Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B | Research/security tips email: cingred@protonmail.com.

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Apple Patch Day: 67 Mac OS X, Safari vulnerabilities

Apple Patch Day: 67 Mac OS X, Safari vulnerabilities

On the same day Microsoft shipped a bundle of patches for gaping holes in its PowerPoint software, Apple followed suit, dropping a monster Mac OS X update to correct 67 security vulnerabilities.The sudden Apple Patch Day also included a patch to cover a trio of flaws in the Safari Web browser (Mac OS X and Windows).

May 12, 2009 by in Apple

Pirated Windows 7 leads to malware, botnet

Pirated Windows 7 leads to malware, botnet

Several news outlets (including eWEEK and Washington Post) are reporting on a new piece of malware embedded into pirated copies of Microsoft's Windows 7 for the express purpose of building a botnet.According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour.

May 12, 2009 by in Windows

D-Link adds CAPTCHA to home routers

D-Link adds CAPTCHA to home routers

On the heels of a series of malware attacks targeting home routers, D-Link today announced the integration of a CAPTCHA system to its home and small office routers.The new CAPTCHA system will be particularly useful to thwart malicious attacks that target default passwords on routers to alter DNS records to hijack all future connections.

May 12, 2009 by in Networking

Microsoft plugs 14 PowerPoint security holes

Microsoft plugs 14 PowerPoint security holes

Microsoft has slapped a massive band-aid on its PowerPoint presentation software to cover at least 14 documented security vulnerabilities.The MS09-017 update, rated "critical," includes a fix for a known code execution flaw that was used to launch targeted exploits via rigged PowerPoint files.

May 12, 2009 by in Enterprise Software

Patch Tuesday: Fix coming for PowerPoint zero-day

Patch Tuesday: Fix coming for PowerPoint zero-day

Exactly one month after malicious hackers started using rigged PowerPoint files to launch targeted attacks, Microsoft announced plans to ship a "critical" bulletin affecting its flagship presentation program.The PowerPoint update is the only bulletin scheduled for this month's Patch Tuesday on May 12, 2009 .

May 7, 2009 by in Enterprise Software

Cybercriminals promoting malware-friendly search engines

Cybercriminals promoting malware-friendly search engines

The cybercriminals behind the ongoing blackhat search engine optimization attacks hijacking swine flu related queries in order to serve scareware, have re-introduced an old social engineering tactic - the use of fake and malware friendly search engines.Researchers from PandaLabs have recently uncovered a similar malicious search engine part of the blackhat SEO campaign, where the majority of searches lead to malware serving sites.

May 7, 2009 by in Security

Layoffs hit Microsoft security unit

Layoffs hit Microsoft security unit

The latest round of layoffs at Microsoft has taken a toll on Redmond's security unit.Steve Riley (left),  a senior security strategist who served as one of the public faces of Microsoft's security efforts, had his position eliminated during the second round of cuts that happened this week.

May 6, 2009 by in Security

Critical security hole in Google Chrome

Critical security hole in Google Chrome

For the second time in two weeks, Google has shipped a new version of its Chrome browser to fix a pair of serious security vulnerabilities.One of the two flaws carry a "critical" rating because of the risk of code execution with the privileges of the logged on user.

May 6, 2009 by in Security

Study: Silent patching best for securing browsers

Study: Silent patching best for securing browsers

Google's decision to silently update the Chrome browser -- without the user's knowledge or consent --  has put the company at the head of the pack when it comes to securing modern Web browsers.That's the big takeaway from a new study that argues that silent updaters are the most effective way to ensure the widest possible distribution of security patches.

May 5, 2009 by in Apple

Botnet hijack: Inside the Torpig malware operation

Botnet hijack: Inside the Torpig malware operation

Security researchers at University of California, Santa Barbara have broken into the nerve center of the Torpig botnet (also called Sinowal or Mebroot) to find a 10-day stash of 10,000 bank accounts and credit card numbers worth hundreds of thousands of dollars.During the botnet hijack, the researchers exploited a weakness in the way the bots tried to locate their C&C servers and found an underground online crime operation collecting about 70GB of stolen data over just ten days.

May 4, 2009 by in Banking

Adobe plugs hole in Flash Media Server

Adobe plugs hole in Flash Media Server

Adobe has shipped a Flash Media Server patch to fix a vulnerability that allowed attackers to execute remote procedures in Flash Media Interactive Server or Flash Media Streaming Server.The update is available for Adobe Flash Media Streaming Server 3.

April 30, 2009 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories