Top IT Security Bloggers
Krebs on Security
-
Java Patch Plugs 19 Security Holes
Krebs on SecurityOracle this week released its quarterly patch update for Java, a widely-installed program that for most casual users has probably introduced more vulnerability than utility. If you have Java installed and require it for some application or Web site, it's time to update it. If you're not sure you have Java on your computer or are unsure why you still have it, read on for advice that could save you some security headaches down the road. -
How Was Your Credit Card Stolen?
Krebs on SecurityAlmost once a week, I receive an email from a reader who has suffered credit card fraud and is seeking help figuring out which hacked merchant was responsible. I generally reply that this is a fruitless pursuit, and instead encourage readers to keep a close eye on their card statements and report any fraud. But it occurred to me recently that I've never published a primer on the types of card fraud and the likelihood with each of the cardholder ever learning how their account was compromised. This post is an effort to remedy that. -
Another Lizard Arrested, Lizard Lair Hacked
Krebs on SecuritySeveral media outlets are reporting that authorities in the United Kingdom early this morning arrested an 18-year-old in connection with the denial-of-service attacks on Sony Playstation and Microsoft Xbox systems over Christmas. The arrest is one of several tied to a joint U.K. and U.S. law enforcement investigation into a group calling itself the "Lizard Squad," and comes as the group's attack-for-hire online service was completely compromised and leaked to investigators. -
Park ‘N Fly, OneStopParking Confirm Breaches
Krebs on SecurityLate last year, KrebsOnSecurity wrote that two huge swaths of credit card numbers put up for sale in the cybercrime underground had likely been stolen from Park 'N Fly and from OneStopParking.com, competing airport parking services that lets customers reserve spots in advance of travel via Internet reservation systems. This week, both companies confirmed that they had indeed suffered a breach. -
Adobe, Microsoft Push Critical Security Fixes
Krebs on SecurityMicrosoft on Tuesday posted eight security updates to fix serious security vulnerabilities in computers powered by its Windows operating system. Separately, Adobe pushed out a patch to plug at least nine holes in its Flash Player software. -
Toward Better Privacy, Data Breach Laws
Krebs on SecurityPresident Obama on Monday outlined a proposal that would require companies to inform their customers of a data breach within 30 days of discovering their information has been hacked. But depending on what is put in and left out of any implementing legislation, the effort could well could lead to more voluminous but less useful disclosure. Here are a few thoughts about how a federal breach law could produce fewer yet more meaningful notice that may actually help prevent future breaches. -
KrebsOnSecurity Wins Ntl’ Journalism Award
Krebs on SecurityI put this out on Twitter last Friday but wanted to note it here in the blog as well: The National Press Foundation graciously announced last week that it plans to award me its Chairman's Citation, which "confers recognition on individuals whose accomplishments fall outside the traditional categories of excellence." -
Lizard Stresser Runs on Hacked Home Routers
Krebs on SecurityThe online attack service launched late last year by the same criminals who knocked Sony and Microsoft’s gaming networks offline over the holidays is powered mostly by thousands of hacked home Internet routers, KrebsOnSecurity.com has discovered. -
Thieves Jackpot ATMs With ‘Black Box’ Attack
Krebs on SecurityPrevious stories here about ATM skimming attacks have focused on innovative fraud devices made to attach to the outside of compromised ATMs. Security experts are now warning about a new class of skimming scams aimed at draining ATM cash deposits via a novel and complex attack designed to empty affected ATMs of all available cash. -
Who’s Attacking Whom? Realtime Attack Trackers
Krebs on SecurityIt seems nearly every day we're reading about Internet attacks aimed at knocking sites offline and breaking into networks, but it's often difficult to visualize this type of activity. In this post, we'll take a look at multiple services for tracking online attacks and attackers around the globe and in real-time.