Microsoft Disables Wi-Fi Sense on Windows 10

Microsoft has disabled its controversial Wi-Fi Sense feature, a component embedded in Windows 10 devices that shares access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in — your Facebook friends. Redmond made the announcement almost as a footnote in its Windows … Читать далее

Exploit Sat on LA Times Website for 6 Weeks

The Los Angeles Times has scrubbed its Web site of malicious code that served browser exploits and malware to potentially hundreds of thousands of readers over the past six weeks. On Feb. 7, KrebsOnSecurity heard from two different readers that a subdomain of the LA Times’ news site (offersanddeals.latimes.com) was silently redirecting visitors to a … Читать далее

Double the Love from Friends and Enemies

KrebsOnSecurity.com earned two honors this week at the RSA Security Conference. For the second year running, it was voted the blog that best represents the security industry by judges at the 2012 Social Security Blogger Awards. I was also recognized for a “Security Bloggers Hall of Fame award,” alongside noted security expert Bruce Schneier. Many … Читать далее

Crimevertising: Selling Into the Malware Channel

Anyone who’s run a Web site is probably familiar with the term “malvertising,” which occurs when crooks hide exploits and malware inside of legitimate-looking ads that are submitted to major online advertising networks. But there’s a relatively new form of malware-based advertising that’s gaining ground — otherwise harmless ads for illicit services that are embedded … Читать далее

Amnesty International Site Serving Java Exploit

Amnesty International‘s homepage in the United Kingdom is currently serving malware that exploits a recently-patched vulnerability in Java. Security experts say the attack appears to be part of a nefarious scheme to target human rights workers. The site’s home page has been booby trapped with code that pulls a malicious script from an apparently hacked … Читать далее

Warning About ZeuS Attack Used as Lure

Criminals have co-opted a column I wrote last week about ZeuS Trojan attacks targeted at government and military systems: Scam artists are now spamming out messages that include the first few paragraphs of that story in a bid to trick recipients into downloading the very same Trojan, disguised as a Microsoft security update. Hat tip … Читать далее