In an analysis of Virut botnet samples, Symantec researchers observed the malware downloading Waledac variants, suggesting that the gangs responsible for each botnet may be cooperating with one another through some sort of affiliate program, or, at the very least, that the two threats coexist and function on single infected machines.
Browsing Category: SMB Security
Working with forensics experts from the FBI, Ernst & Young’s Fraud Investigation and Dispute Services Practice developed a piece of linguistic, fraud-monitoring software that identified language commonly used among employees engaged in corporate malfeasance. The accounting giant plans to offer their newly developed fraud-detection capacity as a service to their clients.
California and U.S. authorities are investigating whether Kaiser Permanente violated some 300,000 patients’ privacy when dealing with a Mom and Pop document storage company that kept medical records in a shared warehouse and stored sensitive data on home computers.
In an alert issued by the Office of the Comptroller of the Currency (OCC), Deputy Comptroller for Operational Risk Carolyn G. DuChene warned financial and other critical institutions about the wave of ongoing distributed denial of service (DDoS) attacks targeting their networks. DuChene is urging the banks in particular to share data about the attacks with one another and reiterated the OCC’s expectation that banks have risk management plans designed to mitigate such attacks in place ahead of time.
Phishers are using a typosquatted domain name designed to mimic the URL of a popular e-commerce destination in order to lure their victims to a malicious Website that prompts its visitors to download a malicious add-on that will guide users to phishing sites, even when they type legitimate URLs into their browser’s address bar.
UPDATE – America’s largest book retailer, Barnes & Noble, announced this morning it has detected evidence of tampering in 63 PIN-pad devices used in as many stores by criminals trying to steal payment card information. Barnes & Noble claims to have disconnected all the affected devices from service on Sept. 14. The retailer did not disclose how many customers may have been affected by the tampered devices.
An online service that sells fairly cheap access to compromised corporate machines creates a pay-to-play scenario for criminals seeking access to the networks of high-profile organizations, according to a Krebs on Security report.
Criminal hackers launched an attack campaign earlier this week in which they sent a slew of emails purporting to come from the financial software developer Intuit. The emails contained links that led to sites hosting the Blackhole exploit kit in an apparent attempt to infect the machines of corporate users.
More than three quarters of small business owners claim their companies are safe from cyber attacks, yet only 17 percent of those businesses have implemented a formal cybersecurity plan.This is just one of many problems for small businesses in the digital realm, according to a joint survey (.PDF) released by the National Cyber Security Alliance (NCSA) and security firm Symantec this week.
Please leave your credit card number, its expiration date and security code, along with your full name and billing address in the comments section of this blog post. You’re obviously not going to do this. You know better, I know better, but there are those who don’t. So many, in fact, that scammers are not only comfortable with and willing to invest in scams no more or less complicated, but they are also confident that the scams will succeed.