Top IT Security Bloggers

Krebs on Security
  • In a Zero-Day World, It’s Active Attacks that Matter

    Krebs on Security
    The recent zero-day vulnerability in Internet Explorer caused many (present company included) to urge Internet users to consider surfing the Web with a different browser until Microsoft issued a patch. Microsoft did so last month, but not before experts who ought to have known better began downplaying such advice, pointing out that other browser makers have more vulnerabilities and just as much exposure to zero-day flaws.

    This post examines hard data that shows why such reasoning is more emotional than factual. Unlike Google Chrome and Mozilla Firefox users, IE users were exposed to active attacks against unpatched, critical vulnerabilities for months at a time over the past year and a half.
  • Chinese Hackers Blamed for Intrusion at Energy Industry Giant Telvent

    Krebs on Security
    A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts says digital fingerprints left behind by attackers point to a Chinese hacking [...]
  • Espionage Hackers Target ‘Watering Hole’ Sites

    Krebs on Security
    Security experts are accustomed to direct attacks, but some of today's more insidious incursions succeed in a roundabout way -- by planting malware at sites deemed most likely to be visited by the targets of interest. New research suggests these so-called "watering hole" tactics recently have been used as stepping stones to conduct espionage attacks against a host of targets across a variety of industries, including the defense, government, academia, financial services, healthcare and utilities sectors.
  • Microsoft Fixes Zero-Day, Four Other Flaws in IE

    Krebs on Security
    Microsoft has released an emergency update for Internet Explorer that fixes at least five vulnerabilities in the default Web browser on Windows, including a zero-day flaw that miscreants have been using to break into vulnerable systems.

    The patch, MS12-063, is available through Windows Update or via Automatic Update. If you installed the stopgap "fix it" tool that Microsoft released earlier this week to blunt the threat from the zero-day bug, you need not reverse or remove that fix it before applying this update. The vulnerability resides in IE 7, 8, and 9, on nearly all supported versions of Windows, apart from certain installations of Windows Server 2008 and Windows Server 2012.
  • Microsoft Issues Stopgap Fix for IE 0-Day Flaw

    Krebs on Security
    Microsoft today released a stopgap fix for a critical security flaw in most versions of Internet Explorer that hackers have been exploiting to break into Windows systems. The company said it expects to issue an official patch (MS12-063) for the vulnerability on Friday, Sept. 21. The company released a “fix it” tool, available from this [...]
  • Malware Dragnet Snags Millions of Infected PCs

    Krebs on Security
    Last week, Microsoft Corp. made headlines when it scored an unconventional if not unprecedented legal victory: Convincing a U.S. court to let it seize control of a Chinese Internet service provider’s network as part of a crackdown on piracy.

    I caught up with Microsoft’s chief legal strategist shortly after that order was executed, in a bid to better understand what they were seeing after seizing control over more than 70,000 domains that were closely associated with distributing hundreds of strains of malware. Microsoft said that within hours of the takeover order being granted, it saw more than 35 million unique Internet addresses phoning home those 70,000 malicious domains.
  • Internet Explorer Users: Please Read This

    Krebs on Security
    Microsoft is urging Windows users who browse the Web with Internet Explorer to use a free tool called EMET to block attacks against a newly-discovered and unpatched critical security hole in IE versions 7, 8 and 9. But some experts say that advice falls short, and that users can better protect themselves by using an alternative browser until Microsoft can issue a proper patch.
  • Exploit Released for Zero-Day in Internet Explorer

    Krebs on Security
    A working exploit that takes advantage of a previously unknown critical security hole in Internet Explorer has been published online. Experts say the vulnerability is being actively exploited in the wild, and that it appears to be connected to the same group of Chinese hackers responsible for unleashing a pair of Java zero-day exploits late last month.
  • ID Theft Service Tied to Payday Loan Sites

    Krebs on Security
    A Web site that sells Social Security numbers, bank account information and other sensitive data on millions of Americans appears to be obtaining at least some of its records from a network of hacked or complicit payday loan sites.
  • Microsoft Disrupts ‘Nitol’ Botnet in Piracy Sweep

    Krebs on Security
    Microsoft said Thursday that it convinced a U.S. federal court to grant it control over a botnet believed to be closely linked to counterfeit versions Windows that were sold in various computer stores across China. The legal victory also highlights a Chinese Internet service that experts say has long been associated with targeted, espionage attacks against U.S. and European corporations.

Editor's Recommendations

Solution Centres

Brand Page

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release