Top IT Security Bloggers

Krebs on Security
  • iPhone Robbers Try to iPhish Victims

    Krebs on Security
    In another strange tale from the kinetic-attack-meets-cyberattack department, earlier this week I heard from a loyal reader in Brazil whose wife was recently mugged by three robbers who nabbed her iPhone. Not long after the husband texted the stolen phone -- offering to buy back the locked device -- he soon began receiving text messages stating the phone had been found. All he had to do to begin the process of retrieving the device was click the texted link and log in to the phishing page mimicking Apple's site.
  • How to Bury a Major Breach Notification

    Krebs on Security
    Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation's largest companies. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure. This post is an attempt to remedy that.
  • February Updates from Adobe, Microsoft

    Krebs on Security
    A handful of readers have inquired as to the whereabouts of Microsoft's usual monthly patches for Windows and related software. Microsoft opted to delay releasing any updates until next month, even though there is a zero-day vulnerability in Windows going around. However, Adobe did push out updates this week as per usual to fix critical issues in its Flash Player software
  • Men Who Sent Swat Team, Heroin to My Home Sentenced

    Krebs on Security
    It's been a remarkable week for cyber justice. On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separately, a 19-year-old American who admitted to being part of a hacker group that sent a heavily-armed police force to my home in 2013 was sentenced to three years probation.
  • Who Ran Leakedsource.com?

    Krebs on Security
    Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches -- including billions of credentials for accounts at top sites like LinkedIn, Myspace, and Yahoo.

    In a development that may turn out to be deeply ironic, it seems that the real-life identity of Leakedsource's principal owner may have been exposed by many of the same stolen databases he's been peddling.
  • Fast Food Chain Arby’s Acknowledges Breach

    Krebs on Security
    Sources at nearly a half-dozen banks and credit unions independently reached out over the past 48 hours to inquire if I'd heard anything about a data breach at Arby's fast-food restaurants. Asked about the rumors, Arby's told KrebsOnSecurity that it recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide.
  • ‘Top 10 Spammer’ Indicted for Wire Fraud

    Krebs on Security
    Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email purveyor tagged as one of the World's Top 10 Worst Spammers, was indicted this week on federal wire fraud charges tied to an alleged spamming operation.
  • House Passes Long-Sought Email Privacy Bill

    Krebs on Security
    The U.S. House of Representatives on Monday approved a bill that would update the nation's email surveillance laws so that federal investigators are required to obtain a court-ordered warrant for access to older stored emails. Under the current law, U.S. authorities can legally obtain stored emails older than 180 days using only a subpoena issued by a prosecutor or FBI agent without the approval of a judge.
  • InterContinental Confirms Breach at 12 Hotels

    Krebs on Security
    InterContinental Hotels Group (IHG), the parent company for thousands of hotels worldwide including Holiday Inn, acknowledged Friday that a credit card breach impacted at least a dozen properties nationwide. News of the breach was first reported by KrebsOnSecurity more than a month ago.
  • How Google Took on Mirai, KrebsOnSecurity

    Krebs on Security
    The third week of September 2016 was a dark and stormy one for KrebsOnSecurity. Wave after wave of huge denial-of-service attacks flooded this site, forcing me to pull the plug on it until I could secure protection from further assault. The site resurfaced three days later under the aegis of Google's Project Shield, an initiative which seeks to protect journalists and news sites from being censored by these crippling digital sieges.

    Damian Menscher, a Google security engineer with whom I worked very closely on the migration to Project Shield, spoke publicly for the first time this week about the unique challenges involved in protecting a small site like this one from very large, sustained and constantly morphing attacks.

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place