Top IT Security Bloggers

Krebs on Security
  • Annual Protest Raises $250K to Cure Krebs

    Krebs on Security
    For the second year in a row, denizens of a large German-language online forum have donated more than USD $250,000 to cancer research organizations in protest of a story KrebsOnSecurity published in 2018 that unmasked the creators of Coinhive, a now-defunct cryptocurrency mining service that was massively abused by cybercriminals. Krebs is translated as "cancer" in German.
  • Man Behind Fatal ‘Swatting’ Gets 20 Years

    Krebs on Security
    Tyler Barriss, a 26-year-old California man who admitted making a phony emergency call to police in late 2017 that led to the shooting death of an innocent Kansas resident, has been sentenced to 20 years in federal prison.
  • A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach

    Krebs on Security
    On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company's customers were being sold in the cybercrime underground. Today, Buca's parent firm announced it had remediated a 10-month breach of its payment systems at dozens of restaurants, including some locations of its other brands such as Earl of Sandwich and Planet Hollywood.
  • Alleged Child Porn Lord Faces US Extradition

    Krebs on Security
    In 2013, the FBI exploited a zero-day vulnerability in Firefox to seize control over a Dark Web network of child pornography sites. The alleged owner of that ring - 33-year-old Freedom Hosting operator Eric Eoin Marques - was arrested in Ireland later that year on a U.S. warrant and has been in custody ever since. This week, Ireland's Supreme Court cleared the way for Marques to be extradited to the United States.
  • Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

    Krebs on Security
    Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees -- in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.
  • Why Phone Numbers Stink As Identity Proof

    Krebs on Security
    Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they've become de facto identities. At the same time, when you lose control over a phone number -- maybe it's hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments -- whoever inherits that number can then be you in a lot of places online.
  • Ad Network Sizmek Probes Account Breach

    Krebs on Security
    Online advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers.

    In a recent posting to a Russian-language cybercrime forum, an individual who's been known to sell access to hacked online accounts kicked off an auction for "the admin panel of a big American ad platform."

    "You can add new users to the ad system, edit existing ones and ad offers," the seller wrote. The starting bid was $800.
  • Patch Tuesday, March 2019 Edition

    Krebs on Security
    Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it's time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today's patch batch without any help from users.
  • Insert Skimmer + Camera Cover PIN Stealer

    Krebs on Security
    Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they're frequently disguised as ATM security features -- such as an extra PIN pad privacy cover, or an all-in-one skimmer over the green flashing card acceptance slot at the ATM.

    And sometimes, the scammers just hijack the security camera built into the ATM itself.
  • MyEquifax.com Bypasses Credit Freeze PIN

    Krebs on Security
    Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don't already have an account at the credit bureau's new myEquifax portal, it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

Editor's Recommendations

Solution Centres

Brand Page

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release