The attackers who infiltrated Target’s network several weeks ago and made off with 40 million credit and debit card numbers used a multi-stage attack, funneling their stolen data through an FTP server and then a VPS server in Russia. It took more than two weeks, but the attackers eventually exfiltrated about 11 GB of data, researchers say.
Browsing Tag: malware
Microsoft will continue to support the antimalware engine that protects Windows XP until July 2015, despite the operating system’s expected end-of-life in April.
A mathematical model developed by University of Michigan researchers helps attackers and defenders understand optimal conditions when a targeted malware attack should be launched.
Google has fixed five vulnerabilities in its Chrome browser and also has activated a feature that will block malicious file downloads automatically. The change is a major security upgrade for Chrome and will help prevent users from unwittingly downloading harmful files, an attack vector that attackers count on for the success of drive-by downloads and other attacks.
The Icefog cyberespionage campaign also included a Java component that targeted three U.S.-based oil and gas companies.
The attackers behind the Target data breach likely had broad network access, and used memory scraping malware such as RAM scrapers to steal payment card data.
Experts believe that it will be years before another exploit kit with the same reliability and currency as Blackhole emerges onto the criminal underground.
Popular video-sharing site DailyMotion is serving malicious ads that redirect site visitors to domains hosting Fake AV malware, security firm Invincea reports.
A Cambridge University study examined the effectiveness of malware warnings, and urged those alerts be overhauled and written in concrete, specific language.
Yahoo says it has removed the malicious ads redirecting users in Europe to domains hosting the Magnitude Exploit Kit.