Top IT Security Bloggers

Krebs on Security
  • Facebook, Yahoo Fix Valuable $ecurity Hole$

    Krebs on Security
    Both Facebook and Yahoo! recently fixed security holes that let hackers hijack user accounts. Interestingly, access to methods for exploiting both of the flaws appears to have been sold by the same miscreant in the cybercrime underground.
  • Adobe, Microsoft Ship Critical Security Updates

    Krebs on Security
    Adobe and Microsoft today separately issued updates to fix critical security vulnerabilities in their products. Adobe pushed out fixes for security issues in Acrobat, Adobe Reader and its Flash Player plugin. Microsoft released seven patches addressing at least a dozen security holes in Windows and other software, although it failed to issue an official patch for a dangerous flaw in its Internet Explorer Web browser that attackers are now actively exploiting.
  • ‘Value of a Hacked PC’ Graphic Goes Global

    Krebs on Security
    The Value of a Hacked PC graphic, which I published on this blog a few months ago to explain bad guy uses for your PC, is getting a makeover. I’m honored to say that the SANS Institute, a security training group, has taken the idea and run with it as an educational tool, and is in [...]
  • Crimeware Author Funds Exploit Buying Spree

    Krebs on Security
    The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes.
  • Turkish Registrar Enabled Phishers to Spoof Google

    Krebs on Security
    Google and Microsoft today began warning users about active phishing attacks against Google's online properties. The two companies said the attacks resulted from a fraudulent digital certificate that was mistakenly issued by a domain registrar run by the Turkish government.
  • Does Your Alarm Have a Default Duress Code?

    Krebs on Security
    Sometimes it takes a security scare to help improve your overall security posture. Case in point: Over the holidays, I learned that our alarm system -- one of the most widely used home security systems in America -- contains a default code that disables the alarm. Although entering this code simultaneously alerts the police that an intruder is in the house, it also could give thieves just enough time to get away with your valuables without alerting the neighbors.
  • Attackers Target Internet Explorer Zero-Day Flaw

    Krebs on Security
    Attackers are breaking into Microsoft Windows computers using a newly discovered vulnerability in Internet Explorer, security experts warn. While the flaw appears to have been used mainly in targeted attacks so far, this vulnerability could become more widely exploited if incorporated into commercial crimeware kits sold in the underground.
  • Happy 3rd Birthday!

    Krebs on Security
    It’s difficult to believe I’ve been doing this solo thing for so long, but as a thoughtful reader just reminded me, Dec. 29 marks the third anniversary of the blog! This past year, KrebsOnSecurity featured nearly 200 blog posts, entries that have generated some 5,700 reader comments. Reader feedback and comments add tremendous value [...]
  • Exploring the Market for Stolen Passwords

    Krebs on Security
    Not long ago, PCs compromised by malware were put to a limited number of fraudulent uses, including spam, click fraud and denial-of-service attacks. These days, computer crooks are extracting and selling a much broader array of data stolen from hacked systems, including passwords and associated email credentials tied to a variety of online retailers.
  • Shocking Delay in Fixing Adobe Shockwave Bug

    Krebs on Security
    The Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT) is warning about a dangerous security hole in Adobe's Shockwave Player that could be used to silently install malicious code. The truly shocking aspect of this bug? U.S. CERT first warned Adobe about the vulnerability in October 2010, and Adobe says it won't be fixing it until February 2013.

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release