Stories by Lucian Constantin

Google to kill off SSL 3.0 in Chrome 40

Google plans to remove support for the aging Secure Sockets Layer (SSL) version 3.0 protocol in Google Chrome 40, which is expected to ship in about two months.

By Lucian Constantin | 01 November, 2014 01:25

Tags: patches, Google, online safety, security, Microsoft, encryption, Mozilla Foundation, Exploits / vulnerabilities

Vulnerabilities found in more command-line tools, wget and tnftp get patches

The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities.

By Lucian Constantin | 31 October, 2014 06:15

Tags: patches, online safety, Rapid7, security, SANS Institute, Exploits / vulnerabilities

Drupal: If you weren't quick to patch, assume your site was hacked

Users of Drupal, one of the most popular content management systems, should consider their sites compromised if they didn't immediately apply a security patch released on Oct. 15.

By Lucian Constantin | 31 October, 2014 01:50

Tags: patches, intrusion, online safety, security, Sucuri, patch management, Exploits / vulnerabilities, drupal

Cybercriminals create platform for automating rogue credit card charges

Cybercriminals have a new tool to make the most of stolen credit card details before payment processors detect the fraud, security researchers warn.

By Lucian Constantin | 30 October, 2014 04:54

Tags: IntelCrawler, security, Identity fraud / theft, fraud

Attack campaign infects industrial control systems with BlackEnergy malware

Since 2011 a group of attackers has been targeting companies that operate industrial control systems with a backdoor program called BlackEnergy.

By Lucian Constantin | 30 October, 2014 01:51

Tags: siemens, Advantech, security, BroadWin, general electric, spyware, Exploits / vulnerabilities, malware, Industrial Control Systems Cyber Emergency Response Team, Department of Homeland Security, intrusion

Security vendor coalition cleans 43,000 malware infections used for cyberespionage

A coalition of security vendors has disrupted the activities of a sophisticated group of attackers tied to China that, over the past six years, infiltrated the computers of many Fortune 500 companies, journalists, environmental groups, software companies, academic institutions, pro-democracy groups and government agencies around the world.

By Lucian Constantin | 29 October, 2014 03:05

Tags: ThreatTrack Security, F­Secure, iSight Partners, FireEye, ThreatConnect, Tenable Network Security, Volexity, malware, Cisco Systems, intrusion, symantec, Novetta, security, Microsoft, spyware

Vulnerability in widely used 'strings' utility could spell trouble for malware analysts

One of the first things a malware analyst does when encountering a suspicious executable file is to extract the text strings found inside it, because they can provide immediate clues about its purpose. This operation has long been considered safe, but it can actually lead to a system compromise, a security researcher found.

By Lucian Constantin | 28 October, 2014 02:24

Tags: intrusion, Google, security, Risk Based Security, Exploits / vulnerabilities, bitdefender, malware

Cyberespionage group launches sophisticated phishing attacks against Outlook Web App users

A cyberespionage group has been using advanced spear-phishing techniques to steal email log-in credentials from the employees of military agencies, embassies, defense contractors and international media outlets that use Office 365's Outlook Web App.

By Lucian Constantin | 24 October, 2014 21:03

Tags: Academi, security, trend micro, Access control and authentication, Organization for Security and Co-operation in Europe, SAIC, spyware, malware

Facebook and Yahoo prevent use of recycled email addresses to hijack accounts

Facebook and Yahoo have developed a mechanism to prevent the owners of recycled email addresses from hijacking accounts that were registered on other sites using those addresses in the past.

By Lucian Constantin | 24 October, 2014 06:04

Tags: Yahoo, online safety, security, Microsoft, Access control and authentication, Identity fraud / theft, Facebook, privacy

Abandoned subdomains pose security risk for businesses

Many companies set up subdomains for use with external services, but then forget to disable them when they stop using those services, creating a loophole for attackers to exploit.

By Lucian Constantin | 24 October, 2014 00:57

Tags: online safety, GitHub, security, Access control and authentication, Exploits / vulnerabilities, heroku, Detectify

Massive malvertising campaign on Yahoo, AOL and other sites delivers ransomware

Malicious advertisements made their way last week to almost two dozen popular websites and used browser-based exploits to infect computers with CryptoWall, a nasty file-encrypting ransomware program.

By Lucian Constantin | 23 October, 2014 04:40

Tags: Yahoo, proofpoint, online safety, security, The Rubicon Project, OpenX, Exploits / vulnerabilities, malware

Android ransomware 'Koler' turns into a worm, spreads via SMS

A malicious Android app that takes over the screen of devices and extorts money from users with fake notifications from law enforcement agencies was recently updated with a component that allows it to spread via text message spam.

By Lucian Constantin | 22 October, 2014 23:16

Tags: AdaptiveMobile, security, mobile security, malware

Google extends two-factor authentication with physical USB keys

Google is letting users protect their accounts against password compromises by adding support for two-factor authentication based on physical USB keys.

By Lucian Constantin | 22 October, 2014 06:40

Tags: Google, online safety, FIDO Alliance, security, Access control and authentication

One week after patch, Flash vulnerability already exploited in large-scale attacks

If you haven't updated your Flash Player with the fixes released on Oct. 14, you may be vulnerable to new attacks using a commercial exploit kit called Fiesta, security researchers warn.

By Lucian Constantin | 22 October, 2014 01:39

Tags: online safety, Adobe Systems, security, Desktop security, f-secure, Exploits / vulnerabilities, malware

Researcher creates proof-of-concept worm for network-attached storage devices

Network-attached storage (NAS) devices are riddled with vulnerabilities that can put the security of sensitive data and networks at risk, a researcher has found. To prove his point, he has created a proof-of-concept worm that can infect devices from three different manufacturers.

By Lucian Constantin | 21 October, 2014 03:11

Tags: TRENDnet, QNAP Systems, Zyxel, Exploits / vulnerabilities, Buffalo Technology, Independent Security Evaluators, malware, Seagate Technology, intrusion, security, data breach, netgear, western digital, D-Link, ASUSTOR

Top Whitepapers

Twitter Feed

Featured Whitepapers