Stories by Lucian Constantin

NSA surveillance revelations prompt EFF resignation from Global Network Initiative

The reported participation of technology companies in the U.S. National Security Agency's surveillance programs has prompted digital rights watchdog the Electronic Frontier Foundation to resign from the Global Network Initiative, a multistakeholder group whose members include Google, Microsoft, Yahoo and Facebook and whose stated mission is to advance privacy and freedom of expression online.

Hackers exploit vBulletin vulnerability to inject rogue administrator accounts

Hackers are exploiting a vulnerability in the popular vBulletin Internet forum software in order to inject rogue administrator accounts into websites using it.

Cisco patches vulnerabilities in some security appliances, switches and routers

Cisco Systems has released security patches for authentication bypass, command execution and denial-of-service vulnerabilities affecting products that use its Adaptive Security Appliance (ASA) software, as well as the Cisco Catalyst 6500 series switches and Cisco 7600 series routers.

D'oh! Basic flaw in WhatsApp could allow attackers to decrypt messages

The popular mobile messaging application WhatsApp Messenger has a major design flaw in its cryptographic implementation that could allow attackers to decrypt intercepted messages, according to a Dutch developer.

Four suspected users of Silk Road Internet drug marketplace arrested in the UK

Four men have been arrested by the U.K.'s National Crime Agency (NCA) for drug offenses in connection with their involvement in Silk Road, an Internet underground marketplace for drugs and other illegal items.

Blackhole exploit kit author arrested in Russia

Russian authorities have arrested the main developer of the notorious Blackhole exploit kit, one of the most popular attack tools used to infect Web users with malware.

Hosting provider LeaseWeb falls victim to DNS hijacking

Hosting provider LeaseWeb became the latest high-profile company to have its domain name taken over by attackers, highlighting that DNS (Domain Name System) hijacking is a significant threat, even to technically adept businesses.

Web hosting firms at risk from critical vulnerability in WHMCS billing and support system

The developers of WHMCS, a popular client management, billing and support application for Web hosting providers, released emergency security updates Thursday to patch a critical vulnerability that was publicly disclosed.

Mozilla unmasks security flaw in Persona, warns other OpenID implementers

A vulnerability found recently in an OpenID-based feature of the Mozilla Persona online identity management service prompted the company to advise Web developers to check their OpenID implementations for similar issues.

Hackers steal information on 2.9 million Adobe customers

Hackers broke into the internal computer network of Adobe Systems and stole information on 2.9 million customers, as well as source code for several of the company's products.

Silent Circle moves away from NIST cryptographic standards, cites uncertainty

The U.S. National Security Agency's reported efforts to weaken encryption standards have prompted an encrypted communications company to move away from cryptographic algorithms sanctioned by the U.S. National Institute of Standards and Technology (NIST).

Public release of IE exploit could spark widespread attacks

An exploit for a vulnerability that affects all versions of Internet Explorer and has yet to be patched by Microsoft has been integrated into the open-source Metasploit penetration testing tool, a move that might spur an increasing number of attacks targeting the flaw.

Symantec seizes part of massive peer-to-peer botnet ZeroAccess

The cybercriminals behind ZeroAccess, one of the largest botnets in existence, have lost access to more than a quarter of the infected machines they controlled because of an operation executed by security researchers from Symantec.

Brute-force malware targets email and FTP servers

A piece of malware designed to launch brute-force password guessing attacks against websites built with popular content management systems like WordPress and Joomla has started being used to also attack email and FTP servers.

IE zero-day vulnerability exploited more widely than previously thought

A recently announced and yet-to-be-patched vulnerability that affects all versions of Microsoft Internet Explorer (IE) has been exploited in targeted attacks against organizations in Taiwan since the beginning of July, according to security researchers.