$2,139,200 US Dollars (70 million Roubles).
That’s the amount the Russian Interior Ministry claims the Blackhole exploit kit has been responsible for damage-wise.
After months of speculation, it appears Russian authorities have arrested and prosecuted 13 people part of a gang of cyber thieves, and most probably include the cyber criminal known as “Paunch”.
The press release confirms what security experts have been saying for a while now, that Paunch is the mastermind behind both the Blackhole Exploit Kit and the Cool exploit kit.
Blackhole and Cool are toolkits used by cyber criminals to automate client side exploitation. They are installed on servers that are typically compromised, and used to infect the visitors of the websites they host. This is most commonly achieved by taking advantage of flaws in the visitor web browsers, in their installations of common software such as Adobe Flash, Adobe Reader or in their Java run time environment.
The source code of older versions has been leaked in the past and although the kit is declining, it should not be discounted as a threat.
Truth be told, the dollar amount reported feels under estimated. A malware infection carries with it a whole slew of hidden costs, such as the man hours required in cleaning the infected computers, dealing with compromised accounts and changing credentials.
For a more in depth look at this alleged criminal, head to Brian Krebs blog.
Outside of not using them, we can do only so much to secure our credit card numbers.
We all can use the best security software, two-factor authentication, but sometimes the bad guys still get the goods.
Recently, security researcher Brian Krebs wrote about a scheme using hardware keyloggers uncovered at a Florida Nordstrom department store.
Hardware keyloggers have been around for a long time and work similar to software keyloggers in capturing data, but they don’t rely on the operating system to work. They are often disguised to resemble a familiar looking connector or dongle to go unnoticed.
One of the largest threats facing users today is from Phishing attacks, or social engineering attempts at getting the average person to click on a malicious link.
The most common form of phishing comes from email however, another form can come from sources like social media, such as Facebook or Google+, services that typically have anti-spam, phishing and exploit features.
Though with every successful integration of anti-spam, anti-phishing and anti-exploit functionality, the bad guys go right back to the drawing table to find a new way to make your life miserable.
Reports are surfacing that antivirus companies AVG and Avira have had their websites hacked, along with the website for WhatsApp messenger.
At the time of this writing it seems that only AVG has recovered.
The group responsible for the alleged defacement is a Palestinian hacker group known as “KDMS” team.
Software are complex, having so many layers and hands involved in its creation. The bigger it becomes the more likely it is to have bugs and some potentially ugly ones at that.
No matter how much money, people or fans you throw at a software project, bugs will always creep up. Developers just hope to shake out as many as possible before release.
Apple released iOS 7 with the launch of new iPhones came with the usual excitement and fanfare. iOS 7 comes with new security features and lots of updates.
Heralded for their security enhancements and features, Apple was quick to send out fixes for the reportedly 80 security holes patch in iOS 7, including passcode holes and kernel fixes.
With the news of features and fixes it’s easy for us to feel secure and let our guard down when using an iDevice.
Well, not so fast.
It appears Apple is having its share of new security bugs.