Stories by Lucian Constantin

UK's PM warns Internet companies to ban child abuse search terms

The British government wants Google, Yahoo and Microsoft to block Internet searches that are likely to lead to child abuse images. Internet search providers have until October to commit to banning lists of keywords deemed abusive or the government will consider legislation to force them, the U.K.'s Prime Minister David Cameron said Monday in a speech.

Apple acquires Locationary for local listings

Apple has acquired Locationary, a start-up based in Toronto that provides a platform for aggregating and managing local business listings.

New vulnerability found in Java 7 opens door to 10-year-old attack, researchers say

Security researchers from Polish vulnerability research firm Security Explorations claim to have identified a new vulnerability in Java 7 that could allow attackers to bypass the software's security sandbox and execute arbitrary code on the underlying system.

Cisco releases security patches to mitigate attack against Unified Communications Manager

Cisco Systems released a security patch for its Unified Communications Manager (Unified CM) enterprise telephony product in order to mitigate an attack that could allow hackers to take full control of the systems. The company also patched denial-of-service vulnerabilities in its Intrusion Prevention System software.

Most enterprise networks riddled with vulnerable Java installations, report says

Despite the significant Java security improvements made by Oracle during the past six months, Java vulnerabilities continue to represent a major security risk for organizations because most of them have outdated versions of the software installed on their systems, according to a report by security firm Bit9.

Apache Struts security update fixes critical vulnerabilities

The Apache Software Foundation has released Struts 2.3.15.1, a security update for its popular Java Web application development framework that addresses two vulnerabilities, including a critical one that could allow remote attackers to execute arbitrary code on the server.

New digitally signed Mac malware confuses users with right-to-left file name tricks

A new piece of digitally signed spyware for Mac OS X uses a special Unicode character in its file name to hide its real file extension from users and trick them into installing it.

Health insurance credentials raise the cost of identity theft kits on underground marketplaces

Several underground marketplaces are offering full information packages for sale that contain verified health insurance credentials, bank account numbers, Social Security numbers and other personal information, along with counterfeit physical documents corresponding to the data.

Unusual file-infecting malware steals FTP credentials, researchers say

A new version of a file-infecting malware program that's being distributed through drive-by download attacks is also capable of stealing FTP (File Transfer Protocol) credentials, according to security researchers from antivirus firm Trend Micro.

Microsoft to pay first IE 11 Preview bug bounty to BlueHat security contest finalist

Microsoft has already received several vulnerability reports that qualify for monetary rewards as part of the company's bug bounty program launched in June for the preview version of Internet Explorer 11.

Researchers find another Android attack that can get past signature checks

A second vulnerability that can be exploited to modify legitimate Android apps without breaking their digital signatures has been identified and publicly documented.

Feds asked to sit out Defcon hacking conference this year

The organizers of the Defcon hacking convention have publicly asked U.S. federal government workers not to attend the event this year due to tension in the hacker community caused by the recent revelations about the U.S. government's electronic surveillance efforts.

1

Pirate Bay founder working on spy-proof text messaging app

Peter Sunde, the co-founder of BitTorrent search engine The Pirate Bay, is working on developing a secure mobile messaging app and service that's intended to be safe from government surveillance and be user friendly at the same time.

Proof-of-concept exploit available for Android app signature check vulnerability

Technical details and a proof-of-concept exploit have been published for a recently announced Android vulnerability that potentially affects millions of devices and allows attackers to turn legitimate apps into Trojan programs.

Brazilian government wants answers from US following reports of NSA spying in Brazil

The Brazilian government has formally asked the U.S. government for clarification regarding the alleged large-scale interception of electronic communications of Brazilian citizens by the U.S. National Security Agency.

CIO
ARN
Techworld
CMO