Russian creator of NeverQuest banking trojan pleads guilty in American court

Arrested as he returned his rental car at Barcelona’s airport, a 33-year-old Russian faces up to five years in jail after admitting to being the mastermind behind the sophisticated NeverQuest banking trojan.

Read more in my article on the Hot for Security blog.

Pony credential stealer trampling users via Microsoft Publisher documents

The credential-stealing Pony malware is masquerading as Microsoft Publisher documents in an effort to infect unsuspecting users.

David Bisson reports.

Smashing Security #005: ‘Upskirt insecurity’

Join me and fellow computer security industry veterans Vanja Svajcer and Carole Theriault as we have another casual chat about whatever is on our minds.

This week: An alleged hacker finds the downside to car rental, a New York Times Twitter account announces Vladimir Putin is planning to launch a missile attack against the United States, and an “upskirt” website leaks its user data.

Oh, and Vanja forces Graham to share an embarrassing privacy-breaching lavatory anecdote.

Vawtrak malware spread via toxic Word documents is still a thing apparently

Beware poisoned parking tickets!

David Bisson reports.

So, just how were those MailChimp accounts hacked?

A database containing over 2,000 MailChimp passwords has been found online.

MailChimp wasn’t hacked. Instead, the password-stealing Vawtrak malware might be to blame.

Sophisticated AbbadonPOS malware upgraded in its attempt to exfiltrate credit card data from retailers

Criminals have updated the AbbadonPOS malware with the ability to search for known point-of-sale (PoS) processes, in its hunt for consumers’ credit card data.

Beware spammed-out poisoned Word documents, warns David Bisson.

Banking malware spreading via Microsoft Word macros

Twenty years on, you might have imagined that macro malware would have been assigned to the dustbin of history. But sadly, it’s seeing something of a resurgence.