Stories by Lucian Constantin

New mobile-malware detection technique uses gestures

Mobile malware is a growing problem, but researchers from University of Alabama at Birmingham have figured out a new way of detecting when shady mobile apps get up to no good, such as trying to call premium-rate numbers unbeknowst to a phone's owner.

By Lucian Constantin | 28 March, 2015 04:07

Tags: University of Alabama at Birmingham, security, mobile security, malware

Popular hotel Internet gateway devices vulnerable to hacking

Some Internet gateway devices commonly used by hotels and conference centers can easily be compromised by hackers, allowing them to launch a variety of attacks against guests accessing the Wi-Fi networks.

By Lucian Constantin | 27 March, 2015 22:46

Tags: patches, Cylance, intrusion, online safety, ANTLabs, security, Access control and authentication, Exploits / vulnerabilities

Cisco patches autonomic networking flaws in IOS routers and switches

Cisco Systems released firmware updates for several routers and switches that run its IOS and IOS XE software in order to fix flaws in their autonomic networking infrastructure (ANI) feature.

By Lucian Constantin | 26 March, 2015 23:45

Tags: patches, Cisco Systems, security, Access control and authentication, patch management, Exploits / vulnerabilities

Microsoft blacklists latest rogue SSL certificates, Mozilla mulls sanctions for issuer

Microsoft has blacklisted a subordinate CA certificate that was wrongfully used to issue SSL certificates for several Google websites. The action will prevent those certificates from being used in Google website spoofing attacks against Internet Explorer users.

By Lucian Constantin | 26 March, 2015 00:59

Tags: online safety, Google, Microsoft, MCS Holdings, security, encryption, Exploits / vulnerabilities, China Internet Network Information Center, mozilla, pki

Dell support tool put PCs at risk of malware infection

Attackers could have remotely installed malware on systems running a flawed Dell support tool used to detect customers' products.

By Lucian Constantin | 25 March, 2015 06:48

Tags: Dell, intrusion, security, Access control and authentication, Exploits / vulnerabilities, malware

Flash-based vulnerability lingers on many websites three years later

Flash files that are vulnerable to a serious flaw patched by Adobe Systems over three years ago still exist on many websites, exposing users to potential attacks.

By Lucian Constantin | 25 March, 2015 01:18

Tags: online safety, security, Adobe Systems, LinkedIn, Access control and authentication, Exploits / vulnerabilities, Minded Security

New malware program PoSeidon targets point-of-sale systems

Retailers beware: A new Trojan program targets point-of-sale (PoS) terminals, stealing payment card data that can then be abused by cybercriminals.

By Lucian Constantin | 24 March, 2015 01:46

Tags: Cisco Systems, security, data breach, data protection, malware, fraud

Cisco small business phones open to remote eavesdropping, calling

You don't need to be the NSA to tap calls on Cisco's SPA 300 and 500 IP phones: An authentication flaw allows potential attackers to do that by default.

By Lucian Constantin | 23 March, 2015 20:44

Tags: Cisco Systems, intrusion, security, Access control and authentication, Exploits / vulnerabilities

New attacks suggest leeway for patching Flash Player is shrinking

Cybercriminals are exploiting newly patched vulnerabilities faster, a sign that users and companies need to improve their software updating habits.

By Lucian Constantin | 21 March, 2015 04:05

Tags: patches, security, FireEye, patch management, Malwarebytes, Exploits / vulnerabilities, malware

All major browsers hacked at Pwn2Own contest

Security researchers who participated in the Pwn2Own hacking contest this week demonstrated remote code execution exploits against the top four browsers, and also hacked the widely used Adobe Reader and Flash Player plug-ins.

By Lucian Constantin | 20 March, 2015 23:08

Tags: patches, online safety, Google, security, Microsoft, Desktop security, Exploits / vulnerabilities, Hewlett-Packard, mozilla, Apple

At least 700,000 routers given to customers by ISPs are vulnerable to hacking

More than 700,000 ADSL routers provided to customers by ISPs around the world contain serious flaws that allow remote hackers to take control of them.

By Lucian Constantin | 20 March, 2015 08:02

Tags: intrusion, online safety, security, Shenzhen Gongjin Electronics, Access control and authentication, Exploits / vulnerabilities

OpenSSL fixes serious denial-of-service bug, 11 other flaws

The mystery high-severity flaw that people were expected to be fixed in OpenSSL is no Heartbleed, but it is serious and users should update.

By Lucian Constantin | 20 March, 2015 04:47

Tags: patches, security, Rapid7, patch management, encryption, Tenable Network Security, OpenSSL Project, Exploits / vulnerabilities

IT manager gets certificate for Microsoft domain, tries to report it but gets in trouble

After a security enthusiast discovered a loophole that allowed him to register a valid SSL certificate for Microsoft's live.fi domain, he tried to responsibly disclose the issue. But instead of thanks he got locked out of his email, phone, Xbox and online storage accounts.

By Lucian Constantin | 19 March, 2015 04:52

Tags: online safety, Microsoft, security, encryption, Exploits / vulnerabilities, pki

EMET security tool updated to prevent VBScript God Mode attacks

Microsoft updated its Enhanced Mitigation Experience Toolkit (EMET), a free exploit prevention tool, to protect against attacks that attempt to bypass Internet Explorer's sandbox using VBScript.

By Lucian Constantin | 18 March, 2015 04:09

Tags: patches, online safety, Microsoft, security, Desktop security, Exploits / vulnerabilities

Microsoft blacklists fraudulently issued SSL certificate

Microsoft released an update to blacklist an SSL certificate for one of its domain names that was issued to an unauthorized third party.

By Lucian Constantin | 17 March, 2015 22:07

Tags: Comodo, online safety, Microsoft, security, encryption, pki

Top Whitepapers

Twitter Feed

Featured Whitepapers