Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can securely reach him on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B | Research/security tips email: cingred@protonmail.com.

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

CardCops: Stolen credit card details getting cheaper

CardCops: Stolen credit card details getting cheaper

The dynamics of the underground marketplace are pretty similar to that of the legitimate marketplace, with cybercriminals demanding and supplying, consolidating and start to work together, and coming up with new monetization approaches in order to continue enjoying the high profit margins of their goods and services.

October 29, 2008 by in Security

'End of life' beckons for Firefox 2

'End of life' beckons for Firefox 2

If you have not yet upgraded to Firefox 3, keep in mind that Mozilla is very close to pulling the plug on support for older versions of the browser.Support for Firefox 2, which includes security and stability patches, is scheduled to end six months after Firefox 3 shipped (June 17, 2008), which puts the end-of-life date in the mid-December range.

October 29, 2008 by in Enterprise Software

Talkback Tuesday: latest MS vulnerability

Talkback Tuesday: latest MS vulnerability

Everyone was discussing the MS08-067 vulnerability and its out-of-cycle patchlast week. My post on the topic elicited several comments from our readers, including the following by frgough: If this had been Apple, the article slant would have been all aboutpoor security models, inherently flawed structure with lots ofadjectives like massive, dangerous, overconfident, etc.

October 28, 2008 by in Enterprise Software

Exploit published for Windows worm hole

Exploit published for Windows worm hole

Reliable exploit code for the remote code execution vulnerability patched with Microsoft's MS08-067 update has been posted to the Internet, prompting a new "patch immediately" advisory from the Redmond software maker.The exploit, which has been added to the freely available Metasploit point-and-click attack tool, provides a roadmap for code execution on Windows 2000, Windows XP, and Windows Server 2003.

October 28, 2008 by in Enterprise Software

Facebook worm finds a friend in Google Reader

Facebook worm finds a friend in Google Reader

The Facebook worm that has been squirming its way through the popular social network now has a new friend -- Google Reader.According to researchers at Fortinet, the worm's creators are wrapping Google's RSS reader around fake video downloads as part of a strategy to strengthen the social engineering component of the attack.

October 28, 2008 by in Security

A peek inside the bank malware epidemic

A peek inside the bank malware epidemic

My colleague at Kaspersky Lab Roel Schouwenberg (see disclosure) has written a very interesting piece on the banker malware landscape, warning that attacks against financial institutions will get much more targeted and sophisticated.Schouwenberg's Attacks on Banks paper takes a close look at how malicious programs targeting financial institutions are designed to evade anti-malware and examines how phishing and money mules serve as the hub for global identity theft attacks.

October 27, 2008 by in Security

Google Android vulnerable to drive-by browser exploit

Google Android vulnerable to drive-by browser exploit

The Google Android operating system is vulnerable to a serious security vulnerability that allows malicious hackers to launch drive-by browser attacks, according to alert from a security research outfit.Technical details of the vulnerability, which occurs because Google Android uses an unpatched open-source software package, is being kept under wraps until a patch is available.

October 27, 2008 by in Mobility

Latest MS Vuln eerily similar to one from two years previous

Latest MS Vuln eerily similar to one from two years previous

The recently discovered critical Windows vulnerability that necessitated an out-of-cycle patch is extremely similar to one that first appeared two years ago. The MS08-067 vulnerability, which was originally spotted by analyzing in-the-wild captures, is remarkably similar to the MS06-040 vulnerability that enabled the spread of a variant of the Mocbot trojan, leading security researchers to believe that it will be used to renovate an old worm.

October 23, 2008 by in Microsoft

MS ships emergency patch for Windows worm hole

MS ships emergency patch for Windows worm hole

Microsoft has released an out-of-band patch to fix an extremely critical worm hole that exposes Windows users to remote code execution attacks.The emergency update comes just one week after the regularly scheduled Patch Tuesday and follows the discovery of a targeted zero-day attack, Microsoft said in an advisory.

October 23, 2008 by in Enterprise Software

Google to introduce warnings for potentially hackable sites

Google to introduce warnings for potentially hackable sites

Last week, Google's Patrick Chapman and Matt Cutts announced that they're experimenting with a new security feature aiming to alert webmasters on the potential for having their sites hacked due to the outdated version of their web applications, starting with Wordpress only :"Recently we've seen more websites get hacked because of various security holes.

October 22, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories