The Evolution Market , an online black market that sells everything contraband — from marijuana, heroin and ecstasy to stolen identities and malicious hacking services — appears to have vanished in the last 24 hours with little warning. Much to the chagrin of countless merchants hawking their wares in the underground market, the curators of the project have reportedly absconded with the community’s bitcoins — a stash that some Evolution merchants reckon is worth more than USD $12 million. The “Fraud Related” section of the Evolution Market before it vanished.
Premera Blue Cross Breach Exposes Financial, Medical Records
Premera Blue Cross , a major provider of health care services, disclosed today that an intrusion into its network may have resulted in the breach of financial and medical records of 11 million customers. Although Premera isn’t saying so just yet, there are independent indicators that this intrusion is once again the work of state-sponsored espionage groups based in China. In a statement posted on a Web site set up to share information about the breach — premeraupdate.com — the company said that it learned about the attack on January 29, 2015
Door Skimmer + Hidden Camera = Profit
If an ATM you’d like to use is enclosed in a vestibule that requires a card swipe at the door, it might be a good idea to go find another machine, or at least use something other than a payment card to gain entry.
‘AntiDetect’ Helps Thieves Hide Digital Fingerprints
As a greater number of banks in the United States shift to issuing more secure credit and debit cards with embedded chip technology, fraudsters are going to direct more of their attacks against online merchants. No surprise, then, that thieves increasingly are turning to an emerging set of software tools to help them evade fraud detection schemes employed by many e-commerce companies
Adobe Flash Update Plugs 11 Security Holes
Adobe has released an update for its Flash Player software that fixes at least 11 separate, critical security vulnerabilities in the program. If you have Flash installed, please take a moment to ensure your systems are updated. Not sure whether your browser has Flash installed or what version it may be running?
MS Update 3033929 Causing Reboot Loop
One of the operating system updates Microsoft released on Tuesday of this week — KB3033929 — is causing a reboot loop for a fair number of Windows 7 users, according to postings on multiple help forums. The update in question does not appear to address a pressing security vulnerability, so users who have not yet installed it should probably delay doing so until Microsoft straightens things out. Various tech help forums ares starting to fill up with requests from Windows 7 users who are experiencing a reboot loop after applying the glitchy patch , which is a “code signing” update that improves the ability of Windows 7 and Windows Server 2008 R2 systems to validate the integrity and authenticity of programs running on top of the operating system.
Microsoft Fixes Stuxnet Bug, Again
Microsoft today shipped a bundle of security updates to address more than three dozen vulnerabilities in Windows and associated software. Included in the batch is a fix for a flaw first patched in 2010 — the very same vulnerability that led to the discovery of the infamous cyberweapon known as Stuxnet. Turns out, the patch that Microsoft shipped to fix that flaw in 2010 didn’t quite do the trick, leaving Windows users dangerously exposed all this time.
Spoofing the Boss Turns Thieves a Tidy Profit
Judy came within a whisker of losing $315,000 in cash belonging to her employer, a mid-sized manufacturing company in northeast Ohio. Judy’s boss had emailed her, asking her to wire the money to China to pay for some raw materials. The boss, who was traveling abroad at the time, had requested such transfers before — at even higher amounts to manufacturers in China and elsewhere — so the request didn’t seem unusual or suspicious
Point-of-Sale Vendor NEXTEP Probes Breach
NEXTEP Systems , a Troy, Mich.-based vendor of point-of-sale solutions for restaurants, corporate cafeterias, casinos, airports and other food service venues, was recently notified by law enforcement that some of its customer locations have been compromised in a potentially wide-ranging credit card breach, KrebsOnSecurity has learned. The acknowledgement came in response to reports by sources in the financial industry who spotted a pattern of fraud on credit cards all recently used at one of NEXTEP’S biggest customers: Zoup , a chain of some 75 soup eateries spread across the northern half of the United States and Canada. Last week, KrebsOnSecurity reached out to Zoup after hearing from financial industry sources about fraud patterns indicating some sort of card compromise at many Zoup locations
Feds Indict Three in 2011 Epsilon Hack
U.S. federal prosecutors in Atlanta today unsealed indictments against two Vietnamese men and a Canadian citizen in connection with what’s being called “one of the largest reported data breaches in U.S. history.” The government isn’t naming the victims in this case, but all signs point to the 2011 hack of Texas-based email marketing giant Epsilon .