Top IT Security Bloggers

Krebs on Security
  • Styx Exploit Pack: Domo Arigato, PC Roboto

    Krebs on Security
    Not long ago, miscreants who wanted to buy an exploit kit -- automated software that helps booby-trap hacked sites to deploy malicious code -- had to be fairly well-connected, or at least have access to semi-private underground forums. These days, some exploit kit makers are brazenly advertising and offering their services out in the open, marketing their wares as browser vulnerability "stress-test platforms."
  • Carberp Code Leak Stokes Copycat Fears

    Krebs on Security
    The source code for "Carberp" -- a botnet creation kit coded by a team of at least two dozen hackers who used it to relieve banks of an estimated $250 million -- has been posted online for anyone to download. The code leak offers security experts a fascinating and somewhat rare glimpse into the malcoding economy, but many also worry that its publication will spawn new hybrid strains of sophisticated banking malware.
  • How Much is Your Gmail Worth?

    Krebs on Security
    If you use Gmail and have ever wondered how much your account might be worth to cyber thieves, have a look at Cloudsweeper, a new service launching this week that tries to price the value of your Gmail address based on the number of retail accounts you have tied to it and the current resale value of those accounts in the underground.
  • Web Badness Knows No Bounds

    Krebs on Security
    If your strategy for remaining safe and secure online is mainly to avoid visiting dodgy Web sites, it's time to consider a new approach. Data released today by Google serves as a welcome reminder that drive-by malware attacks are far more likely to come from hacked, legitimate Web sites than from sites set up by attackers to intentionally host and distribute malicious software.
  • Microsoft to Offer Standing Bug Bounty

    Krebs on Security
    Microsoft said today it will pay up to $100,000 to security researchers who find and report novel methods for bypassing the security built into the latest version of the company's flagship operating system. Researchers who go the extra mile and can also demonstrate a way to block the new attack method they've reported can earn an extra $50,000.
  • Critical Update Plugs 40 Security Holes in Java

    Krebs on Security
    Oracle today released a critical patch update for its Java software that fixes at least 40 security vulnerabilities in this widely deployed program and browser plugin. Updates are available for Java 7 on both Mac and Windows.
  • Windows Security 101: EMET 4.0

    Krebs on Security
    Several years ago, Microsoft released the Enhanced Mitigation Experience Toolkit (EMET), a free tool that can help Windows users beef up the security of third-party applications. This week, Microsoft debuted EMET 4.0, which includes some important new security protections and compatibility fixes for this unobtrusive but effective security tool.
  • Double Cashing With Mobile Banking

    Krebs on Security
    The case of a Kentucky man arrested this month for using mobile banking to steal thousands of dollars from a local supermarket chain highlights the security loopholes that thieves can exploit in mobile check deposit schemes being deployed by financial institutions across the country.
  • Iranian Elections Bring Lull in Bank Attacks

    Krebs on Security
    For nearly nine months, hacker groups thought to be based in Iran have been launching large-scale cyberattacks designed to knock U.S. bank Websites offline. But those assaults have subsided over the past few weeks as Iranian hacker groups have begun turning their attention toward domestic targets, launching sophisticated phishing attacks against fellow citizens leading up to today's presidential election there.
  • MtGox Phishing Campaign Hits Bing, Yahoo!

    Krebs on Security
    An active phishing campaign targeting account holders at popular Bitcoin exchange MtGox.com has hijacked the top search results at Bing and Yahoo.com, redirecting unwary clickers to mtpox.com, a look-alike domain and Web site that was registered on June 12, 2013, less than 24 hours ago.

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release