Stories by Lucian Constantin

Global operation disrupts thousands of illegal online pharmacies

Law enforcement agencies in 111 countries collaborated to disrupt thousands of online pharmacies in what Interpol claims was the largest ever global operation targeting organized criminal networks that sell fake medicines.

Safari 6.1.4 and 7.0.4 address critical flaws, iOS patches missing

Apple released new versions of Safari for Mac OS X to fix critical vulnerabilities that could allow Web attackers to execute malicious code on computers. Patches are not yet available for Apple's iOS mobile OS, which is likely affected by some of the same flaws.

Point-of-sale attacks accounted for a third of data breaches in 2013, report says

A third of data breaches investigated by security firm Trustwave last year involved compromises of point-of-sale (PoS) systems and over half of all intrusions targeted payment card data.

Silverlight malvertising exploits on the rise

Microsoft Silverlight vulnerabilities are increasingly being exploited in drive-by download attacks to infect computers with malware, especially through malicious ads.

BlackShades users targeted in 16-country law enforcement action

Law enforcement agencies from 16 countries on three continents last week arrested 97 people after executing raids targeting those suspected of creating, buying and using a notorious Trojan program called BlackShades.

More fake antivirus programs found in Google Play, Windows Phone Store

Last month Google offered refunds to users who bought a fake antivirus app from Google Play, but the scam seems to be catching on and security researchers have recently identified similar apps in both the Android and Windows Phone app stores.

Online advertising poses significant security, privacy risks to users, US Senate report says

The current state of online advertising endangers the security and privacy of users and the U.S. Federal Trade Commission should force the industry to offer better protections through comprehensive regulation, the U.S. Senate said in a report.

Microsoft's .NET Framework security updates further effort to phase out RC4 encryption

Microsoft released optional security updates Tuesday for various versions of the .NET Framework that prevent the RC4 encryption algorithm from being used in TLS (Transport Layer Security) connections.

Adobe patches critical flaws in Reader, Acrobat, Flash Player and Illustrator

Adobe Systems released critical security updates for several products Tuesday in order to fix vulnerabilities that could allow attackers to take remote control of systems running the vulnerable software.

Facebook encourages email providers to deploy STARTTLS encryption

Facebook is pushing for more email providers to use STARTTLS, a technology that encrypts emails as they pass between servers and clients, after an analysis showed that any SMTP (Simple Mail Transfer Protocol) server that adds the feature now would start encrypting over half of its outbound email traffic.

Estonian electronic voting system vulnerable to attacks, researchers say

The electronic voting system that has been used in Estonia since 2005 cannot guarantee fair elections because of fundamental security weaknesses and poor operational procedures, according to an international team of security and Internet voting researchers.

Voice phishing campaign hits customers at dozens of banks

Cybercriminals stole debit card information from customers of dozens of financial institutions in a phishing campaign that combined rogue text messages and with VoIP calls.

Siemens patches Heartbleed in popular SCADA system

Siemens released a security update to address the Heartbleed vulnerability in SIMATIC WinCC Open Architecture, a supervisory control and data acquisition (SCADA) system that's used in a large number of industries to operate processes, machines and production flows.

Sefnit click fraud malware drops Tor for SSH, Facebook researchers say

Security researchers from Facebook have identified a new variant of the Sefnit click fraud malware program that uses SSH for command and control instead of the Tor anonymity network.

Adobe patches actively exploited vulnerability in Flash Player

Adobe Systems released emergency security updates for Flash Player in order to fix a vulnerability that has been exploited in attacks against users since earlier this month.

CIO
ARN
Techworld
CMO