Corporate Partners

Top IT Security Bloggers

Krebs on Security
  • Chip & PIN vs. Chip & Signature

    Krebs on Security
    The Obama administration recently issued an executive order requiring that federal agencies migrate to more secure chip-and-PIN based credit cards for all federal employees that are issued payment cards. The move marks a departure from the far more prevalent "chip-and-signature" standard, an approach that has been overwhelmingly adopted by a majority of U.S. banks that are currently issuing chip-based cards. This post seeks to explore some of the possible reasons for the disparity.
  • How to Tell Data Leaks from Publicity Stunts

    Krebs on Security
    In an era when new consumer data breaches are disclosed daily, fake claims about data leaks are sadly becoming more common. These claims typically come from fame-seeking youngsters who enjoy trolling journalists and corporations, and otherwise wasting everyone's time. Fortunately, a new analysis of recent bogus breach claims provides some simple tools that anyone can use to quickly identify fake data leak claims.
  • ‘Replay’ Attacks Spoof Chip Card Charges

    Krebs on Security
    An odd new pattern of credit card fraud emanating from Brazil and targeting U.S. financial institutions could spell costly trouble for banks that are just beginning to issue customers more secure chip-based credit and debit cards.
  • ‘Spam Nation’ Publisher Discloses Card Breach

    Krebs on Security
    In the interests of full disclosure: Sourcebooks, the company that on Nov. 18 is publishing my upcoming book about organized cybercrime, disclosed last week that a breach of its Web site shopping cart software may have exposed customer credit card and personal information.

    Fortunately, this breach does not affect readers who have pre-ordered Spam Nation through the retailers I've been recommending -- Amazon, Barnes & Noble, and Politics & Prose. I mention this breach mainly to get out in front of it, and because of the irony and timing of this unfortunate incident.
  • Google Accounts Now Support Security Keys

    Krebs on Security
    People who use Gmail and other Google services now have an extra layer of security available when logging into Google accounts. The company today incorporated into these services the open Universal 2nd Factor (U2F) standard, a physical USB-based second factor sign-in component that only works after verifying the login site is truly a Google site.
  • Banks: Credit Card Breach at Staples Stores

    Krebs on Security
    Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a breach involving in-store customer transactions. Staples says it is investigating "a potential issue" and has contacted law enforcement.
  • Spike in Malware Attacks on Aging ATMs

    Krebs on Security
    This author has long been fascinated with ATM skimmers, custom-made fraud devices designed to steal card data and PINs from unsuspecting users of compromised cash machines. But a recent spike in malicious software capable of infecting and jackpotting ATMs is shifting the focus away from innovative, high-tech skimming devices toward the rapidly aging ATM infrastructure in the United States and abroad.
  • Seleznev Arrest Explains ‘2Pac’ Downtime

    Krebs on Security
    The U.S. Justice Department has piled on more charges against alleged cybercrime kingpin Roman Seleznev, a Russian national who made headlines in July when it emerged that he'd been whisked away to Guam by U.S. federal agents while vacationing in the Maldives. The additional charges against Seleznev may help explain the extended downtime at an extremely popular credit card fraud shop in the cybercrime underground.
  • Microsoft, Adobe Push Critical Security Fixes

    Krebs on Security
    Adobe, Microsoft and Oracle each released updates today to plug critical security holes in their products. Adobe released patches for its Flash Player and Adobe AIR software. A patch from Oracle fixes at least 25 flaws in Java. And Microsoft pushed patches to fix at least two-dozen vulnerabilities in a number of Windows components, including Office, Internet Explorer and .NET. One of the updates addresses a zero-day flaw that reportedly is already being exploited in active cyber espionage attacks.
  • Who’s Watching Your WebEx?

    Krebs on Security
    KrebsOnSecurity spent a good part of the past week working with Cisco to alert more than four dozen companies -- many of them household names -- about regular corporate WebEx conference meetings that lack passwords and are thus open to anyone who wants to listen in.

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Blog Posts

Media Release

More media release

Market Place