Stories by Lucian Constantin

DNS hijacking vulnerability affects D-Link DSL router, possibly other devices

A vulnerability found in a DSL router model from D-Link allows remote hackers to change its DNS (Domain Name System) settings and hijack users' traffic. The issue might also affect other devices because it is located in a popular firmware used by different manufacturers, according to a security researcher.

Link between NSA and Regin cyberespionage malware becomes clearer

Keylogging malware that may have been used by the NSA shares signficant portions of code with a component of Regin, a sophisticated platform that has been used to spy on businesses, government institutions and private individuals for years.

Adobe pushes critical Flash Player update to fix latest zero-day

Adobe Systems started pushing a critical Flash Player patch to users who have auto-update enabled over the weekend in order to fix a vulnerability that has been exploited by attackers since last week.

Thousands of U.S. gas stations exposed to Internet attacks

Over 5,000 devices used by gas stations in the U.S. to monitor their fuel tank levels can be manipulated from the Internet by malicious attackers.

Adobe fixes just one of two actively exploited zero-day vulnerabilities in Flash Player

Emergency updates for Flash Player released Thursday fix a vulnerability that is actively exploited by attackers, but leave a separate one unpatched.

Kim Dotcom ready to take on Skype with end-to-end encrypted video calling service

Mega has opened beta testing for a new encrypted video calling service that integrates with its existing file hosting and sharing offerings.

Atlassian fixes critical vulnerability in development collaboration products

A critical vulnerability in popular software development collaboration products by Atlassian allows attackers to compromise servers.

Attackers are exploiting a zero-day vulnerability in Flash Player

Attackers are using compromised websites to exploit a new and currently unpatched vulnerability in Flash Player, a malware researcher has reported.

Critical Java updates fix 19 vulnerabilities, disable SSL 3.0

Oracle released new security updates for Java to fix 19 vulnerabilities and disable default support for SSL 3.0, an outdated version of the secure communications protocol that is vulnerable to attacks.

Oracle to fix 167 vulnerabilities, including serious backdoor-like flaw in E-Business Suite

Oracle's monster batch of security updates will include a fix for a serious misconfiguration issue in its E-Business Suite product that can give hackers access to databases full of sensitive business records.

Web-based exploits on the decline, but users still slow to patch

The number of exploit kits on the Web dramatically decreased last year, but some have become more sophisticated and shifted their focus to software that is less frequently updated.

Report: NSA not only creates, but also hijacks, malware

In addition to having its own arsenal of digital weapons, the U.S. National Security Agency reportedly hijacks and repurposes third-party malware.

Google publishes third Windows 0-day vulnerability in a month

Google ignored Microsoft's calls for flexible vulnerability disclosure deadlines and released details of another unpatched Windows flaw, leaving users exposed for at least the next 25 days.

Cleared your browser cookies? It won't stop ad company using Verizon tracking header

A company that correlates data about users across different websites to share with marketers is using unique IDs inserted by Verizon into mobile Web traffic to recreate tracking cookies that have been deleted by users.

CryptoWall ransomware is back with new version after two months of silence

Attackers have started distributing a new and improved version of the CryptoWall file-encrypting ransomware program over the past few days, security researchers warn.