Exploit This

Security News, Exploits, and Vulnerabilities.

Hacking ATMs, Literally

Most of the ATM skimming attacks written about on this blog conclude with security personnel intervening before the thieves manage to recover their skimmers along with the stolen card data and PINs. However, an increasingly common form of ATM fraud — physical destruction — costs banks plenty, even when crooks walk away with nothing but bruised egos and sore limbs.

‘Revolution’ Crimeware & EMV Replay Attacks

In October 2014, KrebsOnSecurity examined a novel “replay” attack that sought to exploit implementation weaknesses at U.S. financial institutions that were in the process of transitioning to more secure chip-based credit and debit cards. Today’s post looks at one service offered in the cybercrime underground to help thieves perpetrate this type of fraud.

Sinkholing Volatile Cedar DGA Infrastructure

There is currently some buzz about the Volatile Cedar APT activity in the middle east, a group that deploys not only custom built RATs, but usb propagation components, as reported by Check Point [pdf]. One interesting feature of the backdoors used by… Read Full Article

IoT Research – Smartbands

One of the big trends in sphere of health and fitness are fitness trackers such as smartbands. Tracking devices and their mobile applications from three leading vendors were inspected in this report to shed some light on the current state of security and privacy of wearable fitness trackers.

Sign Up at irs.gov Before Crooks Do It For You

If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Recently, KrebsOnSecurity heard from Michael Kasper, a 35-year-old reader who tried to obtain a copy of his […]

CanSecWest 2015: everything is hackable

Last week, we had the privilege to participate in and present at the 15th edition of CanSecWest in beautiful Vancouver, BC, along with its famous accompaniment, the ever famous Pwn2Own competition.

Who Is the Antidetect Author?

Earlier this month I wrote about Antidetect, a commercial tool designed to help thieves evade fraud detection schemes employed by many e-commerce companies. That piece walked readers through a sales video produced by the author of Antidetect showing the software being used to buy products online with stolen credit cards. Today, we’ll take a closer look at clues to a possible real-life identity of this tool’s creator.

How I hacked my smart bracelet

This story began when I got a fitness bracelet and installed an application developed especially for wearable devices. The program occasionally connected to my colleague’s wristband. After that I decided to find out how secure my wristband was.

Tax Fraud Advice, Straight from the Scammers

Some of the most frank and useful information about how to fight fraud comes directly from the mouths of the crooks themselves. Online cybercrime forums play a critical role here, allowing thieves to compare notes about how to evade new security roadblocks and steer clear of fraud tripwires. Few topics so reliably generate discussion on crime forums around this time of year as tax return fraud, as we’ll see in the conversations highlighted in this post.

Kreditech Investigates Insider Breach

Kreditech doesn’t appear to operate in the United States, nor in Germany where it is based. According to a cursory overview of the documents leaked online, the bulk of Kreditech’s customers/applicants are from Brazil, the Czech Republic, Dominican Republic, Mexico, Poland, Russia, Spain and Romania.

%d bloggers like this: