Security news aggregator

Latest coverage for Journalist

Journalists may handle sensitive sources, investigate cyber incidents, and face risks involving surveillance, phishing, and data exposure.

5 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Journalists gather, verify, and publish information, often handling unpublished documents, confidential source identities, and sensitive communications. Their security relevance is concentrated in protecting source confidentiality, editorial materials, accounts, and personal safety from targeted phishing, account takeover, device compromise, surveillance, or theft of stored data.

Useful controls include phishing-resistant multifactor authentication, prompt patching, encrypted communications and storage, strong separation between personal and reporting accounts, and careful handling of identifying metadata such as file histories and location data. Security planning should also cover source verification, secure transfer and deletion procedures, device and travel risks, and a response plan to revoke sessions, preserve evidence, assess exposed sources, and communicate through trusted channels after a suspected compromise.

Volume over time

Weekly headline count for the current query.

Showing 5 most recent headlines Filtered view
Krebs on Security 1 year, 3 months ago

How Each Pillar of the 1st Amendment is Under Attack

In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government workers, lawyers and judges. This story explores a slew of recent actions by the Trump administration that threaten to undermine all five pillars of the First Amendment to the U.S. Constitution, which guarantees freedoms concerning speech, religion, the media, the right to assembly, and the right to petition the government and seek redress for wrongs.

Krebs on Security 2 years, 3 months ago

Thread Hijacking: Phishes That Prey on Your Curiosity

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient's natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here's the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.

Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. But Missouri prosecutors now say they… <span class="read-more"><a href="https://krebsonsecurity.com/2022/02/report-missouri-governors-office-responsible-for-teacher-data-leak/">Read More &#187;</a></span>

Krebs on Security 4 years, 5 months ago

Wazawaka Goes Waka Waka

In January, KrebsOnSecurity examined clues left behind by "Wazawaka," the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since "lost his mind" according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. In last month's story, we explored clues that led from Wazawaka's multitude of monikers, email addresses, and passwords to a 30-something father in Abakan, Russia named Mikhail Pavlovich Matveev. This post concerns itself with the other half of Wazawaka's identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became "Orange," the founder of the ransomware-focused Dark Web forum known as "RAMP."