Stories by Lucian Constantin

Attack code published for serious ASP.NET DoS vulnerability

Exploit code for a recently patched denial-of-service (DoS) vulnerability that affects Microsoft's ASP.NET Web development platform has been published online, therefore increasing the risk of potential attacks.

Industrial espionage gang sends malicious emails in security vendor's name

A cybercrime gang that primarily targets companies from the chemical industry has launched a new series of attacks that involve malware-laden emails purporting to be from Symantec, the security vendor responsible for exposing its operation earlier this year.

Two zero-day vulnerabilities found in Flash Player

Two newly discovered vulnerabilities in Adobe's Flash Player can be exploited to execute arbitrary code remotely, according to advisories from the U.S. Computer Emergency Readiness Team (US-CERT) and various security research companies.

Second-hand USB drives riddled with malware, Sophos finds

An analysis of USB memory sticks lost on trains in Sydney revealed that two thirds of them were infected with one or more strains of malware and none was secured with an encryption solution.

Yahoo Messenger flaw enables spamming through other people's status messages

An unpatched Yahoo Messenger vulnerability that allows attackers to change people's status messages and possibly perform other unauthorized actions can be exploited to spam malicious links to a large number of users.

Anonymous' Robin Hood credit card fraud campaign could hurt more than just banks

Hacktivist groups Anonymous and TeaMp0isoN have joined together in a new campaign that involves compromising credit card details and using them to donate money to charities, homeless people and anti-government protesters around the world.

Facebook community forum swamped by spam during Thanksgiving weekend

Facebook's community forum was flooded during the Thanksgiving weekend with spam messages that advertised live streaming links for various sporting events.

WikiLeaks: Security worries impede new submission system

WikiLeaks has postponed the launch of its new secure submission system due to recent security compromises that seriously affected the credibility of the SSL infrastructure.

Trojan sends premium-rate SMS messages, aims at European and Canadian Android users

A new Android Trojan program that poses as an SMS management application is sending text messages to predefined premium-rate numbers in Europe and Canada, according to security researchers from Kaspersky Lab.

Unpatched Apache reverse proxy flaw allows access to internal network

A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite rules are not defined properly.

ISPs can't be forced to monitor traffic for copyright infringement, ECJ rules

In what some consider to be a landmark decision, the European Court of Justice ruled Thursday that forcing Internet service providers (ISPs) to monitor consumer traffic in order to block copyright infringement is incompatible with European Union laws.

Largest DDoS attack so far this year peaked at 45 Gbps, says company

A week-long DDoS attack that launched a flood of traffic at an Asian e-commerce company in early November was the biggest such incident so far this year, according to Prolexic, a company that defends websites against such attacks.

Google protects its current HTTPS traffic against future attacks

Google has modified the encryption method used by its HTTPS-enabled services including Gmail, Docs and Google+, in order to prevent current traffic from being decrypted in the future when technological advances make this possible.

Browser extension allows users to express their email privacy expectations

A team of privacy researchers and product designers from Europe and the U.S. have released a browser-based implementation of Privicons, a project that aims to provide users with a simple method of expressing their expectations of privacy when sending email.

EFF proposes new method to strengthen Public Key Infrastructure

The Electronic Frontier Foundation (EFF) is proposing an extension to the current SSL chain of trust that aims to improve the security of HTTPS and other secure communication protocols.

Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia