Top IT Security Bloggers

Krebs on Security
  • All Banks Should Display A Warning Like This

    Krebs on Security
    One of my Twitter account followers whose tweets I also follow -- @spacerog -- shared with me the following image, which he recently snapped with his phone while waiting in line at the Philadelphia Federal Credit Union. It's an excellent public awareness campaign, and one that I'd like to see replicated at bank branches throughout the country.
  • Java Zero-Day Exploit on Sale for ‘Five Digits’

    Krebs on Security
    Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle's Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.
  • Yahoo Email-Stealing Exploit Fetches $700

    Krebs on Security
    A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits. The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets [...]
  • Beware Card- and Cash-Trapping at the ATM

    Krebs on Security
    Many security-savvy readers of this blog have learned to be vigilant against ATM card skimmers and hidden devices that can record you entering your PIN at the cash machine. But experts say an increasing form of ATM fraud involves the use of simple devices capable of snatching cash and ATM cards from unsuspected users.
  • MoneyGram Fined $100 Million for Wire Fraud

    Krebs on Security
    A week ago Friday, the U.S. Justice Department announced that MoneyGram International had agreed to pay a $100 million fine and admit to criminally aiding and abetting wire fraud and failing to maintain an effective anti-money laundering program. Loyal readers of this blog no doubt recognize the crucial role that MoneyGram and its competitors play in the siphoning of millions of dollars annually from hacked small- to mid-sized business, but incredibly this settlement appears to be unrelated to these cyber heists.
  • Infamous Hacker Heading Chinese Antivirus Firm?

    Krebs on Security
    What does a young Chinese hacker do once he's achieved legendary status for developing Microsoft Office zero-day exploits and using them to hoover up piles of sensitive data from U.S. Defense Department contractors? Would you believe: Start an antivirus firm?

    That appears to be what's happened at Anvisoft, a Chinese antivirus startup that is being somewhat cagey about its origins and leadership. I stumbled across a discussion on the informative Malwarebytes user forum, in which forum regulars were scratching their heads over whether this was a legitimate antivirus vendor. Anvisoft had already been whitelisted by several other antivirus and security products (including Comodo), but the discussion thread on Malwarebytes about who was running this company was inconclusive, prompting me to dig deeper.
  • Microsoft Patches 19 Security Holes

    Krebs on Security
    Microsoft today issued six software updates to fix at least 19 security holes in Windows and other Microsoft products. Thirteen of those vulnerabilities earned a "critical" rating, which means miscreants or malicious code could leverage them to break into vulnerable systems without any help from users.
  • Malware Spy Network Targeted Israelis, Palestinians

    Krebs on Security
    Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets. The discovery, by Oslo-based antivirus and security firm Norman ASA, is the latest in a series of revelations involving digital surveillance activity of unknown origin that [...]
  • Experts Warn of Zero-Day Exploit for Adobe Reader

    Krebs on Security
    Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground.

    The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they've discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because -- beginning with Reader X-- Adobe introduced a "sandbox" feature aimed at blocking the exploitation of previously unidentified security holes in its software, and so far that protection has held its ground.
  • Adobe Ships Election Day Security Update for Flash

    Krebs on Security
    Adobe has released a critical security update for its Flash Player and Adobe AIR software that fixes at least seven dangerous vulnerabilities in these products. Updates are available for Windows, Mac, Linux and Android systems.

Editor's Recommendations

Solution Centres

Brand Page

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release