Stories by Lucian Constantin

Bitdefender security appliance for home networks seeks to replace end-point antivirus

Antivirus firm Bitdefender unveiled a hardware security appliance for home networks Tuesday that aims to protect devices by scanning network traffic to detect and block potential security threats.

'Less' means more to malware authors targeting Linux users

Using the "less" Linux command to view the contents of files downloaded from the Internet is a dangerous operation that can lead to remote code execution, according to a security researcher.

Critical XSS flaws patched in WordPress and popular plug-in

New security updates released for the WordPress content management system and one of its popular plug-ins fix cross-site scripting (XSS) vulnerabilities that could allow attackers to take control of websites.

Citadel malware now targets password management applications

Attackers have started using the Citadel Trojan program to steal master passwords for password management applications and other authentication programs.

Activists release Detekt tool that finds surveillance malware

A free tool released Thursday allows users to scan their computers for surveillance malware that has been used in attacks against journalists, human rights defenders and political activists around the world.

Long-running Android botnet evolves, could pose threat to corporate networks

An Android Trojan program that's behind one of the longest running multipurpose mobile botnets has been updated to become stealthier and more resilient.

BitTorrent dismisses security concerns raised about its Sync app

BitTorrent dismissed claims that its popular peer-to-peer file synchronization program BitTorrent Sync has an insecure cryptographic implementation that potentially gives the company access to users' files.

EFF, Mozilla back new certificate authority that will offer free SSL certificates

A new organization supported by Mozilla, the Electronic Frontier Foundation and others is working to set up a new certificate authority (CA) that will provide website owners with free SSL/TLS certificates.

New ransomware CoinVault allows users to decrypt one file for free

Cybercriminals behind a new ransomware program called CoinVault are trying out a new psychological tactic to convince users to pay up -- freebies.

Bash malware targets embedded devices running BusyBox

Attacks that exploit the Shellshock vulnerabilities recently patched in the Bash Unix deliver a malware program that tries to compromise systems running BusyBox, a collection of Unix utilities typically used on embedded devices like routers.

Malware served through rogue Tor exit node tied to cyberespionage group

A malware program distributed recently through a rogue server on the Tor anonymity network was also used in targeted attacks against European government agencies.

Sonatype aims to help developers reduce risk from open-source components

Software developers use a large number of open-source components, often oblivious to the security risks they introduce or the vulnerabilities that are later discovered in them.

Microsoft fixes critical crypto flaw, strenghtens encryption for older systems

Microsoft fixed a critical vulnerability Tuesday in the Windows cryptographic library that could expose Windows servers to remote code execution attacks. The update also adds support for stronger and more modern cryptographic ciphers to older Windows versions.

First Stuxnet victims were five Iranian industrial automation companies

For the first time since Stuxnet was discovered in 2010, researchers have publicly named the worm's original victims: five Iranian companies involved in industrial automation.

Adobe fixes eighteen vulnerabilities in Flash Player

Adobe Systems released critical security updates Tuesday for Flash Player to address 18 vulnerabilities, many of which can be remotely exploited to compromise underlying systems.