Top IT Security Bloggers

Krebs on Security

NC Fuel Distributor Hit by $800,000 Cyberheist
Krebs on Security
A fuel distribution firm in North Carolina lost more than $800,000 in a cyberheist this month. Had the victim company or its bank detected the unauthorized activity sooner, the loss would have been far less. But both parties failed to notice the attackers coming and going for five days before being notified by a reporter.
Related Posts:
Krebs, KrebsOnSecurity, As Malware Memes
Krebs on Security
Hardly a week goes by when I don't hear from some malware researcher or reader who's discovered what appears to be a new sample of malicious software or nasty link that invokes this author's name or the name of this blog. I've compiled this post to document a few of these examples, some of which are quite funny.
Related Posts:
Conversations with a Bulletproof Hoster
Krebs on Security
Criminal commerce on the Internet would mostly grind to a halt were it not for the protection offered by so-called "bulletproof hosting" providers -- the online equivalent of offshore havens where shady dealings go ignored. Last month I had an opportunity to interview a provider of bulletproof services for one of the Web's most notorious cybercrime forums, and who appears to have been at least partly responsible for launching what's been called the largest cyber attack the Internet has ever seen.
Related Posts:
Ragebooter: ‘Legit’ DDoS Service, or Fed Backdoor?
Krebs on Security
On Monday, I profiled asylumbooter.com, one of several increasingly public DDoS-for-hire services posing as Web site "stress testing" services. Today, we'll look at ragebooter.net, yet another attack service except for one secret feature which sets it apart from the competition: According the site's proprietor, ragebooter.net includes a hidden backdoor that lets the FBI monitor customer activity.
Related Posts:
Microsoft, Adobe Push Critical Security Updates
Krebs on Security
Microsoft and Adobe today each released updates to fix critical security holes in their software. Microsoft's patch batch tackles at least 33 vulnerabilities in Windows and other products, including a fix for a zero-day vulnerability in Internet Explorer 8 that attackers have been exploiting. Separately, Adobe pushed security updates for Flash Player, Adobe Reader, Acrobat and Adobe AIR.
Related Posts:
DDoS Services Advertise Openly, Take PayPal
Krebs on Security
The past few years have brought a proliferation of online services that can be hired to knock Web sites and individual Internet users offline. Once only found advertised in shadowy underground forums, many of today's so-called "booter" or "stresser" services are operated by U.S. citizens who openly advertise their services while hiding behind legally dubious disclaimers. Oh, and they nearly all rely on Paypal to receive payments.
Related Posts:
A Stopgap Fix for the IE8 Zero-Day Flaw
Krebs on Security
Microsoft has released an stopgap solution to help Internet Explorer 8 users blunt the threat from attacks against a zero-day flaw in the browser that is actively being exploited in the wild.
Related Posts:
Trade Sanctions Cited in Hundreds of Syrian Domain Seizures
Krebs on Security
In apparent observation of international trade sanctions against Syria, a U.S. firm that ranks as the world's fourth-largest domain name registrar has seized hundreds of domains belonging to various Syrian entities, including a prominent hacker group and sites associated with the regime of Syrian President Bashar al-Assad.
Related Posts:
Zero-Day Exploit Published for IE8
Krebs on Security
Security experts are warning that a newly discovered vulnerability in Internet Explorer 8 is being actively exploited to break into Microsoft Windows systems. Complicating matters further, computer code that can be used to reliably exploit the flaw is now publicly available online.
Related Posts:
Alleged SpyEye Seller ‘Bx1′ Extradited to U.S.
Krebs on Security
A 24-year-old Algerian man arrested in Thailand earlier this year on suspicion of co-developing and selling the infamous SpyEye banking trojan was extradited this week to the United States, where he faces criminal charges for allegedly hijacking bank accounts at more than 200 financial institutions.
Related Posts:

‹‹ previous 1 2 3 4 ... 10 11 12 13 next ››

CSO Corporate Partners

Get exclusive access to CSO, invitation only events, reports & analysis.

Splunk for Security

Use Splunk to search, alert and report in real time on any user, network, system or application activity, configuration changes, and other IT data from one place.

Submit your training courses

Media Releases

More Media Releases »

Latest Jobs

FTR&D EngineerSA
FTTest EngineerVIC
FTJob Title: Mac Systems/ Enterprise Systems EngineerNZ
FTQuality ManagerSA
FTFlash / ActionScript Developer - ContractNSW
FTOS Web Applications DeveloperNSW
FT.NET - Sitecore Developer - Melbourne - PermNSW
FTLead Software EngineerSA
FTSenior Python DeveloperNSW

Solution Centres

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

Have an incident response plan.

Pre-define your incident response team

Define your approach: watch and learn or contain and recover.

Pre-distribute call cards.

Forensic and incident response data capture.

Get your users on-side.

Know how to report crimes and engage law enforcement.

Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More