NEWS - March 27, 2014

Security vendor Trustwave was accused in a class-action suit of failing to detect the attack that led to Target's data breach, one of the largest on record.

Target, which is also named as a defendant, outsourced its data security obligations to Trustwave, which "failed to live up to its promises or to meet industry standards," alleged the suit, filed Monday in U.S. District Court for the Northern District of Illinois.

Plaintiffs Trustmark National Bank of New York and Green Bank of Houston claim Target and Trustwave failed to stop the theft of 40 million payment card details and 70 million other personal records.

The lawsuit, one of dozens filed against Target, illustrates the growing frustration of banks burdened with the costs of reissuing compromised cards and their willingness to pull in other companies viewed as culpable into legal battles.

Continued : http://www.pcworld.com/article/2111980/security-vendor-trustwave-named-in-targetrelated-suit.html

Related:
Target, Trustwave Sued Over Breach
Banks lob sueball at Trustwave, Target over breach
Banks Sue Target, Security Firm Over Data Breach

If all the claims included in the adverts for the multi-platform, multi-purpose piece of malware called Zorenium are true, it could very well have a considerable impact on a large number of users, and become a favorite tool for cyber crooks.

Researchers with cyber intelligence company SenseCy have been following the advent of the malware on a variety of underground forums, but have yet to get their hands on a sample.

First spotted for sale in January 2014, the first variants of the malware are purportedly capable of infecting Linux- and Windows-based machines, have rootkit capabilities, can make the infected machine participate in DDoS attacks, can grab the contents of forms, kill other bots, mine Bitcoins, and also function as a banking Trojan.

Continued: http://www.net-security.org/malware_news.php?id=2747

"Malwarebytes Unpacked" Blog:

[Screenshot]
Up above, you can see a (sanitised) screenshot of a web-browser shortly after installing a "SoundCloud Downloader".

The non-sanitised version has the words "spank me" written across the middle, and the mouse moves a hand - no, really - until you perform said task and are directed to what appears to be a porn / adult dating sign-up page. [Screenshot]

And that's before we get to the really wild stuff. Be advised that if you go looking for tunes, you may be in need of a tune-up.

How did all of this come about?

Continued : http://blog.malwarebytes.org/online-security/2014/03/soundcloud-downloader-always-read-the-eulas/

Previous stories on this blog have highlighted the damage wrought by an identity theft service marketed in the underground called ssndob[dot]ru, which sold Social Security numbers, credit reports, drivers licenses and other sensitive information on more than four million Americans. Today's post looks at a real-life identity behind the man likely responsible for building this service. [Screenshot]

Last summer, ssndob[dot]ru (hereafter referred to as "SSNDOB") was compromised by multiple attackers, its own database plundered. A copy of the SSNDOB database was exhaustively reviewed by KrebsOnSecurity.com. The database shows that the site's 1,300 customers have spent hundreds of thousands of dollars looking up SSNs, birthdays, drivers license records, and obtaining unauthorized credit and background reports on more than four million Americans.

Continued : http://krebsonsecurity.com/2014/03/who-built-the-id-theft-service-ssndob-ru/