Stories by Lucian Constantin

Security update for BlackBerry 10 OS fixes remote code execution vulnerability

BlackBerry released a security update for its BlackBerry 10 OS to address a critical vulnerability that could allow remote attackers to execute arbitrary code on affected devices.

Adobe patches a critical flaw in Flash Player and AIR shown at Pwn2Own contest

Adobe Systems released security updates for Flash Player and AIR in order to address four critical vulnerabilities that could lead to arbitrary code execution and information disclosure.

Cybercriminals use sophisticated PowerShell-based malware

Cybercriminals have been developing increasingly sophisticated malware that make use of Windows PowerShell scripts in an attempt to fly under the radar.

Yahoo email anti-spoofing policy breaks mailing lists

In an attempt to block email spoofing attacks on yahoo.com addresses, Yahoo began imposing a stricter email validation policy that unfortunately breaks the usual workflow on legitimate mailing lists.

Low adoption rate of HSTS website security mechanism is worrying, EFF says

Almost a year and a half after the HTTP Strict Transport Security (HSTS) mechanism was established as a standard, its adoption rate by websites remains low because developers are not aware of its benefits and Internet Explorer still doesn't support it, according to advocacy group the Electronic Frontier Foundation.

Microsoft to start blocking adware that lacks easy uninstall

Microsoft has toughened its criteria for classifying programs as adware and gave developers three months to conform with the new principles or risk having their programs blocked by the company's security products.

XSS flaw in popular video-sharing site enabled DDoS attack through visitors' browsers

Attackers exploited a vulnerability in a popular video-sharing site to hijack users' browsers for use in a large-scale distributed denial-of-service attack, according to researchers from Web security firm Incapsula.

Users face serious threat as hackers take aim at routers, embedded devices

Home routers and other consumer embedded devices are plagued by basic vulnerabilities and can't be easily secured by non-technical users, which means they'll likely continue to be targeted in what has already become an increasing trend of mass attacks.

Researchers publicly disclose vulnerabilities in Oracle Java Cloud Service

Security researchers released technical details and proof-of-concept code for 30 security issues affecting Oracle's Java Cloud Service, some of which could allow attackers to compromise business-critical Java applications deployed on it.

Hacked passwords can enable remote unlocking, tracking of Tesla cars

Tesla Motors accounts are protected only by simple passwords, making it easy for hackers to potentially track and unlock cars, according to a security researcher.

Philips smart TVs open to remote attacks via default wireless connection, researchers say

The latest firmware in some Philips smart TV models opens an insecure Miracast wireless network, allowing potential attackers located in the signal range to control the TV remotely and perform unauthorized actions.

Cisco fixes denial-of-service flaws in IOS software for networking devices

Cisco Systems released security updates for its IOS software used on routers, switches and other networking gear in order to fix seven vulnerabilities that could be exploited by attackers to impact the performance of affected devices or force them to reboot.

Full Disclosure security mailing list reborn under new management

The recently closed Full Disclosure security mailing list, which served as an open discussion forum for security researchers since 2002, was replaced Tuesday with a new list that will serve the same purpose, but will require former members to resubscribe.

Gameover malware targets accounts on employment websites

A new variant of the Gameover computer Trojan is targeting job seekers and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com accounts.

New BitCrypt ransomware variant distributed by bitcoin stealing malware

A new variant of a malicious program called BitCrypt that encrypts files and asks victims for bitcoin payments is being distributed by a computer Trojan that first pilfers bitcoin wallets.