When news broke earlier this week that some Citibank Japan customers' information leaked, many of the bank's customers probably thought, "Again!?!" But this is not a rare occurrence these days. This time around, it wasn't even Citibank's fault; one of the companies it outsources some services to was at fault.
This is the second data breach involving Citigroup, both of which led to the exposure of a great deal of user information. The key difference between the two incidents, however, is ...
As our colleague Jorge Mieres over at Kaspersky recently noted, cybercriminals appear to be using Amazon Web Services (AWS) to host quite a large volume of SpyEye Trojans and exploit kits. In fact, another colleague in my group, Ranieri Romera, recently collected approximately 22Mb of malware hosted on AWS for analysis and detection.
My advice is to avoid clicking any suspicious link either in an unsolicited email message or an apparently benign link embedded in a Web page hosted on AWS (e.g., ...
With World IPv6 Day upon us, I thought I'd take a moment to expound on the IPv6 transition so far and what we are likely to see in the near future.
IPv6 is like a dead animal lying on the road: a group of kids gathered around it, sticks in hand negotiating who gets to poke it first. You have ISPs and carriers waiting for customers to demand it and all of their vendors to support it, you have hardware and ...
Compared with last month's three security bulletins, Microsoft released a record-breaking 17 security bulletins to address 64 publicly disclosed vulnerabilities. This month's release includes patches for bugs in Microsoft Windows, Microsoft Office, and Microsoft Visual Studio. It also includes a fix for the vulnerability in Internet Explorer that was uncovered during this year's Pwn2Own contest.
Nine of the said security bulletins have been rated "critical," as the vulnerabilities these addressed could end in remote code execution. Eight have been rated "important," six of which could lead to arbitrary code execution, one could allow privilege escalation, and the ...
The recent tragedy that affected Japan is not the first incident that cybercriminals leveraged. Cybercriminals have established early on just how low they would go just to steal money from users—Hurricane Katrina in 2005, Hurricane Gustav in 2008, the Chinese Sichuan earthquake in 2008, and recently the Haiti Earthquake in 2010 were all used one way or another as social engineering bait.
From a technical perspective, it is disheartening how closely cybercriminals monitored the entire incident just to take advantage of not only the ...
