Top IT Security Bloggers

Krebs on Security

  • Researchers: Chip and PIN Enables ‘Chip and Skim’

    Krebs on Security
    Researchers in the United Kingdom say they've discovered mounting evidence that thieves have been quietly exploiting design flaws in a security system widely used in Europe to prevent credit and debit card fraud at cash machines and point-of-sale devices.

  • Microsoft Pushes Two Security Patches

    Krebs on Security
    Microsoft today issued security updates to fix at least two vulnerabilities in its software. The fixes are for enterprise components that are not widely installed, meaning that Windows home users will likely get away with not having to patch their operating system this month.

  • Donkey Express: Mules Take Over the Mail

    Krebs on Security
    This blog has featured several stories on reshipping scams, which recruit willing or unwitting U.S. citizens ("mules") to reship abroad pricey items that are paid for with stolen credit cards. Today's post highlights a critical component of this scheme: the black-market sale of international shipping labels fraudulently purchased from the U.S. Postal Service.

  • Apple Releases Fix for Critical Java Flaw

    Krebs on Security
    Apple has issued an update for Mac OS X installations of Java that fixes at least one critical security vulnerability in the software.

  • A Handy Way to Foil ATM Skimmer Scams

    Krebs on Security
    I spent several hours this past week watching video footage from hidden cameras that skimmer thieves placed at ATMs to surreptitiously record customers entering their PINs. I was surprised to see that out of the dozens of customers that used these cash machines, only one bothered to take the simple security precaution of covering his hand when entering his 4-digit code.

  • Security Fix for Critical Java Flaw Released

    Krebs on Security
    Oracle has issued an urgent update to close a dangerous security hole in its Java software that attackers have been using to deploy malicious software. The patch comes amid revelations that Oracle was notified in April about this vulnerability and a number other other potentially unpatched Java flaws.

  • Researchers: Java Zero-Day Leveraged Two Flaws

    Krebs on Security
    New analysis of a zero-day Java exploit that surfaced last week indicates that it takes advantage of not one but two previously unknown vulnerabilities in the widely-used software. The latest figures suggest that more than a billion users may be vulnerable to attack.

  • Attackers Pounce on Zero-Day Java Exploit

    Krebs on Security
    Attackers have seized upon a previously unknown security hole in Oracle's ubiquitous Java software to break into vulnerable systems. So far, the attacks exploiting this weakness have been targeted and not widespread, but it appears that the exploit code is now public and is being folded into more widely-available attack tools such as Metasploit and exploit kits like BlackHole.

  • Dropbox Now Offers Two-Step Authentication

    Krebs on Security
    Online file-backup and storage service Dropbox has begun offering a two-step authentication feature to help users beef up the security of their accounts. The promised change comes less than a month after the compromise of a Dropbox employee's account exposed many Dropbox user email addresses.

  • New Adobe Flash Player Update Fixes 6 Flaws

    Krebs on Security
    For the second time in a week, Adobe has shipped a critical security update for its Flash Player software. This patch, part of a planned release, closes at least six security holes in the widely-used browser plugin, and comes just one week after the company rushed out a fix for a flaw that attackers were already exploiting in the wild.