Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can securely reach him on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Layoffs hit Microsoft security unit

Layoffs hit Microsoft security unit

The latest round of layoffs at Microsoft has taken a toll on Redmond's security unit.Steve Riley (left),  a senior security strategist who served as one of the public faces of Microsoft's security efforts, had his position eliminated during the second round of cuts that happened this week.

May 6, 2009 by in Security

Critical security hole in Google Chrome

Critical security hole in Google Chrome

For the second time in two weeks, Google has shipped a new version of its Chrome browser to fix a pair of serious security vulnerabilities.One of the two flaws carry a "critical" rating because of the risk of code execution with the privileges of the logged on user.

May 6, 2009 by in Security

Study: Silent patching best for securing browsers

Study: Silent patching best for securing browsers

Google's decision to silently update the Chrome browser -- without the user's knowledge or consent --  has put the company at the head of the pack when it comes to securing modern Web browsers.That's the big takeaway from a new study that argues that silent updaters are the most effective way to ensure the widest possible distribution of security patches.

May 5, 2009 by in Apple

Botnet hijack: Inside the Torpig malware operation

Botnet hijack: Inside the Torpig malware operation

Security researchers at University of California, Santa Barbara have broken into the nerve center of the Torpig botnet (also called Sinowal or Mebroot) to find a 10-day stash of 10,000 bank accounts and credit card numbers worth hundreds of thousands of dollars.During the botnet hijack, the researchers exploited a weakness in the way the bots tried to locate their C&C servers and found an underground online crime operation collecting about 70GB of stolen data over just ten days.

May 4, 2009 by in Banking

Adobe plugs hole in Flash Media Server

Adobe plugs hole in Flash Media Server

Adobe has shipped a Flash Media Server patch to fix a vulnerability that allowed attackers to execute remote procedures in Flash Media Interactive Server or Flash Media Streaming Server.The update is available for Adobe Flash Media Streaming Server 3.

April 30, 2009 by in Security

Five 'must-secure' Web app vulnerabilities

Five 'must-secure' Web app vulnerabilities

Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention.According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could lead to the theft of sensitive information and cookie-based authentication credentials.

April 29, 2009 by in Security

Online broker CommSec criticised for weak passwords, lack of SSL

Online broker CommSec criticised for weak passwords, lack of SSL

In times when vendors are vertically integrating by offering virtual keyboards for secure Ebanking, and banks themselves are requiring end users to run antivirus software if they were to file a fraud claim, others are busy fixing security design flaws.Earlier this month, a Melbourne based computer programmer discovered that the 1.

April 29, 2009 by in Security

Adobe: Turn off JavaScript in PDF Reader

Adobe: Turn off JavaScript in PDF Reader

In response to confirmed reports of a zero-day vulnerability in its PDF Reader software, Adobe today urged users on all platforms to disable JavaScript as a temporary measure to avoid code execution attacks.In sharp contrast to previous problems in responding to known security issues, the company acted swiftly to provide information on the affected software versions and offer mitigation guidance to its customers.

April 28, 2009 by in Enterprise Software

Swine flu email scams circulating

Swine flu email scams circulating

Opportunistic scammers and spammers are actively exploiting the swine flu buzz across the web by spamvertising links to pharmaceutical scams, and bogus 'Swine Flu Survival Guides' using search engine optimization of typosquatted domains related to the outbreak.

April 28, 2009 by in Enterprise Software

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories