Authorities in the United States, United Kingdom and Ukraine launched a series of law enforcement sweeps beginning late last month against some of the world’s most notorious gangs running botnets powered by ZeuS, a powerful password-stealing Trojan horse program. ZeuS botnet activity worldwide took a major hit almost immediately thereafter, but it appears to be already on the rebound, according to one prominent ZeuS-watching site.
An organized cyber crime gang known for aggressively pushing male enhancement drugs and other knockoff pharmaceuticals used Internet addresses belonging to Microsoft in a massive denial-of-service attack against KrebsOnSecurity.com late last month.
Oracle today released a critical update to its widely-installed Java software, fixing at least 29 security vulnerabilities in the program. Most consumers on Microsoft Windows PCs will have some version of Java installed (if you’re not sure whether you have… Read More »
Microsoft today issued 16 update bundles to fix a record-breaking 49 separate security vulnerabilities in computers powered by its Windows operating systems and other software.
I have long urged readers who have no need for Java to remove the program, because failing to keep this software updated with the latest security patches exposes users to dangerous, ubiquitous attacks. In this blog post, I’ll show readers how attacks against Java vulnerabilities have fast emerged as the top moneymaker for authors of the best-selling “exploit kits,” commercial software designed to be stitched into hacked or malicious sites to exploit a variety of Web-browser vulnerabilities.
Take one look at the newest kit on the block – “Blackhole” — and it is plain that Java vulnerabilities continue to be give attackers the most mileage and profit, and have surpassed Adobe flaws as the most successful exploit vehicles.
In response to a series of costly online banking heists perpetrated against towns, cities and school districts, Sen. Charles Schumer (D-NY) has introduced legislation that would extend those entities the same protections afforded to consumers who are victims of e-banking… Read More »
The Federal Communications Commissions (FCC) may soon kickstart a number of new initiatives to encourage Internet service providers to do a better job cleaning up bot-infected PCs and malicious Web sites on their networks, KrebsOnSecurity has learned.
A new security update from Adobe plugs at least 23 security holes in its PDF Reader and Acrobat software, including two vulnerabilities that attackers are actively exploiting to break into computers. Adobe is urging Reader and Acrobat users of versions… Read More »
Spam trackers are seeing a fairly dramatic drop in junk e-mail sent over the past few days, specifically spam relayed by the one of the world’s largest spam botnets – although security experts disagree on exactly which botnet may be throttling back or experiencing problems.
Comcast, the nation’s largest residential Internet service provider, announced last week that it is expanding an initiative to contact customers whose PCs appear to be infected with a malicious bot program.
The Philadelphia-based cable Internet company is expanding nationwide a pilot program that began in Denver last year, which automatically informs affected customers with an e-mail urging them to visit the company’s security page. The system also sends the customer’s browser a so-called “service notice,” a semi-transparent banner that overlays a portion of whatever page is being displayed in the user’s Web browser.
