News

December 4, 0001

Adobe, Microsoft Push Critical Updates

This post was originally published on this siteAdobe has issued security updates to fix weaknesses in its PDF Reader, Cold Fusion and Flash Player products. Microsoft meanwhile today released 16 update bundles to address dozens of security flaws in Windows, Internet Explorer and related software. Microsoft’s patch batch includes updates for “zero-day” vulnerabilities (flaws that attackers figure out how to exploit before before the software maker does) in Internet Explorer (IE) and in Windows. Half of the 16 patches that Redmond issued today earned its “critical” rating, meaning the vulnerabilities could be exploited remotely through no help from the user, save […]
February 16, 2016

The Great EMV Fake-Out: No Chip For You!

This post was originally published on this siteMany banks are now issuing customers more secure chip-based credit cards, and most retailers now have card terminals in their checkout lanes that can handle the “dip” of chip-card transactions (as opposed to the usual swipe of the card’s magnetic stripe). But comparatively few retailers actually allow chip transactions: Most are still asking customers to swipe the stripe instead of dip the chip. This post will examine what’s going on here, why so many merchants are holding out on the dip, and where this all leaves consumers. Visa CEO Charles W. Scharf said in an earnings […]
February 18, 2016

This is Why People Fear the ‘Internet of Things’

This post was originally published on this siteImagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt. The FI9286P, a Foscam camera that includes P2P communication by default. This is the nightmare “Internet of Things” (IoT) scenario for any system administrator: The IP cameras that you bought to secure […]
February 19, 2016

Dell to Customers: Report ‘Service Tag’ Scams

This post was originally published on this siteComputer maker Dell is asking for help in an ongoing probe into the source of customer information that appears to have somehow landed in the laps of fraudsters posing as Dell computer support technicians. KrebsOnSecurity readers continue to report being called by scammers posing as Dell support personnel who offer “proof” that they’re with Dell by rattling off the unique Dell “service tag” code printed on each Dell customer’s PC or laptop, as well as information from any previous (legitimate) service issues the customer may have had with Dell. Image: Wikipedia In January, Ars […]