Stories by Lucian Constantin

With ransomware on the rise, cryptographers take it personally

Some of the world's leading cryptographers are concerned about the increasing number of malicious programs that hold computers and mobile phones to ransom, in many cases by abusing the encryption algorithms they designed.

Wi-Fi client vulnerability could expose Android, Linux, BSD, other systems to attacks

A serious flaw in a component that's used to authenticate clients on Wi-Fi networks could expose Android, Linux, BSD, and possibly Windows and Mac OS X systems to attacks.

Malware used in White House and State Department hacks possibly linked to Russia

The group of attackers behind cyberintrusions at the White House and the Department of State last year used malware that bears strong similarities to cyberespionage tools suspected to be of Russian origin.

Crypto gurus: The government's key escrow plan won't work

Cryptography experts at the RSA security conference on Tuesday picked holes in U.S. plans to require that law enforcers be given a way to break encryption to exercise lawful intercept rights.

Microsoft moves to address customers' concerns about Cloud control and transparency

Microsoft is working on new features for its Office 365 cloud service designed to give customers more control over their data and more visibility into how it's being accessed.

Poor WordPress documentation trips developers, yields plug-ins with XSS flaw

Ambiguous WordPress documentation led many plug-in and theme developers to make an error that exposed websites to cross-site scripting (XSS) attacks.

HTTPS snooping flaw in third-party library affected 1,000 iOS apps with millions of users

Apps used by millions of iPhone and iPad owners became vulnerable to snooping when a flaw was introduced into third-party code they used to establish HTTPS connections.

Google's push to encrypt ads will improve security, but won't kill malvertising

Google plans to serve most of its ads over encrypted HTTPS connections by the end of June, a move that will protect against some ad hijacking attacks and will encourage website owners to enable encryption on their Web properties.

Pawn Storm cyberespionage group increases activity, targets NATO

Even though its activities were exposed last year, a cyberespionage group dubbed Pawn Storm has ramped up its efforts over the past few months, targeting NATO members and potentially the White House.

IBM opens up its threat data as part of new security intelligence sharing platform

IBM has joined an increasing number of vendors who are pushing for real-time cybersecurity information sharing among private and public organizations, researchers and other network defenders.

New malware program Punkey targets point-of-sale systems

Point-of-Sale (PoS) terminals have become an attractive target for hackers over the past year, reflected in the increasing number of RAM-scraping programs that steal payment card information from the memory of such systems.

Adobe patches vulnerabilities in ColdFusion, Flex and Flash Player, including a zero-day flaw

Adobe Systems released security patches Tuesday for ColdFusion, Flex and Flash Player, the latter addressing a flaw for which is an exploit is already available.

With latest patches, Oracle signals no more free updates for Java 7

Oracle released patches for a total of 98 security issues across a wide range of products, including 14 in Java. This marks the last free patch for Java 7, users being encouraged to upgrade to version 8.

Web app attacks, PoS intrusions and cyberespionage leading causes of data breaches

Web application attacks, point-of-sale intrusions, cyberespionage and crimeware were the leading causes of confirmed data breaches last year.

Police operation disrupts Beebone botnet used for malware distribution

Europol, in collaboration with Dutch authorities, the U.S. FBI and private security companies, have seized the domain names used to control a botnet called Beebone.