Top IT Security Bloggers
Krebs on Security
-
All Banks Should Display A Warning Like This
Krebs on SecurityOne of my Twitter account followers whose tweets I also follow -- @spacerog -- shared with me the following image, which he recently snapped with his phone while waiting in line at the Philadelphia Federal Credit Union. It's an excellent public awareness campaign, and one that I'd like to see replicated at bank branches throughout the country. -
Java Zero-Day Exploit on Sale for ‘Five Digits’
Krebs on SecurityMiscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle's Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned. -
Yahoo Email-Stealing Exploit Fetches $700
Krebs on SecurityA zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits. The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets [...] -
Beware Card- and Cash-Trapping at the ATM
Krebs on SecurityMany security-savvy readers of this blog have learned to be vigilant against ATM card skimmers and hidden devices that can record you entering your PIN at the cash machine. But experts say an increasing form of ATM fraud involves the use of simple devices capable of snatching cash and ATM cards from unsuspected users. -
MoneyGram Fined $100 Million for Wire Fraud
Krebs on SecurityA week ago Friday, the U.S. Justice Department announced that MoneyGram International had agreed to pay a $100 million fine and admit to criminally aiding and abetting wire fraud and failing to maintain an effective anti-money laundering program. Loyal readers of this blog no doubt recognize the crucial role that MoneyGram and its competitors play in the siphoning of millions of dollars annually from hacked small- to mid-sized business, but incredibly this settlement appears to be unrelated to these cyber heists. -
Infamous Hacker Heading Chinese Antivirus Firm?
Krebs on SecurityWhat does a young Chinese hacker do once he's achieved legendary status for developing Microsoft Office zero-day exploits and using them to hoover up piles of sensitive data from U.S. Defense Department contractors? Would you believe: Start an antivirus firm?
That appears to be what's happened at Anvisoft, a Chinese antivirus startup that is being somewhat cagey about its origins and leadership. I stumbled across a discussion on the informative Malwarebytes user forum, in which forum regulars were scratching their heads over whether this was a legitimate antivirus vendor. Anvisoft had already been whitelisted by several other antivirus and security products (including Comodo), but the discussion thread on Malwarebytes about who was running this company was inconclusive, prompting me to dig deeper. -
Microsoft Patches 19 Security Holes
Krebs on SecurityMicrosoft today issued six software updates to fix at least 19 security holes in Windows and other Microsoft products. Thirteen of those vulnerabilities earned a "critical" rating, which means miscreants or malicious code could leverage them to break into vulnerable systems without any help from users. -
Malware Spy Network Targeted Israelis, Palestinians
Krebs on SecurityResearchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets. The discovery, by Oslo-based antivirus and security firm Norman ASA, is the latest in a series of revelations involving digital surveillance activity of unknown origin that [...] -
Experts Warn of Zero-Day Exploit for Adobe Reader
Krebs on SecuritySoftware vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground.
The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they've discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because -- beginning with Reader X-- Adobe introduced a "sandbox" feature aimed at blocking the exploitation of previously unidentified security holes in its software, and so far that protection has held its ground. -
Adobe Ships Election Day Security Update for Flash
Krebs on SecurityAdobe has released a critical security update for its Flash Player and Adobe AIR software that fixes at least seven dangerous vulnerabilities in these products. Updates are available for Windows, Mac, Linux and Android systems.