I received a number of media requests and emails from readers over the weekend to comment on a front-page New York Times story about an organized gang of cybercriminals pulling off “one of the largest bank heists ever.” Turns out, I reported on this gang’s activities in December 2014, although my story ran minus many of the superlatives in the Times piece. The Times’ story, “Bank Hackers Steal Millions Via Malware,” looks at the activities of an Eastern European cybercrime group that Russian security firm Kaspersky Lab calls the “Carbanak” gang. According to Kaspersky, this group deployed malware via phishing scams to get inside of computers at more than 100 banks and steal upwards of USD $300 million — possibly as high as USD $1 billion.
Fuel Station Skimmers: Primed at the Pump
I recall the first time I encountered an armed security guard at a local store.
Defense Contract Management Agency Probes Hack
The Defense Contract Management Agency , the U.S. federal government entity responsible for performing contract administration services for the Department of Defense , is responding to a suspected cybersecurity breach and has pulled a number of its servers offline while the investigation continues, KrebsOnSecurity has learned
Microsoft Pushes Patches for Dozens of Flaws
Microsoft today released nine update bundles to plug at least 55 distinct security vulnerabilities in its Windows operating system and other software.
Anthem Breach May Have Started in April 2014
Analysis of open source information on the cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant Anthem suggests the attackers may have first gained a foothold in April 2014, nine months before the company says it discovered the intrusion. The Wall Street Journal reported last week that security experts involved in the ongoing forensics investigation into the breach say the servers and attack tools used in the attack on Anthem bear the hallmark of a state-sponsored Chinese cyber espionage group known by a number of names, including “ Deep Panda ,” “ Axiom ,” Group 72 ,” and the “ Shell_Crew ,” to name but a few. Deep Panda is the name given to this group by security firm CrowdStrike .
Phishers Pounce on Anthem Breach
Phishers and phone fraudsters are capitalizing on public concern over a massive data breach announced this week at health insurance provider Anthem in a bid to steal financial and personal data from consumers.
Citing Tax Fraud Spike, TurboTax Suspends State E-Filings
TurboTax owner Intuit Inc.
China To Blame in Anthem Hack?
Bloomberg reports that U.S. federal investigators probing the theft of 80 million Social Security records and other sensitive data from insurance giant Anthem Inc. are pointing the finger at state-sponsored hackers from China.
Yet Another Flash Patch Fixes Zero-Day Flaw
For the third time in two weeks, Adobe has issued an emergency security update for its Flash Player software to fix a dangerous zero-day vulnerability that hackers already are exploiting to launch drive-by download attacks. The newest update, version 16.0.0.305 , addresses a critical security bug ( CVE-2015-0313 ) present in the version of Flash that Adobe released o n Jan.
Data Breach at Health Insurer Anthem Could Impact Millions
Anthem Inc. , the nation’s second largest health insurer, disclosed Wednesday that hackers had broken into its servers and stolen Social Security numbers and other personal data from all of its business lines. Given the company’s size, this breach could end up impacting tens of millions of Americans.