A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times. Read the full story [Kim Zetter/Wired Threat Level] More from Dancho Danchev [zdnet.com]
Browsing Category: Social Engineering
Security researchers tracking the URL Zone malware/botnet have stumbled upon a new tactic being used by cyber-criminals to hide information on the money mules being used to transfer stolen funds from compromised online bank accounts.
URLZone, which targets computer users in Western Europe, is a botnet of approximately 6,000 hijacked computers that is used primarily to siphon funds from online bank accounts. It steals between $4,000 and $15,000 from each compromised bank account and uses a nifty trick of modifying the withdrawn amount on the bank’s web site to avoid detection by the user.
If you use Microsoft’s free Hotmail service, it may be time to change your password: Microsoft said Monday that several thousand Hotmail account credentials were posted online over the weekend.
In a statement posted to its Windows Live Spaces blog, Microsoft said the company has determined that the data spill was not the result of a breach of internal Microsoft data, but rather was likely the haul from a phishing scheme. Read the full story [washingtonpost.com]
In this Dateline NBC video from 1999, experts, including an unnamed Chris Wysopal, then of the L0pht, now of Veracode, discuss the dangers of online banking and the use of Trojans to steal data. Everything old is new again.
Research in Motion (RIM) has shipped a fix for a serious security vulnerability that exposes BlackBerry users to phishing attacks.
The certificate handling vulnerability, which carries a CVSS severity score of 6.8, affects all versions of the BlackBerry device software.
Over on the Washington Post’s SecurityFix blog, Brian Krebs has been doing a phenomenal job highlighting the online bank robberies — using malware — against small businesses in the United States.
The latest installment, which looks at the role of “money mules” in the cybercrime operation is required reading.
Add the Radisson Hotels & Resorts chain to the growing list of businesses [datalossdb.org] reporting significant data breaches that exposed sensitive customer data.
In an open letter [radisson.com] to guests, Radisson chief operating officer Fredrik Korallus said the hotel chain’s computer system was hacked between November 2008 and May 2009 and customer data, including credit and debit card numbers, was stolen. Read the full story [zdnet.com]
The built-in malware protection in Apple’s Snow Leopard upgrade appears to be nothing more than a XProtect.plist file containing five signatures for two of the most popular Mac OS X trojans — OSX.RSPlug and OSX.Iservice. Read the full story [zdnet.com]
From The Last Watchdog (Byron Acohido)
How much time should vendors of popular technology be given to fix a known security flaw? That’s the central question of the “full disclosure” debate – and one that is being tested again via Karsten Nohl’s campaign to compile a decryption handbook useful for eavesdropping on transmissions from AT&T and Tmobile phones, including iPhones and GPhones.
Nohl, a computer science PhD candidate from the University of Virginia, is calling for the global community of hackers to crack the encryption used on GSM phones. He plans to compile this work into a code book that can be used to eavesdrop on conversations and data transfers to and from GSM phones. Read the full story [lastwatchdog.com]