Exploit This

Security News, Exploits, and Vulnerabilities.

The Great Bank Heist, or Death by 1,000 Cuts?

I received a number of media requests and emails from readers over the weekend to comment on a front-page New York Times story about an organized gang of cybercriminals pulling off “one of the largest bank heists ever.” Turns out, I reported on this gang’s activities in December 2014, although my story ran minus many of the superlatives in the Times piece.

Fuel Station Skimmers: Primed at the Pump

I recall the first time I encountered an armed security guard at a local store. I remember feeling a bit concerned about the safety of the place because I made a snap assumption that it must have been robbed recently. I get the same feeling each time I fuel up my car at a filling station and notice the pump and credit card reader festooned with security tape that conjures up images of police tape around a crime scene.

Financial cyber threats in 2014: things changed

In 2013 we registered a sudden surge in the number of attacks targeting users’ financial information and money. In 2014, the situation changed considerably: the number of attacks and attacked users significantly decreased, as did the amount of financial phishing.

Defense Contract Management Agency Probes Hack

The Defense Contract Management Agency, the U.S. federal government entity responsible for performing contract administration services for the Department of Defense, is responding to a suspected cybersecurity breach and has pulled a number of its servers offline while the investigation continues, KrebsOnSecurity has learned.

Microsoft Pushes Patches for Dozens of Flaws

Microsoft today released nine update bundles to plug at least 55 distinct security vulnerabilities in its Windows operating system and other software. Three of the patches fix bugs in Windows that Microsoft considers “critical,” meaning they can be exploited remotely to compromise vulnerable systems with little or no help from users, save for perhaps clicking a link or visiting a hostile Web site.

DKIM technology on guard of your mail

Over the last decade DKIM signatures have become an important technology in the extensive list of methods for fighting against spam. In this article we investigate the structure of DKIM, reveal the main advantages and downsides of this technology and explore typical spammers’ tricks for forging DKIM signatures.

Anthem Breach May Have Started in April 2014

Analysis of open source information on the cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant Anthem suggests the attackers may have first gained a foothold in April 2014, nine months before the company says it discovered the intrusion.

Phishers Pounce on Anthem Breach

Phishers and phone fraudsters are capitalizing on public concern over a massive data breach announced this week at health insurance provider Anthem in a bid to steal financial and personal data from consumers.

Citing Tax Fraud Spike, TurboTax Suspends State E-Filings

TurboTax owner Intuit Inc. said Thursday that it is temporarily suspending the transmission of state e-filed tax returns in response to a surge in complaints from consumers who logged into their TurboTax accounts only to find crooks had already claimed a refund in their name.

China To Blame in Anthem Hack?

Bloomberg reports that U.S. federal investigators probing the theft of 80 million Social Security records and other sensitive data from insurance giant Anthem Inc. are pointing the finger at state-sponsored hackers from China. Although unconfirmed, that suspicion would explain a confidential alert the FBI circulated last week warning that Chinese hackers were targeting personally identifiable information from U.S. commercial and government networks.

%d bloggers like this: