Stories by Lucian Constantin

BitTorrent develops secure, decentralized chat program using public-key crypto

BitTorrent, the company behind the popular file sharing protocol with the same name, is developing a secure chat application that will encrypt all communications between users and won't use any central server to route messages.

Older Mac webcams can spy without activating warning light, researchers find

Most webcams have a warning light that indicates when they're active, but it's possible for malware to disable this important privacy feature on older Mac computers, according to research from Johns Hopkins University (JHU) in Baltimore.

New DDoS malware targets Linux and Windows systems

Attackers are compromising Linux and Windows systems to install a new malware program designed for launching distributed denial-of-service (DDoS) attacks, according to researchers from the Polish Computer Emergency Response Team (CERT Polska).

Mass surveillance prompts IETF work on SSL deployment guidelines

A newly created working group within the Internet Engineering Task Force (IETF) has set out to develop best practices for deploying SSL encryption for Internet communications.

Attackers exploited ColdFusion vulnerability to install Microsoft IIS malware

Attackers exploited a vulnerability in Adobe ColdFusion to install data-stealing malware that works as a module for Microsoft's Internet Information Services (IIS) Web server software.

EFF criticizes Google for removing 'vital privacy feature' with Android 4.4.2

The Android 4.4.2 update that began to roll out Monday to Google's Nexus devices removed a feature that gave users fine-grained control over app permissions, prompting criticism from the Electronic Frontier Foundation.

Mozilla advises webmasters to implement X-Frame-Options security header

In light of overall low adoption of HTTP security headers, Mozilla is advising webmasters to at least implement X-Frame-Options on their sites, arguing that this header can prevent several types of attacks.

Nvidia exploit could turn render farms into password crackers, bitcoin miners, researchers claim

Nvidia's Mental Ray high-performance 3D rendering software has a vulnerability that could be exploited to compromise clusters of specialized computers called render farms, according to researchers from ReVuln.

Adobe patches critical vulnerabilities in Flash Player, Shockwave

Adobe patched several vulnerabilities in its Flash Player and Shockwave Player on Tuesday, including one for which an exploit is already available.

Update vulnerability in third-party SDK exposes some Android apps to attacks

A third-party advertising framework integrated in hundreds of Android apps contains a vulnerability that could allow hackers to steal sensitive information from users' phones, according to security researchers from antivirus firm Bitdefender.

Hackers said to infiltrate European foreign affairs ministries ahead of G20

Hackers of likely Chinese origin infiltrated computers belonging to the foreign affairs ministries of five unnamed European countries ahead of the G20 Summit in September, according to security researchers at FireEye.

French government sub-CA issues unauthorized certificates for Google domains

An intermediate certificate authority (CA) registered to the French Ministry of Finance issued rogue certificates for several Google domains without authorization.

12 suspected cybercriminals arrested in Russia along with Blackhole creator

Thirteen people, including the creator of Blackhole, a popular exploit tool used to infect computers with malware, were arrested and charged in Russia with creating and participating in a criminal organization.

New website lets users check if their online credentials were exposed in large data leaks

A new website allows Internet users to check if their usernames and passwords were exposed in some of the largest data breaches in recent years.

Point-of-sale malware infections on the rise, researchers warn

New attack campaigns have infected point-of-sale (PoS) systems around the world with sophisticated malware designed to steal payment card and transaction data.