Stories by Lucian Constantin

Some Bitdefender products break HTTPS certificate revocation

Aggressive adware applications that break the trust between HTTPS (HTTP Secure) websites and users have been at the center of controversy lately. But over the past week, HTTPS interception flaws of varying severity were also found in security programs, with products from antivirus vendor Bitdefender being the latest example.

Europol and security vendors disrupt massive Ramnit botnet

European law enforcement agencies seized command-and-control servers used by Ramnit, a malware program that steals online banking credentials, FTP passwords, session cookies and personal files from victims.

Facebook fixed 61 high-severity flaws last year through its bug bounty program

As a result of reports received through its bug bounty program Facebook confirmed and fixed 61 high-severity vulnerabilities last year, almost 50 percent more than in 2013.

Flaw in popular Web analytics plug-in exposes WordPress sites to hacking

WordPress site owners using the WP-Slimstat plug-in installed should upgrade it to the latest version immediately in order to fix a critical vulnerability, security researchers warn.

Critical remote code execution flaw patched in Samba

Security researchers are urging users to install new Samba security updates in order to address a critical vulnerability that allows attackers to execute arbitrary code with root privileges.

'Secure' advertising tool PrivDog compromises HTTPS security

New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users' PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo.

TrueCrypt audit back on track after silence and uncertainty

An effort to search for cryptographic flaws in TrueCrypt, a popular disk encryption program, will resume even though the software was abandoned by its creators almost a year ago.

Superfish security flaw also exists in other apps, non-Lenovo systems

On Thursday security researchers warned that an adware program called Superfish, which was preloaded on some Lenovo consumer laptops, opened computers to attack. However, it seems that the same poorly designed and flawed traffic interception mechanism used by Superfish is also used in other software programs.

Lenovo admits to Superfish screw-up, will release clean-up tool

Lenovo has admitted it "messed up badly" by pre-loading software on some consumer laptops that exposed users to possible attack, and said it will soon release a tool to remove it.

Lenovo PCs ship with adware that puts computers at risk

Some Windows laptops made by Lenovo come pre-loaded with an adware program that exposes users to security risks.

Samsung smart TVs don't encrypt the voice data they collect

Samsung does not encrypt voice recordings that are collected and transmitted by its smart TVs to a third party service, even though the company has claimed that it uses encryption to secure consumers' personal information.

Microsoft adds HTTP Strict Transport Security support to Internet Explorer

Starting with Windows 10, Internet Explorer will allow users to access some websites only over SSL-encrypted connections, if those websites have opted into a new security mechanism.

Fanny superworm likely the precursor to Stuxnet

The Stuxnet computer worm that was used to sabotage the Iranian nuclear program was likely preceded by another sophisticated malware program that used some of the same exploits and spread through USB thumb drives to computers isolated from the Internet.

Information disclosure flaw exposes Netgear wireless routers to attacks

Several wireless routers made by Netgear contain a vulnerability that allows unauthenticated attackers to extract sensitive information from the devices, including their administrator passwords and wireless network keys.

Personal weather stations can expose your Wi-Fi network

In the latest Internet of Things security blunder, personal weather station devices made by Netatmo were found sending users' Wi-Fi passwords back to the company over unencrypted connections.