Stories by Lucian Constantin

Silent Circle moves away from NIST cryptographic standards, cites uncertainty

The U.S. National Security Agency's reported efforts to weaken encryption standards have prompted an encrypted communications company to move away from cryptographic algorithms sanctioned by the U.S. National Institute of Standards and Technology (NIST).

Public release of IE exploit could spark widespread attacks

An exploit for a vulnerability that affects all versions of Internet Explorer and has yet to be patched by Microsoft has been integrated into the open-source Metasploit penetration testing tool, a move that might spur an increasing number of attacks targeting the flaw.

Symantec seizes part of massive peer-to-peer botnet ZeroAccess

The cybercriminals behind ZeroAccess, one of the largest botnets in existence, have lost access to more than a quarter of the infected machines they controlled because of an operation executed by security researchers from Symantec.

Brute-force malware targets email and FTP servers

A piece of malware designed to launch brute-force password guessing attacks against websites built with popular content management systems like WordPress and Joomla has started being used to also attack email and FTP servers.

IE zero-day vulnerability exploited more widely than previously thought

A recently announced and yet-to-be-patched vulnerability that affects all versions of Microsoft Internet Explorer (IE) has been exploited in targeted attacks against organizations in Taiwan since the beginning of July, according to security researchers.

Cisco IOS updates fix 10 denial-of-service vulnerabilities

Cisco Systems has patched 10 vulnerabilities that could impact the availability of devices using various versions of its IOS software.

New information-theft malware 'Napolar' is gaining traction, researchers warn

A new piece of information-stealing malware that appeared earlier this year has been rapidly gaining traction during the past few weeks, with hundreds of infection attempts being detected every day by antivirus vendors.

Malicious browser extensions pose a serious threat and defenses are lacking

Although the number of malicious browser extensions has significantly increased in the past year many security products fail to offer adequate protection against them, while others are simply not designed to do so, according to a security researcher.

Chrome will block NPAPI plug-ins over stability, security concerns

Plug-ins based on the NPAPI architecture will be blocked by default in Chrome starting early next year as Google moves toward completely removing support for them in the browser.

Apache Struts security update disables vulnerable feature

A new version of the Apache Struts development framework released Friday fixes two problems that had developers worried.

Rogue hardware used in attempted cyberheist at Santander bank branch

A criminal gang attempted to plant a rogue hardware device on the network of a Santander bank branch in London to remotely control a computer and steal money.

Oracle adds long-awaited whitelisting capabilities to Java

Oracle added a feature in Java that lets companies control what specific Java applets are allowed to run on their endpoint computers, which could help them better manage Java security risks.

Cyberspies attack key South Korean institutions, North Korean hackers suspected

South Korean organizations that conduct research on international affairs, national security and Korean unification are under siege from cyberspies whose attack may have its origins in North Korea.

Adobe issues critical security updates for Flash Player, Reader and Shockwave Player

Adobe released security updates for Flash Player, Adobe Reader and Shockwave Player on Tuesday to address critical vulnerabilities that could allow attackers to take control of systems running vulnerable versions of those programs.

Fingerprint sensor in iPhone 5S is no silver bullet, researchers say

The fingerprint sensor in Apple's new iPhone 5S has the potential to enhance the security of the device, but the devil will be in the details.