Stories by Lucian Constantin

Most Android phones can be hacked with a simple MMS message or multimedia file

The vast majority of Android phones can be hacked by sending them a specially crafted multimedia message (MMS), a security researcher has found.

Even without breaches, don't count on websites to hide that you have an account with them

Companies often fail to hide if an email address is associated with an account on their websites, even if the nature of their business calls for this and users implicitly expect it.

Researchers disclose four unpatched vulnerabilities in Internet Explorer

Security researchers published limited details about four unpatched vulnerabilities in Internet Explorer because Microsoft has not moved quickly enough to fix them.

WordPress gets patch for critical XSS flaw

Developers of the popular WordPress blogging platform have released a critical security update to fix a vulnerability that can be exploited to take over websites.

Microsoft follows Google to crack down on revenge porn

Microsoft will make it easier for people to request the removal of links to intimate images or videos from the company's Bing search engine if such content was posted online without their consent.

Bug exposes OpenSSH servers to brute-force password guessing attacks

A bug in OpenSSH, the most popular software for secure remote access to UNIX-based systems, could allow attackers to bypass authentication retry restrictions and execute many password guesses.

Former Hacking Team supplier stops selling zero-day exploits on ethical grounds

Italian surveillance software maker Hacking Team recently claimed that it hasn't lost any customers after the massive leak of its internal data two weeks ago. But it has lost at least one business partner: U.S.-based penetration testing specialist and zero-day exploit broker Netragard.

Cyberspies love exploits from Hacking Team leak

The leaked files from surveillance software maker Hacking Team have proven to be a great resource for cyberespionage groups, which have used at least two Flash Player exploits from the company's arsenal.

Latest Flash Player version has improved exploit defenses

The Flash Player update released Tuesday not only fixed two vulnerabilities that were being targeted by attackers, but added additional protections that will make entire classes of security flaws much harder to exploit in the future.

New point-of-sale malware distributed by Andromeda botnet

Cybercriminals are casting increasingly wider nets in their search for new point-of-sale systems to infect. This appears to be the case with a new memory scraping malware program called GamaPoS that's distributed by a large botnet known as Andromeda.

Encrypted Web and Wi-Fi at risk as RC4 attacks become more practical

There's an old saying in the security community: Attacks always get better. The latest case where that holds true is for the aging RC4 cipher that's still widely used to encrypt communications on the Internet.

Oracle fixes zero-day Java flaw and over 190 other vulnerabilities

Go ahead and update Java -- or disable it if you don't remember the last time you actually used it on the Web: Oracle's latest patch, released Tuesday, fixes 25 vulnerabilities in the aging platform, including one that's already being exploited in attacks.

Hacking Team's malware uses UEFI rootkit to survive OS reinstalls

Surveillance software maker Hacking Team has provided its government customers with the ability to infect the low-level firmware found in laptops and other computers that they wanted to spy on.

Cyberespionage group Pawn Storm uses exploit for unpatched Java flaw

A sophisticated group of hackers known for targeting military, government and media organizations is currently using an exploit for a vulnerability in Java that hasn't been patched by Oracle.

Hacking Team's arsenal included at least three unpatched exploits for Flash Player

Recently breached surveillance software maker, Hacking Team, had access to three different exploits for previously unknown vulnerabilities in Flash Player. All of them are now out in the open, putting Internet users at risk.