with its famous accompaniment, the ever famous Pwn2Own competition.

Who Is the Antidetect Author?

Earlier this month I wrote about Antidetect, a commercial tool designed to help thieves evade fraud detection schemes employed by many e-commerce companies. That piece walked readers through a sales video produced by the author of Antidetect showing the software being used to buy products online with stolen credit cards. Today, we’ll take a closer look at clues to a possible real-life identity of this tool’s creator.

How I hacked my smart bracelet

This story began when I got a fitness bracelet and installed an application developed especially for wearable devices. The program occasionally connected to my colleague’s wristband. After that I decided to find out how secure my wristband was.

%d bloggers like this: