Krebs – Page 93 – Computer Security Articles

Credit to Author: BrianKrebs| Date: Thu, 10 Aug 2017 15:40:30 +0000

On Wednesday, the security industry once again witnessed an all-too-familiar cycle: I call it “Security by press release.” It goes a bit like this: A security firm releases a report claiming to have unearthed a major flaw in a competitor’s product; members of the trade press uncritically republish the claims without adding much clarity or waiting for responses from the affected vendor; blindsided vendor responds in a blog post showing how the issue is considerably less dire than originally claimed. At issue are claims made by Denver-based security company DirectDefense, which published a report this week warning that Cb Response — a suite of security tools sold by competitor Carbon Black (formerly Bit9) — was leaking potentially sensitive and proprietary data from customers who use its product.

Independent Krebs

August 9, 2017 admin

Alleged vDOS Operators Arrested, Charged

Credit to Author: BrianKrebs| Date: Wed, 09 Aug 2017 15:43:24 +0000

Two young Israeli men alleged by this author to have co-founded vDOS — until recently the largest and most profitable cyber attack-for-hire service online — were arrested and formally indicted this week in Israel on conspiracy and hacking charges.

Independent Krebs

August 8, 2017 admin

Critical Security Fixes from Adobe, Microsoft

Credit to Author: BrianKrebs| Date: Tue, 08 Aug 2017 20:35:17 +0000

Adobe has released updates to fix at least 67 vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, it’s time once again to get your patches on. More than two dozen of the vulnerabilities fixed in today’s Windows patch bundle address “critical” flaws that can be exploited by malware or miscreants to assume complete, remote control over a vulnerable PC with little or no help from the user. According to Microsoft, none of flaws in August’s Patch Tuesday are being actively exploited in the wild, although Bleeping Computer notes that three of the bugs were publicly detailed before today’s patch release.

Independent Krebs

August 2, 2017 admin

Flash Player is Dead, Long Live Flash Player!

Credit to Author: BrianKrebs| Date: Wed, 02 Aug 2017 16:17:05 +0000

Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple, Facebook, Google, Microsoft and Mozilla. But don’t break out the bubbly just yet: Adobe says Flash won’t be put down officially until 2020.

Independent Krebs

August 1, 2017 admin

New Bill Seeks Basic IoT Security Standards

Credit to Author: BrianKrebs| Date: Tue, 01 Aug 2017 19:32:47 +0000

Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government’s purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras. The legislation, which also seeks to remedy some widely-perceived shortcomings in existing cybercrime law, was developed in direct response to a series of massive cyber attacks in 2016 that were fueled for the most part by poorly-secured “Internet of Things” (IoT) devices.

Independent Krebs

July 28, 2017 admin

Suspended Sentence for Mirai Botmaster Daniel Kaye

Credit to Author: BrianKrebs| Date: Fri, 28 Jul 2017 21:13:42 +0000

Last month, KrebsOnSecurity identified U.K. citizen Daniel Kaye as the likely real-life identity behind a hacker responsible for clumsily wielding a powerful botnet built on Mirai, a malware strain that enslaves poorly secured Internet of Things (IoT) devices for use in large-scale online attacks. Today, a German court issued a suspended sentence for Kaye, who now faces related cybercrime charges in the United Kingdom.

Independent Krebs

July 27, 2017 admin

Gas Pump Skimmer Sends Card Data Via Text

Credit to Author: BrianKrebs| Date: Thu, 27 Jul 2017 11:08:59 +0000

Skimming devices that crooks install inside fuel station gas pumps frequently rely on an embedded Bluetooth component allowing thieves to collect stolen credit card data from the pumps wirelessly with any mobile device. The downside of this approach is that Bluetooth-based skimmers can be detected by anyone else with a mobile device. Now, investigators in the New York say they are starting to see pump skimmers that use cannibalized cell phone components to send stolen card data via text message.

Independent Krebs

July 25, 2017 admin

How a Citadel Trojan Developer Got Busted

Credit to Author: BrianKrebs| Date: Tue, 25 Jul 2017 16:11:38 +0000

A U.S. District Court judge in Atlanta last week handed a five year prison sentence to Mark Vartanyan, a Russian hacker who helped develop and sell the once infamous and widespread Citadel banking trojan. This fact has been reported by countless media outlets, but far less well known is the fascinating backstory about how Vartanyan got caught.