Stories by Lucian Constantin

Google to kill off SSL 3.0 in Chrome 40

Google plans to remove support for the aging Secure Sockets Layer (SSL) version 3.0 protocol in Google Chrome 40, which is expected to ship in about two months.

Vulnerabilities found in more command-line tools, wget and tnftp get patches

The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities.

Drupal: If you weren't quick to patch, assume your site was hacked

Users of Drupal, one of the most popular content management systems, should consider their sites compromised if they didn't immediately apply a security patch released on Oct. 15.

Cybercriminals create platform for automating rogue credit card charges

Cybercriminals have a new tool to make the most of stolen credit card details before payment processors detect the fraud, security researchers warn.

Attack campaign infects industrial control systems with BlackEnergy malware

Since 2011 a group of attackers has been targeting companies that operate industrial control systems with a backdoor program called BlackEnergy.

Security vendor coalition cleans 43,000 malware infections used for cyberespionage

A coalition of security vendors has disrupted the activities of a sophisticated group of attackers tied to China that, over the past six years, infiltrated the computers of many Fortune 500 companies, journalists, environmental groups, software companies, academic institutions, pro-democracy groups and government agencies around the world.

Vulnerability in widely used 'strings' utility could spell trouble for malware analysts

One of the first things a malware analyst does when encountering a suspicious executable file is to extract the text strings found inside it, because they can provide immediate clues about its purpose. This operation has long been considered safe, but it can actually lead to a system compromise, a security researcher found.

Cyberespionage group launches sophisticated phishing attacks against Outlook Web App users

A cyberespionage group has been using advanced spear-phishing techniques to steal email log-in credentials from the employees of military agencies, embassies, defense contractors and international media outlets that use Office 365's Outlook Web App.

Facebook and Yahoo prevent use of recycled email addresses to hijack accounts

Facebook and Yahoo have developed a mechanism to prevent the owners of recycled email addresses from hijacking accounts that were registered on other sites using those addresses in the past.

Abandoned subdomains pose security risk for businesses

Many companies set up subdomains for use with external services, but then forget to disable them when they stop using those services, creating a loophole for attackers to exploit.

Massive malvertising campaign on Yahoo, AOL and other sites delivers ransomware

Malicious advertisements made their way last week to almost two dozen popular websites and used browser-based exploits to infect computers with CryptoWall, a nasty file-encrypting ransomware program.

Android ransomware 'Koler' turns into a worm, spreads via SMS

A malicious Android app that takes over the screen of devices and extorts money from users with fake notifications from law enforcement agencies was recently updated with a component that allows it to spread via text message spam.

Google extends two-factor authentication with physical USB keys

Google is letting users protect their accounts against password compromises by adding support for two-factor authentication based on physical USB keys.

One week after patch, Flash vulnerability already exploited in large-scale attacks

If you haven't updated your Flash Player with the fixes released on Oct. 14, you may be vulnerable to new attacks using a commercial exploit kit called Fiesta, security researchers warn.

Researcher creates proof-of-concept worm for network-attached storage devices

Network-attached storage (NAS) devices are riddled with vulnerabilities that can put the security of sensitive data and networks at risk, a researcher has found. To prove his point, he has created a proof-of-concept worm that can infect devices from three different manufacturers.