Top IT Security Bloggers

Krebs on Security
  • Who is Anna-Senpai, the Mirai Worm Author?

    Krebs on Security
    On September 22, 2016, this site was forced offline for nearly four days after it was hit with “Mirai,” a malware strain that enslaves poorly secured Internet of Things (IoT) devices like wireless routers and security cameras into a botnet for use in large cyberattacks. Roughly a week after that assault, the individual(s) who launched that attack -- using the name “Anna Senpai” -- released the source code for Mirai, spawning dozens of copycat attack armies online.

    After months of digging, KrebsOnSecurity is now confident to have uncovered Anna Senpai’s real-life identity, and the identity of at least one co-conspirator who helped to write and modify the malware.
  • Adobe, Microsoft Push Critical Security Fixes

    Krebs on Security
    Adobe and Microsoft on Tuesday each released security updates for software installed on hundreds of millions of devices. Adobe issued an update for Flash Player and for Acrobat/Reader. Microsoft released just four updates to plug some 15 security holes in Windows and related software.
  • Extortionists Wipe Thousands of Databases, Victims Who Pay Up Get Stiffed

    Krebs on Security
    Tens of thousands of personal and possibly proprietary databases that were left accessible to the public online have just been wiped from the Internet, replaced with ransom notes demanding payment for the return of the files. Adding insult to injury, it appears that virtually none of the victims who have paid the ransom have gotten their files back because multiple fraudsters are now wise to the extortion attempts and are competing to replace each other's ransom notes.
  • Krebs’s Immutable Truths About Data Breaches

    Krebs on Security
    I've had several requests for a fresh blog post to excerpt something that got crammed into the corner of a lengthy story published here Sunday: A list of immutable truths about data breaches, cybersecurity and the consequences of inaction.
  • DNI: Putin Led Cyber, Propaganda Effort to Elect Trump, Denigrate Clinton

    Krebs on Security
    Russian President Vladimir Putin directed a massive propaganda and cyber attack operation aimed at discrediting Hillary Clinton and getting Donald Trump elected, the top U.S. intelligence agencies said in a remarkable yet unshocking report released on Friday.
  • Stolen Passwords Fuel Cardless ATM Fraud

    Krebs on Security
    Some financial instutitions are now offering so-called "cardless ATM" transactions that allow customers to withdraw cash using nothing more than their mobile phones. But as the following story illustrates, this new technology also creates an avenue for thieves to quickly and quietly convert stolen customer bank account usernames and passwords into cold hard cash. Worse still, fraudulent cardless ATM withdrawals may prove more difficult for customers to dispute because they place the victim at the scene of the crime.
  • The FTC’s Internet of Things (IoT) Challenge

    Krebs on Security
    One of the biggest cybersecurity stories of 2016 was the surge in online attacks caused by poorly-secured "Internet of Things" (IoT) devices such as Internet routers, security cameras, digital video recorders (DVRs) and smart appliances. Many readers here have commented with ideas about how to counter vulnerabilities caused by out-of-date software in IoT devices, so why not pitch your idea for money? Who knows, you could win up to $25,000 in a new contest put on by the U.S. Federal Trade Commission (FTC).
  • The Download on the DNC Hack

    Krebs on Security
    Over the past few weeks, I've been inundated with questions from readers asking why I haven't written much about two stories that have consumed the news media of late: The alleged Russian hacking attacks against the Democratic National Committee (DNC) and, more recently, the discovery of malware on a laptop at a Vermont power utility that has been attributed to Russian hacker groups. I've avoided covering these stories mainly because I don't have any original reporting to add to them, and because I generally avoid chasing the story of the day -- preferring instead to focus on producing original journalism on cybercrime and computer security.
  • Happy Seventh Birthday, KrebsOnSecurity!

    Krebs on Security
    Hard to believe it's time to celebrate another go 'round the Sun for KrebsOnSecurity! Today marks exactly seven years since I left The Washington Post and started this here solo thing. And what a remarkable year 2016 has been!
  • Holiday Inn Parent IHG Probes Breach Claims

    Krebs on Security
    InterContinental Hotels Group (IHG), the parent company for more than 5,000 hotels worldwide including Holiday Inn, says it is investigating claims of a possible credit card breach at some U.S. locations.

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place