Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can securely reach him on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Adobe piggybacks on Microsoft Patch Tuesday

Adobe piggybacks on Microsoft Patch Tuesday

Adobe's first ever quarterly patch for the Reader and Acrobat product lines is set for June 9, the same day Microsoft is scheduled to deliver its batch of security updates.As previously announced, Adobe plans to deliver security updates for Adobe Reader and Acrobat versions 7.

June 5, 2009 by in Security

StrongWebmail CEO's mail account hacked via XSS

StrongWebmail CEO's mail account hacked via XSS

A Webmail service that touts itself as hack-proof and offered $10,000 to anyone who could break into the CEO's e-mail has lost the challenge.A trio of hackers successfully compromised the e-mail using persistent cross-site scripting (XSS) vulnerability and are now claiming the bounty.

June 4, 2009 by in CXO

Typo'd Google domains in Top 10 malware exploit sites

Typo'd Google domains in Top 10 malware exploit sites

Misspelled versions of two popular Google services are among the Top 10 sites hosting exploits for use in drive-by malware download attacks.On the heels of two massive drive-by attacks -- ten of thousands of hijacked sites launching attacks via the browser -- Google released a list showing that malicious hackers are typo-squatting on its domains to evade detection and to keep malware sites alive for long periods.

June 4, 2009 by in Enterprise Software

Email service provider: 'Hack into our CEO's email, win $10k'

Email service provider: 'Hack into our CEO's email, win $10k'

A newly launched startup called StrongWebMail is aiming to add a new layer of secure authentication for its customers - phone verification prior to logging in and alert services for potential email compromises.The company is in fact so confident in its approach that it's currently offering $10,000 reward to the person who breaks into the CEO's email.

June 2, 2009 by in Collaboration

20,000 sites hit with drive-by attack code

20,000 sites hit with drive-by attack code

Hackers have broken into more than 20,000 legitimate Web sites to plant malicious code to be used in drive-by malware attacks.According to a warning from Websense Security Labs, the sites have been discovered to be injected with malicious JavaScript, obfuscated code that leads to an active exploit site.

May 31, 2009 by in Security

Dangerous Microsoft DirectX vulnerability under attack

Dangerous Microsoft DirectX vulnerability under attack

Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support.The company has activated its security response process to deal with the zero-day attacks has issued a pre-patch advisory with workarounds and a one-click "fix it" feature to enable the mitigations.

May 28, 2009 by in Enterprise Software

Twitter API ripe for abuse by web worms

Twitter API ripe for abuse by web worms

A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks.The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as researcher Aviv Raff points out, it's much easier to misuse the Twitter API as a "weak link" to send worms squirming through Twitter.

May 26, 2009 by in Security

Adobe plans quarterly Patch Day for Reader/Acrobat fixes

Adobe plans quarterly Patch Day for Reader/Acrobat fixes

Borrowing a few pages from Microsoft's playbook, Adobe today announced plans for a quarterly Patch Day for its Reader/Acrobat product lines and new initiatives to beef up its code hardening and security response processes.Starting this summer, Adobe Reader and Acrobat security patches will be released on a quarterly schedule and will be timed to coincide with Microsoft's second-Tuesday-of-the month bulletin releases.

May 20, 2009 by in Security

Mac OS X vulnerable to 6-month old Java flaw

Mac OS X vulnerable to 6-month old Java flaw

Attention Mac OS X users:  Turn Java off immediately or you could be at high risk of malicious code execution attacks.Tired of waiting for a patch from Apple for a Java flaw that was fixed upstream six months ago, Mac developer Landon Fuller (of Month of Apple Bugs/Fixes fame) has released a proof of concept exploit to demonstrate the severity of the issue.

May 20, 2009 by in Enterprise Software

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories