Stories by Lucian Constantin

Cisco fixes serious vulnerabilities in email, Web and content security appliances

Cisco Systems released security patches for its email, Web and content security appliances in order to address vulnerabilities that could allow attackers to execute commands on the underlying OS or disrupt critical processes.

Chinese malware attack affected dozens of South Korean organizations, researchers say

A recent targeted attack that used Chinese malware compromised over 1,000 computers belonging to dozens of South Korea organizations, according to researchers from Israeli security firm Seculert.

Most Android threats would be blocked if phones ran latest Android version, report says

Over three quarters of Android threats are malicious apps that send SMS messages to premium rate numbers and could be mitigated by a protection feature present in Android 4.2, according to researchers from networking vendor Juniper Networks.

Source code for Carberp financial malware gets leaked online

The source code for the Carberp financial malware has been leaked online, increasing the risk that other cybercriminals will create their own variants based on it, according to researchers from Russian cybercrime investigations firm Group-IB.

NSA can retain encrypted communications of Americans possibly indefinitely

The U.S. National Security Agency (NSA) can retain communications of U.S. citizens or residents potentially indefinitely if those communications are encrypted, according to a newly leaked secret government document.

LinkedIn outage prompts security concerns

LinkedIn's domain name was temporarily redirected to a third-party server Thursday, which resulted in a service outage and potentially put user accounts at risk of compromise.

Many companies are negligent about SAP security, researchers say

SAP has significantly improved the security of its products over the past few years but many of its customers are negligent with their deployments, which exposes them to potential attacks that could cripple their businesses, according to security researchers.

Microsoft launches security bounty programs for Windows 8.1 and IE 11 Preview

Microsoft will pay security researchers for finding and reporting vulnerabilities in the preview version of its Internet Explorer 11 (IE 11) browser, for finding novel techniques to bypass exploit mitigations present in Windows 8.1 or later versions and for coming up with new ideas to defend against exploits.

Java 7 Update 25 fixes 40 security issues, turns on certificate revocation checking

Oracle addressed 40 security issues in Java and enabled online certificate revocation checking by default in its scheduled critical patch update for Java on Tuesday.

Source code for Carberp financial malware is up for sale at a very low price, researchers say

The source code for the Carberp banking Trojan program is being offered for sale on the underground market at a very affordable price, which could result in additional Carberp-based financial malware being developed in the future, according to researchers from Russian cybercrime investigations firm Group-IB.

UK spy agency reportedly intercepted email of delegates at G20 meetings in 2009

British intelligence agency Government Communications Headquarters (GCHQ) reportedly intercepted the electronic communications of foreign politicians during G20 meetings that took place in London in 2009.

More malware is travelling on P2P networks these days

Hackers have found a devious new way to disseminate malware: They're using peer-to-peer networks.

Some foreign-backed US phone companies reportedly excluded from NSA surveillance program

At least two U.S. mobile operators, T-Mobile US and Verizon Wireless, reportedly do not participate directly in the U.S. National Security Agency's call metadata collection program because of their partial ownership by foreign telecommunication companies.

Spy-proof enterprise encryption is possible, but daunting

Data encryption could help enterprises protect their sensitive information against mass surveillance by governments, as well as guard against unauthorized access by ill-intended third parties, but the correct implementation and use of data encryption technologies is not an easy task, according to security experts.

Microsoft patches critical IE vulnerabilities and actively exploited Office flaw

A new batch of security updates released by Microsoft on Tuesday address a total of 23 vulnerabilities in Internet Explorer, Windows and Microsoft Office, including one that is actively exploited by attackers. The handling of digital certificates in Windows was also improved.