Stories by Lucian Constantin

Siemens patches Heartbleed in popular SCADA system

Siemens released a security update to address the Heartbleed vulnerability in SIMATIC WinCC Open Architecture, a supervisory control and data acquisition (SCADA) system that's used in a large number of industries to operate processes, machines and production flows.

Sefnit click fraud malware drops Tor for SSH, Facebook researchers say

Security researchers from Facebook have identified a new variant of the Sefnit click fraud malware program that uses SSH for command and control instead of the Tor anonymity network.

Adobe patches actively exploited vulnerability in Flash Player

Adobe Systems released emergency security updates for Flash Player in order to fix a vulnerability that has been exploited in attacks against users since earlier this month.

Emergency update for Apache Struts fixes incomplete patch for critical flaw

The Apache Software Foundation rushed last week to update the popular Apache Struts framework after a previous security patch for a high-risk vulnerability proved to be incomplete.

Mozilla to strengthen SSL certificate verification in Firefox

Mozilla plans to more strictly enforce industry best practices for SSL certificates in future versions of Firefox with a new certificate verification system.

Google speeds up encrypted Web communications in Chrome on Android

Google has added support for a new TLS cipher suite in its Chrome browser for Android that the company claims will provide better security and performance for encrypted communications on mobile devices.

Apple users put at risk by 3-week delay between OS X and iOS patches, researchers say

Apple exposed iOS users to security threats by taking three weeks longer to patch the same vulnerabilities in the mobile OS that it previously fixed in Safari on OS X, a former Apple security engineer said.

'Francophoned' cybertheft operation reportedly back in action

A cybercriminal operation that combines phone-based social engineering attacks with spear phishing and malware to steal money from organizations has resurfaced this year, finding victims in French-speaking countries in particular.

Russian SMS Trojan for Android hits US, dozens of other countries

An Android Trojan app that sends SMS messages to premium-rate numbers has expanded globally over the past year, racking up bills for users in over 60 countries including the U.S., malware researchers from Kaspersky Lab said.

Netgear patch said to leave backdoor problem in router

The security researcher who identified an admin backdoor in a range of routers last year has found that Netgear's patches don't adequately address the security issue.

Mysterious malware steals Apple credentials from jailbroken iOS devices

A malware campaign of yet-to-be-determined origin is infecting jailbroken iPhones and iPads to steal Apple account credentials from SSL encrypted traffic.

Web apps and point-of-sale were leading hacker targets in 2013, says Verizon

Web application attacks, cyber-espionage and point-of-sale intrusions were among the top IT security threats in 2013, according to Verizon's latest annual report on data breach investigations.

Satellite communication systems rife with security flaws, vulnerable to remote hacks

Security researchers have found that many satellite communication systems have vulnerabilities and design flaws that can let remote attackers intercept, manipulate, block and in some cases take full control of critical communications.

Tor anonymity network to shrink as a result of Heartbleed flaw

The Tor Project has flagged 380 Tor relays vulnerable to the critical Heartbleed flaw to be rejected from the Tor anonymity network, reducing the network's entry and exit capacity.

Facebook users targeted by iBanking Android trojan app

Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.