Stories by Lucian Constantin

Cybercriminals adopt spies' techniques to pull off online bank heists

Researchers from security vendor Kaspersky Lab have identified three cybercrime groups that compromise and steal money from financial institutions using sophisticated techniques and custom malware.

Java installer flaw shows why you should clear your Downloads folder

Older Java installers are designed to look for and automatically load a number of specifically named DLL (Dynamic Link Library) files that might exist in the folder they were launched from.

Researcher finds serious flaw in Chromium-based Avast SafeZone browser

A Google security researcher found a serious vulnerability in the Avast SafeZone browser that doesn't exist in Chromium, the open-source browser that serves as its foundation.

Dridex banking malware mysteriously hijacked to distribute antivirus program

An unknown person -- possibly a white hat hacker -- gained access to some of the servers that cybercriminals use to distribute the Dridex online banking Trojan and replaced the malware with an installer for Avira Free Antivirus.

Serious flaws found in Netgear's NMS300 network management system

Serious vulnerabilities in the Netgear NMS300 ProSafe network management system, an application used to discover, monitor and configure a wide range of network devices, can allow hackers to take control of the servers it's running on.

Flaws in smart toy back-end servers puts kids and their families at risk

Researchers from Rapid7 found privacy-invading vulnerabilities in the Web services used by the Smart Toy line of interactive stuffed animals and the hereO GPS watch for children.

Socat vulnerability shows that crypto backdoors can be hard to spot

The Socat networking service used a non-prime number for its key exchange mechanism, potentially allowing attackers to eavesdrop on encrypted connections opened with the tool.

Google fixes critical Wi-Fi and media-processing flaws in Android

Google has patched thirteen new vulnerabilities in Android, two of which could allow attackers to take control of Android devices located on the same wireless network, if they have Broadcom Wi-Fi chips.

Trojanized Android games hide malicious code inside images

Over 60 Android games hosted on Google Play had Trojan-like functionality that allowed them to download and execute malicious code hidden inside images.

Cisco patches authentication, denial-of-service, NTP flaws in many products

Cisco Systems has released security patches for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls.

Attack disrupts HSBC online banking services in the UK on tax deadline

A denial-of-service attack against HSBC in the U.K. left customers unable to access their accounts via the bank's online system.

Increasingly popular update technique for iOS apps puts users at risk

An increasing number of iOS application developers use a technique that allows them to remotely modify the code in their apps without going through the official app store's review process, an action that poses security risks for users.

Oracle is planning to kill an attacker's favorite: the Java browser plug-in

Next year, the Java browser plug-in, which is frequently the target of Web-based exploits, will be retired by Oracle.

New Android ransomware uses clickjacking to gain admin privileges

A new Android ransomware app called Lockdroid.E is abusing system dialogs to hijack user clicks and grant itself administrator privileges.

PayPal is the latest victim of Java deserialization bugs in Web apps

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor.

Top Whitepapers

Featured Whitepapers