Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can send tips securely via Signal and WhatsApp to 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Mozilla patches a dozen Firefox vulnerabilities

Mozilla patches a dozen Firefox vulnerabilities

Mozilla has shipped a refresh of its flagship Firefox browser to fix a dozen documented vulnerabilities that expose users to URL spoofing, cross-site scripting, code injection and code execution attacks.The most serious fix (MFSA 2009-14) covers four browser engine and JavaScript engine crashes where Mozilla's developers found evidence of memory corruption.

April 22, 2009 by in Security

Google's CAPTCHA experiment and the human factor

Google's CAPTCHA experiment and the human factor

Any research is prone to irrelevance if it starts with the wrong research questions, takes the wrong perspective, or in this case, attempts to fight the wrong enemy - automated bots attempting to recognize CAPTCHAs.Researchers at Google recently released a paper detailing a new CAPTCHA system consisting of correct image rotation (Socially Adjusted CAPTCHAs) whose main purpose is to make it easier for humans, and much harder for bots to recognize them.

April 20, 2009 by in Google

iBotnet: Researchers find signs of zombie Macs

iBotnet: Researchers find signs of zombie Macs

Malware hunters at Symantec have discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.Writing in the current issue of Virus Bulletin (subscription required), researchers Mario Ballano Barcena and Alfredo Pesoli found two malware variants -- OSX.

April 16, 2009 by in Enterprise Software

Microsoft tackles patch management metrics with Project Quant

Microsoft tackles patch management metrics with Project Quant

In partnership with security analyst Rich Mogull (right), Microsoft is set to roll out a new research project to help businesses compute the total cost of the patch-management cycle, from testing and distributing a fix to user deployment of the patch.According to this Dennis Fisher report on Threatpost, the initiative is called Project Quant and is aimed at providing a full metrics model that Microsoft will make freely available to end users.

April 15, 2009 by in Microsoft

Oracle drops mega critical patch bundle

Oracle drops mega critical patch bundle

Oracle has released the first Critical Patch Update for 2009 to provide fixes for at least address 43 vulnerabilities across several database server products. The mega update, released on the same day Microsoft released its own security patches, plugs at least 16 holes in the company's flagship Oracle Database server.

April 15, 2009 by in Enterprise Software

Scareware pops-up at FoxNews

Scareware pops-up at FoxNews

There have been numerous reports from affected users that a scareware variant of PersonalAntivirus and ExtraAntivirus has been poping-up at FoxNews.com during the last couple of days, through a malvertising campaign.

April 14, 2009 by in Security

Twitter hit by multiple variants of XSS worm

Twitter hit by multiple variants of XSS worm

During the weekend and early Monday, at least four separate variants of the original StalkDaily.com XSS worm hit the popular micro-blogging site Twitter,  automatically hijacking accounts and advertising the author's web site by posting tweets on behalf of the account holders, by exploiting cross site scripting flaws at the site.

April 13, 2009 by in Security

Patch Tuesday heads-up: 8 bulletins, 5 critical

Patch Tuesday heads-up: 8 bulletins, 5 critical

Microsoft plans to ship 8 security bulletins next Tuesday (April 14, 2009) to fix remote code execution and denial of service vulnerabilities affecting Windows, Office and Internet Explorer.According to the company's Patch Tuesday advance notice, five of the bulletins will be rated "critical," meaning they can be exploited by hackers to take complete control of Windows machines.

April 9, 2009 by in Security

Conficker botnet stirs, with a scareware business model

Conficker botnet stirs, with a scareware business model

The Conficker botnet has stirred to life, using its peer-to-peer communication system to update itself and download scareware (fake anti-virus programs) to millions of infected Windows machines.The Conficker update comes a week after a heavily-hyped April 1st activation date and provides the first sign of the motivation behind this malware threat -- financially motivated cybercrime.

April 9, 2009 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories