malware attack

Are Some Certificate Authorities Too Big To Fail?

In the wake of this weekend’s revelations of the seriousness of the attack on certificate authority DigiNotar, security experts have renewed criticism of the Internet’s digital certificate infrastructure, with some wondering if larger certificate authorities (CAs) might be too big to fail.

SourceForge Site Compromised By Attackers

The recent rash of attacks against free and open source software projects continued this week with an attack that targeted SourceForge, the popular repository for open source projects. The attack compromised a number of separate systems, including the site’s CVS system.

Guests who recently stayed at Destination Hotels & Resorts may have been
victimized by compromised
point-of-sale systems. The company refused to release many details of
the incident citing an ongoing investigation by the FBI. In a note posted to its Web site said that it had “uncovered a malicious
software program inserted into its credit card processing system from a
remote source.” Read the full article. [Computerworld]

Malware hunters at SecureWorks have intercepted a new banker Trojan being used by cyber-criminals to steal financial credentials from banks in the U.S.The Trojan, dubbed “Bugat,” targets Automated Clearing House (ACH)
and wire transfer transactions by small- and mid-sized business in the U.S., much like the virulent Clampi Trojan that has stolen tens of millions of dollars.

Malware Open Season on Taxpayers


By Dmitry Bestuzhev   As any reader of this site knows, cybercriminals can steal your money not just by putting malware on your machine, but by phishing attacks too. Phishing attacks don’t just target online banking and e-payment systems, but almost any site which asks the user to input sensitive data.


There are several ongoing investigations attempting to find the authors of the Conficker botnet, one of the fastest spreading worms in history, but those responsible for the worm have proven elusive. Read the full article. [TechTarget]

Security researchers have intercepted a new variant of the Zeus crimeware using Amazon’s EC2 services to command and control the botnet. The cybercriminals appear to be using Amazon’s RDS managed database hosting service as a backend alternative in case they lose access to the original domain, which would result in the complete loss of access to the compromised financial data obtained from the infected hosts.  Read the full story [ZDNet]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.