Got $90,000? A Windows 0-Day Could Be Yours

How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a…

Skimmers Found at Walmart: A Closer Look

Recent local news stories about credit card skimmers found in self-checkout lanes at some Walmart locations reminds me of a criminal sales pitch I saw recently for overlay skimmers made specifically for the very same card terminals. Much like the skimmers found at some Safeway locations earlier this year, the skimming…

Noodles & Company Probes Breach Claims

Noodles & Company [NASDAQ: NDLS], a fast-casual restaurant chain with more than 500 stores in 35 U.S. states, says it has hired outside investigators to probe reports of a credit card breach at some locations. Over the past weekend, KrebsOnSecurity began hearing from sources at multiple financial institutions who said they’d detected…

Microsoft Disables Wi-Fi Sense on Windows 10

Microsoft has disabled its controversial Wi-Fi Sense feature, a component embedded in Windows 10 devices that shares access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in — your Facebook friends. Redmond made the announcement almost as…

Carding Sites Turn to the ‘Dark Cloud’

Crooks who peddle stolen credit cards on the Internet face a constant challenge: Keeping their shops online and reachable in the face of meddling from law enforcement officials, security firms, researchers and vigilantes. In this post, we’ll examine a large collection of hacked computers around the world that currently serves as a criminal…

Wendy’s: Breach Affected 5% of Restaurants

Wendy’s said today that an investigation into a credit card breach at the nationwide fast-food chain uncovered malicious software on point-of-sale systems at fewer than 300 of the company’s 5,500 franchised stores. The company says the investigation into the breach is continuing, but that the malware has been removed from all…

Adobe, Microsoft Push Critical Updates

Adobe has issued security updates to fix weaknesses in its PDF Reader and Cold Fusion products, while pointing to an update to be released later this week for its ubiquitous Flash Player browser plugin. Microsoft meanwhile today released 16 update bundles to address dozens of security flaws in Windows, Internet Explorer and related software. Microsoft’s patch…

Improving analysis

One of the main tasks of Radare2 is to statically analyse executables. This includes binary files disassembly, analysing functions setting calling conventions, auto detecting arguments and type propagation. Autodetecting arguments and type propagation are part of my Google Summer of Code task. New analysis round is added for argument detection.…

Crooks Grab W-2s from Credit Bureau Equifax

Identity thieves stole tax and salary data from big-three credit bureau Equifax Inc., according to a letter that grocery giant Kroger sent to all current and some former employees on Thursday. The nation’s largest grocery chain by revenue appears to be one of several Equifax customers that were similarly victimized this year.…