Uncategorized

Facebook closes cross-site scripting holes

Posted on

Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Security’s CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its “Check in” and Messenger for Windows components. In […]

Uncategorized

LulzSec Hacker Gets A Year For Sony Hack

Posted on

A former LulzSec hacker has been jailed for a year for ransacking Sony Pictures Entertainment’s computer systems. Cody Kretsinger, 25, from Decatur, Illinois – better known to his fellow LulzSec cohorts as “Recursion” – was also ordered to carry out 1,000 hours of community service, and a year of home detention, following his release from […]

Uncategorized

Russian malware spies on US ATMs

Posted on

Security firm Group-IB has identified a malware program called Dump Memory Grabber that can take debit and credit card data from point-of-sale (POS) terminals and ATMs. The researchers say that the program has already been used to steal data from clients of US banks including Chase, Capital One, Citibank, and Union Bank N.A. as well […]

Uncategorized

Backdoor Uses Evernote as Command-and-Control Server

Posted on

With its rich functionality and accessibility, Evernote is a popular note-taking tool for its many users. Unfortunately, it may also provide the perfect cover for cybercriminals’ tracks. We recently uncovered a malware that appears to be using Evernote as a communication and control (C&C) server. The malware attempts to connect to Evernote via https://evernote.com/intl/zh-cn, which […]

Uncategorized

Turkish FlashPlayer? no! It’s malware

Posted on

I recently came across the file “FlashPlayer.exe” during the course of regular research. The file had been distributed with the file name FlashPlayer.exe and not surprisingly, when executed, it shows the following GUI, partly written in Turkish: Obviously, it’s disguised as an Adobe Flash Player 11 installer. Here is more info about the file: File […]

Uncategorized

IRS uncorks Dirty Dozen Tax Scams for 2013

Posted on

The Internal Revenue Service today reminded taxpayers that there are plenty of scam artists and cybercriminals that want your money. The tax collection agency issued its “Dirty Dozen” list of tax scams that it says peak at this time of year and include: Identity theft Tax fraud through the use of identity theft tops this […]