Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can securely reach him on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Campaign Monitor hacked, accounts used for spamming

Campaign Monitor hacked, accounts used for spamming

E-mail marketing software developer Campaign Monitor warned users today of a server compromise that took place during the weekend.The compromise allowed the attackers to gain access to customer accounts, which they abused by importing their own lists of harvested emails in order to launch spam campaigns using the clean IP reputation of their servers.

August 11, 2009 by in Servers

Password-reset flaw haunts WordPress admins

Password-reset flaw haunts WordPress admins

Researchers are sounding the alarm for a serious administrator password-reset vulnerability affecting the latest version of WordPress, the popular open-source blog publishing platform.The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of WordPress MU (multiple user) installation.

August 11, 2009 by in Security

Microsoft's Bing invaded by pharmaceutical scammers

Microsoft's Bing invaded by pharmaceutical scammers

Rogue online pharmacies have found a way to exploit Bing's advertising program.According to a recently released report by KnujOn and LegitScript, 90% of the Bing sponsored pharmacy ads were rogue ones, shipping counterfeit prescription drugs, with the bogus companies participating part of larger affiliate networks like this one analyzed last year.

August 7, 2009 by in Microsoft

Major security holes in popular XML libraries

Major security holes in popular XML libraries

A security research outfit has issued a warning for several critical vulnerabilities in popular XML libraries used by a wide range of software vendors.The flaws, discovered earlier this year by Codenomicon, affect a wide range of technology products, including servers and server applications, workstations and end user applications, network devices,  embedded systems and mobile devices.

August 6, 2009 by in Servers

Absolute Software downplays BIOS rootkit claims

Absolute Software downplays BIOS rootkit claims

Following a flood of calls from customers, the company behind the LoJack anti-theft service which researchers from Core Security Technologies recently portrait as a security threat, issued a statement downplaying the researchers' claims.According to the statement, LoJack is neither a rootkit, nor does it behave in such a way.

August 5, 2009 by in Security

Apple warns of Mac attack risk via image files

Apple warns of Mac attack risk via image files

Apple today warned that opening or viewing image files could lead to remote code execution attacks against Mac OS X users.In an update that contains fixes for a total of 19 documented vulnerabilities, Apple said malicious hackers could rig PNG (Portable Network Graphics) and other images to take complete control of unpatched Mac systems.

August 5, 2009 by in Apple

Mozilla shuts online store after security breach

Mozilla shuts online store after security breach

The Mozilla Foundation has shuttered its e-commerce store after confirming a security breach at GatewayCDI, the third-party vendor that handles the store's backend operations.The open-source groups said it has asked Gateway CDI to quickly notify individuals who had their sensitive data compromised.

August 5, 2009 by in Security

Plugins compromised in SquirrelMail's web server hack

Plugins compromised in SquirrelMail's web server hack

According to a recently posted update by SquirrelMail's Jonathan Angliss, the source code of three plugins was backdoored during the web server compromise of the popular web-based email application which took place last month.The compromised plugins were embedded with code that was forwarding accounting data to a server maintained by the people behind the hack, something SquirrelMail didn't acknowledge prior to announcing the web server compromise.

August 4, 2009 by in Servers

Fake 'Blue Screen of Death' pushing scareware

Fake 'Blue Screen of Death' pushing scareware

Hackers are using the infamous Windows Blue Screen of Death to trick computer users into downloading fake security software (scareware).According to a discovery by Sunbelt Software, a Windows users are being shown the recognizable blue screen that signifies an operating system crash with a bright red "Security Alert" notice.

August 4, 2009 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories