Lucian Constantin - Author

Stories by Lucian Constantin

Eastern European cybercriminals said to trump Asian counterparts in sophistication

Despite an increasing number of successful cyberattacks launched by East Asian hackers against companies and government institutions around the world in recent years, Eastern European cybercriminals remain a more sophisticated threat to the global Internet, security researchers say.

New IE exploit variant used to distribute PlugX malware, researchers say

Researchers from security vendor AlienVault have identified a variant of a recently discovered Internet Explorer exploit that is used to infect targeted computers with the PlugX remote access Trojan (RAT) program.

Phone numbers are enough to access user accounts on some mobile operator portals

Attackers could impersonate legitimate mobile users on the Web portals many mobile operators use to sell content and services to their customers because of a security flaw in the sites, according to Bogdan Alecu, an independent security researcher from Romania.

Virgin Mobile USA online subscriber accounts can be easily hacked, developer says

The online accounts of Virgin Mobile USA subscribers are vulnerable to brute force attacks because the company forces customers to use weak passwords on its website, according to a software developer.

Elusive TDL4 malware variant infected Fortune 500 companies, government agencies, researchers say

Researchers from security vendor Damballa have identified malicious Internet traffic that they believe is generated by a new and elusive variant of the sophisticated TDL4 malware.

Open source vulnerability management software ThreadFix ready for production use

The first production-ready version of ThreadFix, an open-source software vulnerability management tool, was released Monday by Denim Group, a secure software development firm in San Antonio, Texas.

Over half of Android devices have unpatched vulnerabilities, report says

Over half of Android devices are vulnerable to known security flaws that can be exploited by malicious applications to gain complete access to the operating system and the data stored on it, according to a report from mobile security firm Duo Security.

'CRIME' attack abuses SSL/TLS data compression feature to hijack HTTPS sessions

The 'CRIME' attack announced last week exploits the data compression scheme used by the TLS (Transport Layer Security) and SPDY protocols to decrypt user authentication cookies from HTTPS (HTTP Secure) traffic, one of the attack's creators confirmed Thursday.

Botnet masters hide command and control server inside the Tor network

Security researchers from German antivirus vendor G Data Software have identified a botnet that is controlled by attackers from an Internet Relay Chat (IRC) server running as a hidden service inside the Tor anonymity network.

EMV protocol flaw allows 'pre-play' attacks against chip-enabled payment cards, researchers say

Many automated teller machines (ATMs) and point-of-sale (POS) terminals fail to properly generate random numbers that are required by the EMV protocol to securely authenticate transaction requests, according to a team of researchers from the University of Cambridge in the U.K.

Leaked Apple UDIDs were stolen from digital publishing firm

The unique identifiers of 1 million Apple iOS devices that hackers leaked last week were stolen from the servers of a Florida-based digital publishing firm called Bluetoad.

Glastopf Web application honeypot gets SQL injection emulation capability

The Honeynet Project, a non-profit organization that develops open-source security research tools, has created a component for the Glastopf Web application honeypot software that can emulate applications vulnerable to SQL injection attacks in order to trick attackers into revealing their intentions.