Stories by Lucian Constantin

PHP working on new patch for critical vulnerability after initial one failed

The PHP Group plans to release new versions of the PHP processor on Tuesday in order to patch two publicly known critical remote code execution vulnerabilities, one of which was improperly addressed in a May 3 update.

Researcher misinterprets Oracle advisory, discloses unpatched database vulnerability

Instructions on how to exploit an unpatched Oracle Database Server vulnerability in order to intercept the information exchanged between clients and databases were published by a security researcher who erroneously thought that the company had patched the flaw.

Most of the Internet's top 200,000 HTTPS websites are insecure, Trustworthy Internet Movement says

Ninety percent of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL (Secure Sockets Layer) attack, according to a report released Thursday by the Trustworthy Internet Movement (TIM), a nonprofit organization dedicated to solving Internet security, privacy and reliability problems.

LAN attack can put some Samsung TVs in endless restart loop

A vulnerability in the firmware of several network-enabled Samsung TV models and possibly Blu-ray players allows potential attackers to put the vulnerable devices into an endless restart loop that requires the intervention of a technician to terminate, according to independent security researcher Luigi Auriemma.

Macs more likely to carry Windows malware than Mac malware, study finds

One in five Mac computers is likely to carry Windows malware, but only one in 36 is likely to be infected with malware specifically designed for the Mac OS X, according to study performed by antivirus firm Sophos.

India overtakes U.S. as the world's top email spam source

The volume of email spam that originated from India during the first three months of 2012 exceeded the volume coming from the U.S. and transformed the Asian country into the world's top spam source, security firm Sophos said on Monday.

WordPress security update patches external libraries, several vulnerabilities

The WordPress development team released WordPress 3.3.2 on Friday in order to address several vulnerabilities in the popular blogging platform as well as in three external libraries that are bundled with it by default.

Most IT and security professionals see Anonymous as serious threat to their companies

The majority of IT and security professionals believe that Anonymous and hacktivists are among the groups that are most likely to attack their organizations during the next six months, according to the results of a survey sponsored by security vendor Bit9.

Proof-of-concept Android Trojan app analyzes motion sensor data to determine tapped keys

A team of researchers from Pennsylvania State University (PSU) and IBM have designed a proof-of-concept Android Trojan app that can steal passwords and other sensitive information by using the smartphone's motion sensors to determine what keys victims tap on their touchscreens when unlocking their phones or inputting credit card numbers during phone banking operations.

Twitter spam campaign infects users with fake antivirus programs

A large spam campaign observed on Twitter during the last couple of days directed users to malicious websites that exploited vulnerabilities in browser plug-ins to infect their computers with rogue antivirus programs, according to security researchers from antivirus firm Kaspersky Lab.

Android malware writers exploit Instagram craze to distribute SMS Trojan horse

In an attempt to take advantage of the popularity of free photo-sharing app Instagram among smartphone users, malware writers have created fake Instagram websites to distribute Android Trojan horses, according to security researchers from antivirus firms Sophos and Trend Micro.

Computer Trojan horse steals credit card details from hotel reception software

A remote access computer Trojan (RAT) designed to steal credit card details from hotel point-of-sale (PoS) applications is being sold on the underground forums, researchers from security firm Trusteer said in a blog post on Wednesday.

Hackers ramping up attacks against Tibetan activists

Hackers are ramping up their attacks against Tibetan activists and are using increasingly sophisticated techniques to deliver malware, according to researchers from security firms FireEye and Trend Micro.

Upcoming Firefox click-to-play feature will stop automated plug-in exploits

Mozilla developers are working on a new Firefox feature that will block the automated display of plug-in-based content like Flash videos, Java applets or PDF files, and will protect users from attacks that exploit vulnerabilities in browser plug-ins to install malware on their computers.

Ransomware prevents Windows from starting by replacing the master boot record

A new ransomware variant prevents infected computers from loading Windows by replacing their master boot record (MBR) and displays a message asking users for money, according to security researchers from Trend Micro.