Stories by Lucian Constantin

Unusual file-infecting malware steals FTP credentials, researchers say

A new version of a file-infecting malware program that's being distributed through drive-by download attacks is also capable of stealing FTP (File Transfer Protocol) credentials, according to security researchers from antivirus firm Trend Micro.

Microsoft to pay first IE 11 Preview bug bounty to BlueHat security contest finalist

Microsoft has already received several vulnerability reports that qualify for monetary rewards as part of the company's bug bounty program launched in June for the preview version of Internet Explorer 11.

Researchers find another Android attack that can get past signature checks

A second vulnerability that can be exploited to modify legitimate Android apps without breaking their digital signatures has been identified and publicly documented.

Feds asked to sit out Defcon hacking conference this year

The organizers of the Defcon hacking convention have publicly asked U.S. federal government workers not to attend the event this year due to tension in the hacker community caused by the recent revelations about the U.S. government's electronic surveillance efforts.

1

Pirate Bay founder working on spy-proof text messaging app

Peter Sunde, the co-founder of BitTorrent search engine The Pirate Bay, is working on developing a secure mobile messaging app and service that's intended to be safe from government surveillance and be user friendly at the same time.

Proof-of-concept exploit available for Android app signature check vulnerability

Technical details and a proof-of-concept exploit have been published for a recently announced Android vulnerability that potentially affects millions of devices and allows attackers to turn legitimate apps into Trojan programs.

Brazilian government wants answers from US following reports of NSA spying in Brazil

The Brazilian government has formally asked the U.S. government for clarification regarding the alleged large-scale interception of electronic communications of Brazilian citizens by the U.S. National Security Agency.

Snowden's Icelandic citizenship request stuck until September

Several members of the Icelandic Parliament introduced a bill Thursday that seeks to grant Icelandic citizenship to U.S. National Security Agency document leaker Edward Snowden, but the bill won't be discussed until September.

Online protests against NSA surveillance planned for July 4 get off to slow start

An online protest against the surveillance programs of the U.S. National Security Agency planned for July 4 was off to a slow start Thursday morning, despite expectations it would see participation from thousands of websites.

Vulnerability allows attackers to modify Android apps without breaking their signatures

A vulnerability that has existed in Android for the past four years can allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be used to steal data or take control of the OS.

Alleged Shadowcrew member extradited to the US nine years after forum takedown

A 30-year-old Bulgarian was extradited to the U.S. from Paraguay in order to face charges related to his alleged involvement in Shadowcrew, a large cybercrime forum that was dismantled by U.S. authorities in 2004.

Critical vulnerabilities found in single sign-on enterprise tool Atlassian Crowd

A critical vulnerability that could allow remote attackers to access sensitive enterprise log-in credentials and other data was fixed last week in Crowd, a single sign-on (SSO) and identity management tool used by large organizations to simplify access to their internal Web applications and services.

Vulnerabilities found in code library used by encrypted phone call apps

ZRTPCPP, an open-source library that's used by several applications offering end-to-end encrypted phone calls, contained three vulnerabilities that could have enabled arbitrary code execution and denial-of-service attacks, according to researchers from security firm Azimuth Security.

New disk wiper malware linked to attacks in South Korea, researchers say

A new piece of malware designed to delete files from hard disk drives and render computers unable to boot targets South Korean users, according to researchers from security firm Symantec.

Citadel malware variant uses content localization to target brands and users in different countries

A new variant of the Citadel financial malware uses in-browser injection techniques combined with extensive content localization to steal log-in credentials and credit card information from users in different countries, according to researchers from security vendor Trusteer.

CIO
ARN
Techworld
CMO