Stories by Lucian Constantin

Ad fraud Trojan updates Flash Player so that other malware can't get in

Someone call the malware antitrust commission: Recent versions of the Kovter ad fraud Trojan, which infects computers through Web-based exploits, close the door after themselves by updating Flash Player to the latest version.

Cisco leaves key to all its Unified CDM systems under doormat

Cisco Systems recently realized that its Unified Communications Domain Manager (Unified CDM) software contains a default privileged account with a static password that cannot be changed, exposing the platform to hacking by remote attackers.

Attackers abuse legacy routing protocol to amplify distributed denial-of-service attacks

Servers could be haunted by a ghost from the 1980s, as hackers have started abusing an obsolete routing protocol to launch distributed denial-of-service attacks.

Hacktivist group possibly compromised hundreds of websites

A hacker group known as Team GhostShell is publishing snippets of sensitive data allegedly stolen from the databases of hundreds of compromised websites.

One third of enterprise iOS devices vulnerable to app, data hijacking attacks

Apple released patches for several exploits that could allow maliciously crafted applications to destroy apps that already exist on devices, access their data or hijack their traffic, but a large number of iOS devices are still vulnerable.

Cisco plans to buy security-as-a-service provider OpenDNS

Cisco Systems plans to pay $US635 million in cash to buy OpenDNS, a company that leverages the Domain Name System (DNS) to provide security services including Web filtering, threat intelligence and malware and phishing protection.

Cybercriminals adopt recently patched zero-day exploit in a flash

Just four days after Adobe Systems patched a vulnerability in Flash Player, the exploit was adopted by cybercriminals for use in large-scale attacks. This highlights the increasingly small time frame users have to deploy patches.

Software developers are failing to implement crypto correctly, data reveals

Despite a big push over the past few years to use encryption to combat security breaches, lack of expertise among developers and overly complex libraries have led to widespread implementation failures in business applications.

Trojan that hides inside images infects healthcare organizations

A computer Trojan that hides its malicious code inside PNG image files counts healthcare organizations in the U.S. among its primary targets.

Critical flaw in ESET products shows why spy groups are interested in antivirus programs

Several antivirus products from security firm ESET had a critical vulnerability that was easy to exploit and could lead to a full system compromise.

Adobe patches zero-day Flash Player flaw used in targeted attacks

Adobe Systems released an emergency security update for Flash Player Tuesday to fix a critical vulnerability that has been exploited by a China-based cyberespionage group.

The government is falling behind on application security

Government organizations are struggling when it comes to securing the computer software they use, which could partially explain the large data breaches reported in that sector over the past several years.

Cyberattack grounds planes in Poland

LOT Polish Airlines was forced to cancel 10 flights scheduled to depart from Warsaw's Chopin airport on Sunday after hackers attacked its ground computer systems.

Software applications have on average 24 vulnerabilities inherited from buggy components

Many commercial software companies and enterprise in-house developers are churning out applications that are insecure by design due to the rapid and often uncontrolled use of open-source components.

Windows 10 will allow apps to actively scan their content for malware

Windows 10 will have a new mechanism that will allow software developers to integrate their applications with whatever antimalware programs exist on users' computers.

CIO
ARN
Techworld
CMO