Microsoft Patch Tuesday, August 2020 Edition

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up! At least 17 of the bugs squashed in August’s patch … Читать далее

Krebs Given ISSA’s ‘President’s Award’

KrebsOnSecurity was honored this month with the 2017 President’s Award for Public Service from the Information Systems Security Association, a nonprofit organization for cybersecurity professionals. The award recognizes an individual’s contribution to the information security profession in the area of public service. It’s hugely gratifying to have received this award, mainly because of the company … Читать далее

Lorem Ipsum: Of Good & Evil, Google & China

Imagine discovering a secret language spoken only online by a knowledgeable and learned few. Over a period of weeks, as you begin to tease out the meaning of this curious tongue and ponder its purpose, the language appears to shift in subtle but fantastic ways, remaking itself daily before your eyes. And just when you are poised to … Читать далее

The Adventures of a Cybercrime Gumshoe

I was fortunate to spend several hours this past week with two reporters whose work I admire. Both wanted to learn more about my job as an independent investigative reporter. Their stories about my story are below. Mark Stencel, a former colleague at Washingtonpost.com who similarly worked his way up from an entry-level job at … Читать далее

Toward A Greater Mobile Mal-Awareness

Several recent developments in mobile malware are conspiring to raise the threat level for Android users, making it easier for attackers to convert legitimate applications into malicious apps and to undermine the technology that security experts use to tell the difference. Source: Symantec Last week, Symantec warned about a new malware toolkit or “binder” designed … Читать далее

One-Stop Bot Chop-Shops

New fraudster-friendly content management systems are making it more likely than ever that crooks who manage botnets and other large groupings of hacked PCs will extract and sell all credentials of value that can be harvested from the compromised machines. Templates like this are helping to spread one-stop-fraud shops. I’ve often observed that botmasters routinely … Читать далее

DEF CON To Feds: We Need Some Time Apart

One of the more time-honored traditions at DEF CON — the massive hacker convention held each year in Las Vegas — is “Spot-the-Fed,” a playful and mostly harmless contest to out undercover government agents who attend the show. But that game might be a bit tougher when the conference rolls around again next month: In … Читать далее

Bugs Money

Talk about geek chic. Facebook has started paying researchers who find and report security bugs by issuing them custom branded “White Hat” debit cards that can be reloaded with funds each time the researchers discover new flaws. Facebook's Bug Bounty debit card for security researchers who report security flaws in its site and applications. I … Читать далее

Adobe Issues Acrobat, Reader Security Patches

Adobe Systems Inc. today issued software updates to fix at least two security vulnerabilities in its widely-used Acrobat and PDF Reader products. Updates are available for Windows, Mac and UNIX versions of these programs. Acrobat and Reader users can update to the latest version, v. 9.3.4, using the built-in updater, by clicking “Help” and then … Читать далее