Stories by Lucian Constantin

Xen Project discloses serious vulnerability that impacts virtualized servers

The Xen Project has revealed the details of a serious vulnerability in the Xen hypervisor that could put the security of many virtualized servers at risk.

Hurry! Wait! Go! Joomla stumbles with patch for serious vulnerability

The Joomla project pushed out new updates for its popular content management system Wednesday after a glitch was found in the high-priority security patches it released a day before.

OpenVPN servers can be vulnerable to Shellshock Bash vulnerability

Virtual private network servers based on OpenVPN might be vulnerable to remote code execution attacks through Shellshock and other recent flaws that affect the Bash Unix shell.

Cisco, Oracle find dozens of their products affected by Shellshock

Cisco Systems and Oracle are hard at work identifying networking and other products in their portfolios that are affected by the critical Shellshock vulnerability.

Malvertising campaign delivers digitally signed CryptoWall ransomware

The cybercriminals behind the CryptoWall ransomware threat have stepped up their game and are digitally signing new samples before using them in attacks in an attempt to bypass antivirus detection.

Improved patch tackles new Shellshock attack vectors

System administrators who spent last week making sure their computers are patched against Shellshock, a critical vulnerability in the Bash Unix command-line interpreter, will have to install a new patch that addresses additional attack vectors.

Apple's iOS 8 fixes enterprise Wi-Fi authentication hijacking issue

Apple's iOS 8 addresses a serious weakness that could allow attackers to hijack the wireless network authentication of Apple devices and gain access to enterprise networks.

New organization sets out to make secure communication tools more user-friendly

Google, Dropbox and the Open Technology Fund are supporting a new organization focused on making open-source security and privacy tools more user-friendly.

BitTorrent opens Bleep peer-to-peer encrypted chat program to public testing

Nine months after revealing plans to develop a decentralized and encrypted chat application, BitTorrent has opened public testing for Windows, Mac and Android versions of the program Wednesday.

Twitter patches vulnerability that could have impacted advertising accounts

Twitter's recently announced bug bounty program has helped the company identify and patch a serious vulnerability that could have potentially disrupted advertising on its platform.

Adobe releases previously delayed security updates for Reader and Acrobat

After a one-week delay, Adobe Systems has released security updates for its Reader and Acrobat products to patch critical vulnerabilities that could lead to computers being compromised.

Many Android devices vulnerable to session hijacking through the default browser

The default browser in Android versions older than 4.4 has a vulnerability that allows malicious websites to bypass a critical security mechanism and take control of a user's authenticated sessions on other sites.

Open-source project promises easy-to-use encryption for email, instant messaging and more

A software development project launched Monday aims to create free tools that simplify the encryption of online forms of communication like email, instant messaging, SMS and more by solving the complexity associated with the exchange and management of encryption keys.

VMware and Cisco patch vulnerabilities in datacentre gear and software

VMware and Cisco Systems have released security fixes for serious vulnerabilities in networking virtualisation and server software typically used in datacentres.

Data protection authorities find privacy lapses in majority of mobile apps

Many mobile apps request too many permissions and don't explain how they collect users' personal information, a study of 1,211 popular apps by the Global Privacy Enforcement Network has found.