Guess how many times "123456" was used as a password by users. If you answered "close to 2 million times," you win! Now guess which online dating site service has decided to encrypt customer records using salting and hashing in future.
Servers at Lexis-Nexis, Dun & Bradstreet, and Kroll Background America/HireRight show up in the dashboard of a small, effective botnet run by a service that sells vital personal information on US residents, an investigation has revealed.
An escrow firm in the US state of California has been run out of business and its nine employees laid off, after a remote access Trojan planted on its system drained it of $1.5 million.
Could this happen to your business?
It's "a public service on a public connection to other public servers", the operator of RageBooter told Brian Krebs, and if sites don't like getting their socks knocked off in DDoS attacks, they should fix recursive DNS and default DNS server settings.
Oh, and yes, he says, he not only cooperates with the FBI, he works with them. He's busy on Tuesdays around 1 p.m., so try later if you need to to launch an attack.
Award-winning security blogger Brian Krebs is loved by everyone on the internet... apart from the criminals.
Find out what they're saying about him in their latest version of the Redkit exploit kit.
Award-winning security blogger Brian Krebs has shared details of his investigation into who might have been behind Flashback - which hit more than 600,000 Mac computers in early 2012
It's that time of the week again - here's your roundup of everything we wrote in the last seven days.
Brian Krebs was the victim of a caller ID spoof that resulted in armed police surrounding his house. He's pretty sure about the criminal element responsible and has linked the perpetrator(s) to a denial-of-service attack against Ars Technica following its report of Krebs's ordeal.
A hacker is selling a $700 zero-day exploit for Yahoo Mail that lets an attacker leverage a cross-site scripting (XSS) vulnerability to steal cookies and hijack accounts.
Claims are made that a cyber gang is recruiting some 100 botmasters for a Trojan attack against 30 US bank, and the plot's alleged mastermind is unmasked.
But given the alleged fraudster's flamboyant claims, can we be sure he's not a trap set by Russian law enforcement?
The Zeus crimeware family has moved into new territory with its latest spam campaign - purporting to be a warning about targeted phishing attacks on ".gov" and ".mil" domains, by Zeus Trojans no less! In fact, one of the latest Read more…
Brian Krebs has published an interesting interview on his KrebsOnSecurity blog with Evgeny Legerov, the founder of Russian security firm Intevydis. In the interview Legerov reveals that he plans to take the controversial step of releasing details of previously undocumented Read more…