Microsoft today deviated from its regular pattern of releasing security updates on the second Tuesday of each month, pushing out an emergency patch to plug a security hole in all supported versions of Windows . The company urged Windows users to install the update as quickly as possible, noting that miscreants already are exploiting the weaknesses to launch targeted attacks
Link Found in Staples, Michaels Breaches
The breach at office supply chain Staple s impacted roughly 100 stores and was powered by some of the same criminal infrastructure seen in the intrusion disclosed earlier this year at Michaels craft stores, according to sources close to the investigation. Multiple banks interviewed by this author say they’ve received alerts from Visa and MasterCard about cards impacted in the breach at Staples, and that to date those alerts suggest that a subset of Staples stores were compromised between July and September 2014. Sources briefed on the ongoing investigation say it involved card-stealing malicious software that the intruders installed on cash registers at approximately 100 Staples locations.
Amazon: Spam Nation one of “Best of Month”
A quick update on my new book, Spam Nation, The Inside Story of Organized Cybercrime — From Global Epidemic to Your Front Door debuting on bookstore shelves Tuesday, Nov. 18 : Amazon has selected Spam Nation as one of their “ Best Books of the Month ” picks for November, listed alongside such notable authors as Stephen King and Nora Roberts .
‘Microsoft Partner’ Claims Fuel Support Scams
You can’t make this stuff up: A tech support company based in the United States that outsources its work to India says its brand is being unfairly maligned by — wait for it…..tech support scammers based in India.
Network Hijackers Exploit Technical Loophole
Spammers have been working methodically to hijack large chunks of Internet real estate by exploiting a technical and bureaucratic loophole in the way that various regions of the globe keep track of the world’s Internet address ranges. Last week, KrebsOnSecurity featured an in-depth piece about a well-known junk email artist who acknowledged sending from two Bulgarian hosting providers . These two providers had commandeered tens of thousands of Internet addresses from ISPs around the globe, including Brazil, China, India, Japan, Mexico, South Africa, Taiwan and Vietnam
Adobe, Microsoft Issue Critical Security Fixes
Adobe and Microsoft today each issued security updates to fix critical vulnerabilities in their software.
Home Depot: Hackers Stole 53M Email Addreses
As if the credit card breach at Home Depot didn’t already look enough like the Target breach : Home Depot said yesterday that the hackers who stole 56 million customer credit and debit card accounts also made off with 53 million customer email addresses. In an update (PDF) released to its site on Thursday, Home Depot warned customers about the potential for thieves to use the email addresses in phishing attacks (think a Home Depot “survey” that offers a gift card for the first 10,000 people who open the booby-trapped attachment, for example)
Feds Arrest Alleged ‘Silk Road 2′ Admin, Seize Servers
Federal prosecutors in New York today announced the arrest and charging of a San Francisco man they say ran the online drug bazaar and black market known as Silk Road 2.0 . In conjunction with the arrest, U.S. and European authorities have jointly seized control over the servers that hosted Silk Road 2.0 marketplace.
Still Spamming After All These Years
A long trail of spam, dodgy domains and hijacked Internet addresses leads back to a 37-year-old junk email purveyor in San Diego who was the first alleged spammer to have been criminally prosecuted 13 years ago for blasting unsolicited commercial email. Last month, security experts at Cisco blogged about spam samples caught by the company’s SpamCop service, which maintains a blacklist of known spam sources
KrebsOnSecurity Honored for Fraud Reporting
The Association of Certified Fraud Examiners today announced they have selected Yours Truly as the recipient of this year’s “Guardian Award,” an honor given annually to a journalist “whose determination, perseverance, and commitment to the truth have contributed significantly to the fight against fraud.” The Guardian Award bears the inscription “For Vigilance in Fraud Reporting.” Previous honorees include former Washington Post investigative reporter and two-time Pulitzer Prize winner Susan Schmidt ; Diana Henriques , a New York Times contributing writer and author of The Wizard of Lies (a book about Bernie Madoff); and Allan Dodds Frank , a regular contributor to Fortune.com and The Daily Beast . I’d like to thank the ACFE for this prestigious award, and offer a special note of thanks to all of you dear readers who continue to support my work as an independent journalist.