Top IT Security Bloggers

Krebs on Security
  • Alleged Child Porn Lord Faces US Extradition

    Krebs on Security
    In 2013, the FBI exploited a zero-day vulnerability in Firefox to seize control over a Dark Web network of child pornography sites. The alleged owner of that ring - 33-year-old Freedom Hosting operator Eric Eoin Marques - was arrested in Ireland later that year on a U.S. warrant and has been in custody ever since. This week, Ireland's Supreme Court cleared the way for Marques to be extradited to the United States.
  • Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

    Krebs on Security
    Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees -- in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.
  • Why Phone Numbers Stink As Identity Proof

    Krebs on Security
    Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they've become de facto identities. At the same time, when you lose control over a phone number -- maybe it's hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments -- whoever inherits that number can then be you in a lot of places online.
  • Ad Network Sizmek Probes Account Breach

    Krebs on Security
    Online advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers.

    In a recent posting to a Russian-language cybercrime forum, an individual who's been known to sell access to hacked online accounts kicked off an auction for "the admin panel of a big American ad platform."

    "You can add new users to the ad system, edit existing ones and ad offers," the seller wrote. The starting bid was $800.
  • Patch Tuesday, March 2019 Edition

    Krebs on Security
    Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it's time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today's patch batch without any help from users.
  • Insert Skimmer + Camera Cover PIN Stealer

    Krebs on Security
    Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they're frequently disguised as ATM security features -- such as an extra PIN pad privacy cover, or an all-in-one skimmer over the green flashing card acceptance slot at the ATM.

    And sometimes, the scammers just hijack the security camera built into the ATM itself.
  • MyEquifax.com Bypasses Credit Freeze PIN

    Krebs on Security
    Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don't already have an account at the credit bureau's new myEquifax portal, it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.
  • Hackers Sell Access to Bait-and-Switch Empire

    Krebs on Security
    Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records, genealogy reports, phone number lookups and people searches. In an ironic twist, the marketing empire that owns the hacked online properties appears to be run by a Canadian man who’s been sued for fraud by the U.S. Federal Trade Commission, Microsoft and Oprah Winfrey, to name a few.
  • Booter Boss Interviewed in 2014 Pleads Guilty

    Krebs on Security
    A 20-year-old Illinois man has pleaded guilty to running multiple DDoS-for-hire services that launched millions of attacks over several years. The plea deal comes almost exactly five years after KrebsOnSecurity interviewed both the admitted felon and his father and urged the latter to take a more active interest in his son's online activities.
  • Crypto Mining Service Coinhive to Call it Quits

    Krebs on Security
    Roughly one year ago, KrebsOnSecurity published a lengthy investigation into the individuals behind Coinhive[.]com, a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. On Tuesday, Coinhive announced plans to pull the plug on the project early next month.

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release