Stories by Lucian Constantin

Cisco fixes remote access vulnerabilities in Cisco Secure Access Control System

Cisco Systems has released software updates for its Cisco Secure Access Control System (ACS) in order to patch three vulnerabilities that could give remote attackers administrative access to the platform and allow them to execute OS-level commands without authorization.

New Blackphone promises secure communications and privacy

Playing on mobile users' fears of commercial and government surveillance, two companies are building a phone they say is designed to protect privacy. The joint venture between smartphone manufacturer Geeksphone and encrypted communications provider Silent Circle will unveil the new device called Blackphone at the Mobile World Congress show in Barcelona next month.

Tech support scammers are targeting mobile users, researchers say

Scammers have devised new ways to trick users into revealing personal information, hand over control of computers and pay for unnecessary software and tech support services, security experts warn.

Cisco promises to fix admin backdoor in some routers

Cisco Systems promised to issue firmware updates removing a backdoor from a wireless access point and two of its routers later this month. The undocumented feature could allow unauthenticated remote attackers to gain administrative access to the devices.

US retailer Target's point-of-sale terminals were infected with malware

The CEO of retailer Target revealed Saturday in an interview that the company's point-of-sale (PoS) systems were infected with malware, confirming what security experts suspected since the massive data breach was announced in mid-December.

OpenSUSE forums hack raises vBulletin zero-day exploit possibility

A compromise of the community forums for the openSUSE Linux distribution Tuesday sparked concern that hackers have access to a previously unknown exploit for the popular vBulletin Internet forum software.

Security analysis of mobile banking apps reveals significant weaknesses

A security analysis of mobile banking apps for iOS devices from 60 financial institutions around the world has revealed that many were vulnerable to various attacks and exposed sensitive information.

As Yahoo makes encryption standard for email, weak implementation seen

Yahoo has started to automatically encrypt connections between users and its email service, adding an important security layer that rival Gmail has had for almost four years, but its implementation needs work, according to at least one security expert.

Trojan program hijacks World of Warcraft accounts despite two-factor authentication

A new Trojan program is targeting users of the popular online role-playing game World of Warcraft and is capable of hijacking accounts even if their owners use two-factor authentication.

Cybercrooks developing dangerous new file-encrypting ransomware, researchers warn

A team of malware developers is preparing to sell a new ransomware program that encrypts files on infected computers and asks victims for money to recover them, according to a volunteer group of security researchers who tracked the development of the threat on underground forums in recent weeks.

No hypervisor vulnerability exploited in OpenSSL site breach

The OpenSSL Project confirmed that weak passwords used on the hosting infrastructure led to the compromise of its website, dispelling concerns that attackers might have exploited a vulnerability in virtualization software.

The security industry found its dream enemy in 2013 -- and new technical challenges too

2013 was the year we learned we must encrypt our data if we don't want the likes of the U.S. National Security Agency or the U.K. Government Communications Headquarters reading it as it crosses the Internet.

Attackers could match phone numbers to Snapchat accounts, researchers say

A security hole in popular photo messaging service Snapchat could allow attackers to find the phone numbers of many users in a short period of time, according to Gibson Security, a computer security research group.

Web server malware for Nginx, Apache advertised on underground market

A new malware program that functions as a module for the Apache and Nginx Web servers is being sold on cybercrime forums, according to researchers from security firm IntelCrawler.

Bundling of Chinese app store in new iOS 7 untethered jailbreak sparks controversy

The evad3rs hacking team has released a long-awaited jailbreak for Apple devices running iOS 7, but the release generated a backlash over its bundling of a Chinese app store instead of the more popular Cydia app directory.