Top IT Security Bloggers

Krebs on Security

  • Cyberheists ‘A Helluva Wake-up Call’ to Small Biz

    Krebs on Security
    The $180,000 robbery took the building security and maintenance system installer Primary Systems Inc. by complete surprise. More than two-dozen people helped to steal funds from the company's coffers in an overnight heist on May 2012, but none of the perpetrators were ever caught on video. Rather, a single virus-laden email that an employee clicked on let the attackers open a digital backdoor, exposing security weaknesses that unfortunately persist between many banks and their corporate customers.

  • DHS Warns of ‘Hacktivist’ Threat Against Industrial Control Systems

    Krebs on Security
    The U.S. Department of Homeland Security is warning that a witches brew of recent events make it increasingly likely that politically or ideologically motivated hackers may launch digital attacks against industrial control systems. The alert was issued the same day that security researchers published information about an undocumented software backdoor in industrial control systems sold by hundreds different manufacturers and widely used in power plants, military environments and nautical ships.

  • Adobe Ships Critical Fixes for Shockwave Player

    Krebs on Security
    Adobe has released a critical security update that plugs at least a half-dozen security holes in its Shockwave media player software. Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to the newest version 11.6.8.638, available here. Updates are available for Windows and Mac systems. In its advisory on this update, Adobe says it is not aware of any active attacks against these flaws.

  • Service Sells Access to Fortune 500 Firms

    Krebs on Security
    An increasing number of services offered in the cybercrime underground allow miscreants to purchase access to hacked computers at specific organizations. For just a few dollars, these services offer the ability to buy your way inside of Fortune 500 company networks.

  • Rogue Pharma, Fake AV Vendors Feel Credit Card Crunch

    Krebs on Security
    New research suggests that companies behind some of America's best known consumer brands may be far more effective at fighting cybercrime than any efforts to enact more stringent computer security and anti-piracy laws.

    Recent legislative proposals in the United States -- such as the Stop Online Piracy Act -- have sought to combat online trafficking in copyrighted intellectual property and counterfeit goods by granting Internet service providers and authorities broader powers to prosecute offenders, and by imposing stronger criminal penalties for such activity. But recent data collected by academic researchers suggests that brand holders already have the tools to quash much of this activity.

  • Critical Java Patch Plugs 30 Security Holes

    Krebs on Security
    Oracle on Tuesday pushed out a bevy of security patches for its products, including an update to Java that remedies at least 30 vulnerabilities in the widely-used program.

  • The Scrap Value of a Hacked PC, Revisited

    Krebs on Security
    A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who can't begin to fathom why miscreants would want to hack into his PC. "I don't bank online, I don't store sensitive information on my machine! I only use it to check email. What could hackers possibly want with this hunk of junk?," are all common refrains from this type of user.

    I recently updated the graphic (below) to include some of increasingly prevalent malicious uses for hacked PCs, including hostage attacks -- such as ransomware -- and reputation hijacking on social networking forums.

  • Microsoft Patches Windows, Office Flaws

    Krebs on Security
    Microsoft today pushed out seven updates to fix a variety of security issues in Windows, Microsoft Office and other software. If you’re using Windows, take a moment to check with Windows Update or Automatic Update to see if new security patches are available. Most of the vulnerabilities addressed in this month’s patch batch apply to [...]

  • Critical Adobe Flash Player Update Nixes 25 Flaws

    Krebs on Security
    Adobe has issued an update for its Flash Player software that fixes at least 25 separate security vulnerabilities in the widely-installed program. The company also pushed out a security patch for its Adobe AIR software.

  • ‘Project Blitzkrieg’ Promises More Aggressive Cyberheists Against U.S. Banks

    Krebs on Security
    Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSA's advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. I'm weighting in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about why online attacks are becoming bolder and more brash toward Western targets.