Top IT Security Bloggers

Krebs on Security
  • ‘Avalanche’ Crime Ring Leader Eludes Justice

    Krebs on Security
    The accused ringleader of a cyber fraud gang that allegedly rented out access to a criminal cloud hosting service known as "Avalanche" is now a fugitive from justice following a bizarre series of events in which he shot at Ukrainian police, was arrested on cybercrime charges and then released from custody.
  • Researchers Find Fresh Fodder for IoT Attack Cannons

    Krebs on Security
    New research published this week could provide plenty of fresh fodder for Mirai, a malware strain that enslaves poorly-secured Internet of Things (IoT) devices for use in powerful online attacks. Researchers in Austria have unearthed a pair of backdoor accounts in more than 80 different IP camera models made by Sony Corp. Separately, Israeli security experts have discovered trivially exploitable weaknesses in approximately 500,000 white-labeled IP camera models that are not currently sought out by Mirai.
  • DDoS, IoT Top Cybersecurity Priorities for 45th President

    Krebs on Security
    Addressing distributed denial-of-service (DDoS) attacks designed to knock Web services offline and security concerns introduced by the so-called "Internet of Things" (IoT) should be top cybersecurity priorities for the 45th President of the United States, according to a newly released blue-ribbon report commissioned by President Obama.
  • Visa Delays Chip Deadline for Pumps To 2020

    Krebs on Security
    Visa this week delayed by three years a deadline for fuel station owners to install payment terminals at the pump that are capable of handling more secure chip-based cards. Experts say the new deadline -- extended from 2017 -- comes amid a huge spike in fuel pump skimming, and means fraudsters will have another three years to fleece banks and their customers by installing card-skimming devices at the pump.
  • ‘Avalanche’ Global Fraud Ring Dismantled

    Krebs on Security
    In what's being billed as an unprecedented global law enforcement response to cybercrime, federal investigators in the United States, United Kingdom and Europe today say they've dismantled a sprawling cybercrime machine known as "Avalanche" -- a distributed, cloud-hosting network that for the past seven years has been rented out to fraudsters for use in launching countless malware and phishing attacks.
  • New Mirai Worm Knocks 900K Germans Offline

    Krebs on Security
    More than 900,000 customers of German ISP Deutsche Telekom (DT) were knocked offline this week after their Internet routers got infected by a new variant of a computer worm known as Mirai. The malware wriggled inside the routers via a newly discovered vulnerability in a feature that allows ISPs to remotely upgrade the firmware on the devices. But the new Mirai malware turns that feature off once it infests a device, complicating DT's cleanup and restoration efforts.
  • San Francisco Rail System Hacker Hacked

    Krebs on Security
    The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, "You Hacked. ALL Data Encrypted." Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location.
  • ATM Insert Skimmers: A Closer Look

    Krebs on Security
    KrebsOnSecurity has featured multiple stories about the threat from ATM fraud devices known as "insert skimmers," wafer-thin data theft tools made to be completely hidden inside of a cash's machine's card acceptance slot. For a closer look at how stealthy insert skimmers can be, it helps to see videos of these things being installed and removed. Here's a look at promotional sales videos produced by two different ATM insert skimmer peddlers.
  • DoD Opens .Mil to Legal Hacking, Within Limits

    Krebs on Security
    Hackers of all stripes looking to test their mettle can now legally hone their cyber skills, tools and weaponry against any Web property operated by the U.S. Department of Defense, according to a new military-wide policy for reporting and fixing security vulnerabilities.

    Security researchers are often reluctant to report programming flaws or security holes they've stumbled upon for fear that the vulnerable organization might instead decide to shoot the messenger and pursue hacking charges. But on Nov. 21, the DoD aimed to clear up any ambiguity on that front for the military's substantial online presence, creating both a centralized place to report cybersecurity flaws across the dot-mil space as well as a legal safe harbor (and the prospect of public recognition) for researchers who abide by a few ground rules.
  • Akamai on the Record KrebsOnSecurity Attack

    Krebs on Security
    Internet infrastructure giant Akamai last week released a special State of the Internet report. Normally, the quarterly accounting of noteworthy changes in distributed denial-of-service (DDoS) attacks doesn't delve into attacks on specific customers. But this latest Akamai report makes an exception in describing in great detail the record-sized attack against KrebsOnSecurity.com in September, the largest such assault it has ever mitigated.

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release