Stories by Lucian Constantin

Some Bitdefender products break HTTPS certificate revocation

Aggressive adware applications that break the trust between HTTPS (HTTP Secure) websites and users have been at the center of controversy lately. But over the past week, HTTPS interception flaws of varying severity were also found in security programs, with products from antivirus vendor Bitdefender being the latest example.

By Lucian Constantin | 27 February, 2015 05:40

Tags: PrivDog, online safety, security, Risk Based Security, encryption, Lenovo, Exploits / vulnerabilities, bitdefender

Europol and security vendors disrupt massive Ramnit botnet

European law enforcement agencies seized command-and-control servers used by Ramnit, a malware program that steals online banking credentials, FTP passwords, session cookies and personal files from victims.

By Lucian Constantin | 26 February, 2015 06:07

Tags: online safety, symantec, Microsoft, security, AnubisNetworks, legal, spyware, malware, cybercrime, Europol

Facebook fixed 61 high-severity flaws last year through its bug bounty program

As a result of reports received through its bug bounty program Facebook confirmed and fixed 61 high-severity vulnerabilities last year, almost 50 percent more than in 2013.

By Lucian Constantin | 26 February, 2015 05:03

Tags: patches, online safety, security, Exploits / vulnerabilities, Facebook

Flaw in popular Web analytics plug-in exposes WordPress sites to hacking

WordPress site owners using the WP-Slimstat plug-in installed should upgrade it to the latest version immediately in order to fix a critical vulnerability, security researchers warn.

By Lucian Constantin | 26 February, 2015 00:45

Tags: patches, security, Access control and authentication, Sucuri, encryption, data protection

Critical remote code execution flaw patched in Samba

Security researchers are urging users to install new Samba security updates in order to address a critical vulnerability that allows attackers to execute arbitrary code with root privileges.

By Lucian Constantin | 25 February, 2015 02:51

Tags: patches, intrusion, security, samba, patch management, Red Hat, Exploits / vulnerabilities, ubuntu

'Secure' advertising tool PrivDog compromises HTTPS security

New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users' PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo.

By Lucian Constantin | 24 February, 2015 04:16

Tags: Comodo, online safety, security, Lavasoft, encryption, Lenovo, Superfish, Exploits / vulnerabilities, pki, Adtrustmedia

Superfish security flaw also exists in other apps, non-Lenovo systems

On Thursday security researchers warned that an adware program called Superfish, which was preloaded on some Lenovo consumer laptops, opened computers to attack. However, it seems that the same poorly designed and flawed traffic interception mechanism used by Superfish is also used in other software programs.

By Lucian Constantin | 21 February, 2015 05:21

Tags: Komodia, online safety, security, encryption, Lenovo, Superfish, Exploits / vulnerabilities, pki

TrueCrypt audit back on track after silence and uncertainty

An effort to search for cryptographic flaws in TrueCrypt, a popular disk encryption program, will resume even though the software was abandoned by its creators almost a year ago.

By Lucian Constantin | 20 February, 2015 22:41

Tags: security, Cryptography Services, Matasano Security, Desktop security, NCC Group, Intrepidus Group, encryption, Open Crypto Audit Project, Exploits / vulnerabilities, data protection, iSec Partners

Lenovo admits to Superfish screw-up, will release clean-up tool

Lenovo has admitted it "messed up badly" by pre-loading software on some consumer laptops that exposed users to possible attack, and said it will soon release a tool to remove it.

By Lucian Constantin | 20 February, 2015 10:39

Tags: patches, online safety, security, encryption, Lenovo, Superfish, Exploits / vulnerabilities, malware

Lenovo PCs ship with adware that puts computers at risk

Some Windows laptops made by Lenovo come pre-loaded with an adware program that exposes users to security risks.

By Lucian Constantin | 20 February, 2015 00:55

Tags: online safety, security, encryption, Lenovo, Superfish, pki, privacy, mozilla

Samsung smart TVs don't encrypt the voice data they collect

Samsung does not encrypt voice recordings that are collected and transmitted by its smart TVs to a third party service, even though the company has claimed that it uses encryption to secure consumers' personal information.

By Lucian Constantin | 19 February, 2015 03:39

Tags: samsung, security, encryption, data protection, privacy

Microsoft adds HTTP Strict Transport Security support to Internet Explorer

Starting with Windows 10, Internet Explorer will allow users to access some websites only over SSL-encrypted connections, if those websites have opted into a new security mechanism.

By Lucian Constantin | 18 February, 2015 05:04

Tags: online safety, Microsoft, security, encryption

Fanny superworm likely the precursor to Stuxnet

The Stuxnet computer worm that was used to sabotage the Iranian nuclear program was likely preceded by another sophisticated malware program that used some of the same exploits and spread through USB thumb drives to computers isolated from the Internet.

By Lucian Constantin | 18 February, 2015 02:03

Tags: security, Exploits / vulnerabilities, spyware, malware, kaspersky lab

Information disclosure flaw exposes Netgear wireless routers to attacks

Several wireless routers made by Netgear contain a vulnerability that allows unauthenticated attackers to extract sensitive information from the devices, including their administrator passwords and wireless network keys.

By Lucian Constantin | 16 February, 2015 22:31

Tags: intrusion, security, Access control and authentication, netgear, Exploits / vulnerabilities

Personal weather stations can expose your Wi-Fi network

In the latest Internet of Things security blunder, personal weather station devices made by Netatmo were found sending users' Wi-Fi passwords back to the company over unencrypted connections.

By Lucian Constantin | 14 February, 2015 02:50

Tags: intrusion, SANS Institute, security, Netatmo, Access control and authentication, privacy

Top Whitepapers

Twitter Feed

Featured Whitepapers