Stories by Lucian Constantin

Cyberespionage group launches sophisticated phishing attacks against Outlook Web App users

A cyberespionage group has been using advanced spear-phishing techniques to steal email log-in credentials from the employees of military agencies, embassies, defense contractors and international media outlets that use Office 365's Outlook Web App.

By Lucian Constantin | 24 October, 2014 21:03

Tags: Academi, security, trend micro, Access control and authentication, Organization for Security and Co-operation in Europe, SAIC, spyware, malware

Facebook and Yahoo prevent use of recycled email addresses to hijack accounts

Facebook and Yahoo have developed a mechanism to prevent the owners of recycled email addresses from hijacking accounts that were registered on other sites using those addresses in the past.

By Lucian Constantin | 24 October, 2014 06:04

Tags: Yahoo, online safety, security, Microsoft, Access control and authentication, Identity fraud / theft, Facebook, privacy

Abandoned subdomains pose security risk for businesses

Many companies set up subdomains for use with external services, but then forget to disable them when they stop using those services, creating a loophole for attackers to exploit.

By Lucian Constantin | 24 October, 2014 00:57

Tags: online safety, GitHub, security, Access control and authentication, Exploits / vulnerabilities, heroku, Detectify

Massive malvertising campaign on Yahoo, AOL and other sites delivers ransomware

Malicious advertisements made their way last week to almost two dozen popular websites and used browser-based exploits to infect computers with CryptoWall, a nasty file-encrypting ransomware program.

By Lucian Constantin | 23 October, 2014 04:40

Tags: Yahoo, proofpoint, online safety, security, The Rubicon Project, OpenX, Exploits / vulnerabilities, malware

Android ransomware 'Koler' turns into a worm, spreads via SMS

A malicious Android app that takes over the screen of devices and extorts money from users with fake notifications from law enforcement agencies was recently updated with a component that allows it to spread via text message spam.

By Lucian Constantin | 22 October, 2014 23:16

Tags: AdaptiveMobile, security, mobile security, malware

Google extends two-factor authentication with physical USB keys

Google is letting users protect their accounts against password compromises by adding support for two-factor authentication based on physical USB keys.

By Lucian Constantin | 22 October, 2014 06:40

Tags: Google, online safety, FIDO Alliance, security, Access control and authentication

One week after patch, Flash vulnerability already exploited in large-scale attacks

If you haven't updated your Flash Player with the fixes released on Oct. 14, you may be vulnerable to new attacks using a commercial exploit kit called Fiesta, security researchers warn.

By Lucian Constantin | 22 October, 2014 01:39

Tags: online safety, Adobe Systems, security, Desktop security, f-secure, Exploits / vulnerabilities, malware

Researcher creates proof-of-concept worm for network-attached storage devices

Network-attached storage (NAS) devices are riddled with vulnerabilities that can put the security of sensitive data and networks at risk, a researcher has found. To prove his point, he has created a proof-of-concept worm that can infect devices from three different manufacturers.

By Lucian Constantin | 21 October, 2014 03:11

Tags: TRENDnet, QNAP Systems, Zyxel, Exploits / vulnerabilities, Buffalo Technology, Independent Security Evaluators, malware, Seagate Technology, intrusion, security, data breach, netgear, western digital, D-Link, ASUSTOR

New Web vulnerability enables powerful social engineering attacks

Users who are careful to download files only from trusted websites may be tricked by a new type of Web vulnerability: this one cons them into downloading malicious executable files that are not actually hosted where they appear to be.

By Lucian Constantin | 18 October, 2014 03:12

Tags: Google, trustwave, online safety, security, Microsoft, Exploits / vulnerabilities, malware

New technique allows attackers to hide stealthy Android malware in images

A new technique that allows attackers to hide encrypted malicious Android applications inside images could be used to evade detection by antivirus products and possibly Google Play's own malware scanner.

By Lucian Constantin | 17 October, 2014 22:09

Tags: Google, Fortinet, security, mobile security, encryption, Exploits / vulnerabilities, malware

All-in-one printers can be used to control infected air-gapped systems from far away

Isolating computers from the Internet, called "air gapping," is considered one of the best ways to defend critical systems and their sensitive data from cyberattacks, but researchers have found that can be undermined using an all-in-one printer.

By Lucian Constantin | 17 October, 2014 03:03

Tags: intrusion, security, data protection, spyware, malware

Dropbox dismisses claims of hack affecting 7 million accounts

Hackers claim to have stolen a database of almost 7 million Dropbox log-in credentials, but the company says its service was not hacked and that unrelated websites are the data source.

By Lucian Constantin | 15 October, 2014 02:07

Tags: Google, dropbox, online safety, security, Access control and authentication, data breach, Malwarebytes, privacy

Russian hackers exploit Windows zero-day flaw to target Ukraine, US organizations

A cyberespionage group operating out of Russia has launched malware attacks against the Ukrainian government and at least one U.S.-based organization through a previously unknown vulnerability that affects most versions of Windows.

By Lucian Constantin | 14 October, 2014 22:39

Tags: patches, iSight Partners, security, Microsoft, Tenable Network Security, Exploits / vulnerabilities, spyware, malware

What you should consider when choosing a password manager

Many security experts feel that passwords are no longer sufficient to keep online accounts safe from hackers, but we're still a long way from widespread adoption of biometrics and alternative methods of authentication.

By Lucian Constantin | 14 October, 2014 07:29

Tags: Mitro, online safety, LastPass, security, Access control and authentication, data protection, Facebook, Dashlane

Linux botnet Mayhem spreads through Shellshock exploits

Shellshock continues to reverberate: Attackers are exploiting recently discovered vulnerabilities in the Bash command-line interpreter in order to infect Linux servers with a sophisticated malware program known as Mayhem.

By Lucian Constantin | 11 October, 2014 01:51

Tags: patches, security, Exploits / vulnerabilities, Malware Must Die, Yandex, malware

Top Whitepapers

Twitter Feed

Featured Whitepapers