Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can send tips securely via Signal and WhatsApp to 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Radisson Hotels report significant data breach

Radisson Hotels report significant data breach

Add the Radisson Hotels & Resorts chain to the growing list of businesses reporting significant data breaches that exposed sensitive customer data.In an open letter to guests, Radisson chief operating officer Fredrik Korallus said the hotel chain's computer system was hacked between November 2008 and May 2009 and customer data, including credit and debit card numbers, was stolen.

August 19, 2009 by in Banking

Microsoft WINS vulnerability under attack

Microsoft WINS vulnerability under attack

Just one week after Microsoft issued a fix for a worm hole in the Windows Internet Name Service (WINS), malicious hackers have started launching attacks against unpatched systems.The attacks, first spotted by the SANS Internet Storm Center, are hitting Microsoft Windows users who have not yet applied the MS09-039 update.

August 19, 2009 by in Security

Adobe plugs critical ColdFusion, JRun vulnerabilities

Adobe plugs critical ColdFusion, JRun vulnerabilities

Adobe's never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms.The patches, rated critical, cover a total of 7 vulnerabilities, some of which "could lead to the potential compromise of user accounts or the affected system," according to an advisory from Adobe (Techmeme).

August 18, 2009 by in Enterprise Software

Brazilian ID thieves using Twitter as botnet command channel

Brazilian ID thieves using Twitter as botnet command channel

Arbor Networks security researcher Jose Nazario has stumbled upon a crimeware botnet using Twitter as its command-and-control operation.The botnet, which is linked to identity thieves in Brazil, uses Twitter status messages to communicate with bots -- sending new links for the infected computers to contact and new commands and executables to download and run.

August 13, 2009 by in Banking

Apple drops (another) Mac OS X security patch

Apple drops (another) Mac OS X security patch

Less than a week after fixing 19 Mac OS X security vulnerabilities, Apple is on the patch treadmill again.The company released Security Update 2009-004 to fix a solitary BIND vulnerability that could lead to denial of service attacks.

August 12, 2009 by in Apple

Advanced Mac OS X rootkit tools released

Advanced Mac OS X rootkit tools released

Security researcher Dino Dai Zovi (of Pwn2Own fame) has released a suite of tools to demonstrate how to load an advanced rootkit on Mac OS X machines.The tools were first discussed at this year's Black Hat security conference where Dai Zovi (right) presented techniques to manipulate the way the Mach micro-kernel uses RPC calls to create hidden system calls or create kernel threads.

August 12, 2009 by in Apple

eBay warns of developer password-theft flaw

eBay warns of developer password-theft flaw

If you are a member of the eBay Developer Program, you might want to change your password immediately.According to a warning from eBay's Kumar Kandaswamy, a vulnerability in the service allows malicious hackers to gain information to developer accounts.

August 12, 2009 by in Developer

Campaign Monitor hacked, accounts used for spamming

Campaign Monitor hacked, accounts used for spamming

E-mail marketing software developer Campaign Monitor warned users today of a server compromise that took place during the weekend.The compromise allowed the attackers to gain access to customer accounts, which they abused by importing their own lists of harvested emails in order to launch spam campaigns using the clean IP reputation of their servers.

August 11, 2009 by in Servers

Password-reset flaw haunts WordPress admins

Password-reset flaw haunts WordPress admins

Researchers are sounding the alarm for a serious administrator password-reset vulnerability affecting the latest version of WordPress, the popular open-source blog publishing platform.The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of WordPress MU (multiple user) installation.

August 11, 2009 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories