Stories by Lucian Constantin

DigiCert is considering SSL certificates for more Tor hidden services

Certificate authority DigiCert is considering issuing SSL certificates to more Tor .onion address owners after recently providing Facebook with one.

WireLurker attacks against iOS devices also launched from Windows PCs

Attackers have used rogue applications for both OS X and Windows to infect iPhones and iPads in China with a malware program that steals contact information and other private data.

Informational Wi-Fi traffic can be used as covert communication channel for malware

A security researcher has developed a tool to demonstrate how the unauthenticated data packets in the 802.11 wireless LAN protocol can be used as a covert channel to control malware on an infected computer.

Cisco patches serious vulnerabilities in small business RV Series routers

Cisco Systems released patches for its small business RV Series routers and firewalls to address vulnerabilities that could allow attackers to execute arbitrary commands and overwrite files on the vulnerable devices.

Google releases tool to test apps, devices for SSL/TLS weaknesses

Google released a tool that can be used to test whether the SSL/TLS encrypted connections opened by applications or devices are vulnerable to man-in-the-middle attacks.

Popular messaging apps fail EFF's security review

Some of the most widely used messaging apps in the world, including Google Hangouts, Facebook chat, Yahoo Messenger and Snapchat, flunked a best-practices security test by advocacy group the Electronic Frontier Foundation (EFF).

BlackEnergy cyberespionage group targets Linux systems and Cisco routers

A cyberespionage group that has built its operations around a malware program called BlackEnergy has been compromising routers and Linux systems based on ARM and MIPS architectures in addition to Windows computers.

Seeking security, American Express aims to swap card numbers with tokens

In an effort to make to make Internet and mobile transactions more secure, American Express has launched a new service that aims to replace payment card numbers with unique tokens.

Google to kill off SSL 3.0 in Chrome 40

Google plans to remove support for the aging Secure Sockets Layer (SSL) version 3.0 protocol in Google Chrome 40, which is expected to ship in about two months.

Vulnerabilities found in more command-line tools, wget and tnftp get patches

The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities.

Drupal: If you weren't quick to patch, assume your site was hacked

Users of Drupal, one of the most popular content management systems, should consider their sites compromised if they didn't immediately apply a security patch released on Oct. 15.

Cybercriminals create platform for automating rogue credit card charges

Cybercriminals have a new tool to make the most of stolen credit card details before payment processors detect the fraud, security researchers warn.

Attack campaign infects industrial control systems with BlackEnergy malware

Since 2011 a group of attackers has been targeting companies that operate industrial control systems with a backdoor program called BlackEnergy.

Security vendor coalition cleans 43,000 malware infections used for cyberespionage

A coalition of security vendors has disrupted the activities of a sophisticated group of attackers tied to China that, over the past six years, infiltrated the computers of many Fortune 500 companies, journalists, environmental groups, software companies, academic institutions, pro-democracy groups and government agencies around the world.

Vulnerability in widely used 'strings' utility could spell trouble for malware analysts

One of the first things a malware analyst does when encountering a suspicious executable file is to extract the text strings found inside it, because they can provide immediate clues about its purpose. This operation has long been considered safe, but it can actually lead to a system compromise, a security researcher found.