Stories by Lucian Constantin

Microsoft enables potential unwanted software detection for enterprise customers

Microsoft has started offering protection against potentially unwanted applications in its anti-malware products for enterprise customers.

Older Dell devices also affected by dangerous eDellRoot certificate

Users who have Dell Windows-based laptops, desktops, tablets and other devices that were bought before August should check if their systems have the self-signed eDellRoot certificate that can compromise their private communications.

By Lucian Constantin | 26 November, 2015 18:44

Tags: desktop PC, Dell, PC, security, Components, tablets, laptops, eRoot certification

Millions of embedded devices use the same hard-coded SSH and TLS private keys

Thousands of routers, modems, IP cameras, VoIP phones and other embedded devices share the same hard-coded SSH host keys or HTTPS server certificates.

Lenovo patches serious vulnerabilities in PC system update tool

For the third time in less than six months PC manufacturer Lenovo has had to update the System Update tool pre-loaded on some of its products for security reasons.

And then there were two: Another dangerous Dell root certificate discovered

After Dell confirmed that one of its support tools installed a dangerous self-signed root certificate and private key on computers, users discovered a similar certificate deployed by a different Dell tool.

What you need to know about Dell's root certificate security debacle

In an attempt to provide a more streamlined remote support experience, Dell installed a self-signed root certificate and corresponding private key on its customers' computers, exposing users' encrypted communications to potential spying.

By Lucian Constantin | 24 November, 2015 18:39

Tags: Dell

Dell installs self-signed root certificate on laptops, endangering users' privacy

Users are reporting that some Dell laptops sold recently come preloaded with a self-signed root digital certificate that lets attackers sniff traffic to any secure website.

Adware program Vonteera blocks security products with simple Windows UAC trick

A well-known adware program called Vonteera prevents users from installing antivirus products by artificially blacklisting their digital certificates in Windows.

By Lucian Constantin | 23 November, 2015 20:22

Tags: Windows 10

Many embedded devices ship without adequate security tests, analysis shows

An analysis of hundreds of publicly available firmware images for routers, DSL modems, VoIP phones, IP cameras and other embedded devices uncovered high-risk vulnerabilities in a significant number of them.

Google-owned VirusTotal starts analyzing Mac malware in a sandbox

VirusTotal, the most widely used online file scanning service, is now executing suspicious Mac apps submitted by users inside a sandbox to generate information that could improve the analysis and detection of Mac malware.

Adobe patches flaws in ColdFusion, LiveCycle Data Services and Premiere Clip

Adobe fixed important vulnerabilities in its ColdFusion application server, LiveCycle Data Services framework and Premiere Clip iOS app.

Microsoft touts new, holistic approach to enterprise security

Microsoft combines the attack protection, detection and response features built into Windows 10, Office 365, Azure and the Microsoft Enterprise Mobility Suite to help enterprises improve their operational security posture.

By Lucian Constantin | 17 November, 2015 21:12

Tags: azure, Microsoft, security, Satya Nadella, enterprise security, Windows 10, software, Microsoft Enterprise Mobility Suite, cloud computing, Office 365

Millions of sensitive records exposed by mobile apps leaking back-end credentials

Thousands of mobile applications use cloud-based, back-end services in an insecure way, allowing anyone to access millions of sensitive records created by users, according to a recent study.

By Lucian Constantin | 16 November, 2015 21:23


State-sponsored cyberspies inject victim profiling and tracking scripts in strategic websites

Security researchers from FireEye have discovered an attack campaign that has injected computer profiling and tracking scripts into over 100 websites visited by business executives, diplomats, government officials and academic researchers.

BitLocker encryption can be defeated with trivial Windows authentication bypass

A researcher disclosed a trivial Windows authentication bypass that puts data on BitLocker-encrypted laptops at risk.

By Lucian Constantin | 14 November, 2015 00:21


Top Whitepapers

Featured Whitepapers