Stories by Lucian Constantin

Cybercriminals increasingly use the Tor network to control their botnets, researchers say

Malware writers are increasingly considering the Tor anonymity network as an option for hiding the real location of their command-and-control (C&C) servers, according to researchers from security firm ESET.

Syrian Electronic Army hacks into Viber support website

The hacker group calling itself the Syrian Electronic Army (SEA) broke into the customer support website for Viber, an instant messaging and Voice-over-Internet-Protocol (VoIP) application available for both mobile and desktop operating systems.

Android spyware infections on the rise: report

An increasing number of Android phones are infected with mobile malware programs that are able to turn the handsets into spying devices, according to a report from Kindsight Security Labs, a subsidiary of telecommunications equipment vendor Alcatel-Lucent.

Researcher claims responsibility for security breach at Apple Developer website

An independent security researcher claimed responsibility for the security breach incident that forced Apple to close down its Developer Center website last week.

UK's PM warns Internet companies to ban child abuse search terms

The British government wants Google, Yahoo and Microsoft to block Internet searches that are likely to lead to child abuse images. Internet search providers have until October to commit to banning lists of keywords deemed abusive or the government will consider legislation to force them, the U.K.'s Prime Minister David Cameron said Monday in a speech.

Apple acquires Locationary for local listings

Apple has acquired Locationary, a start-up based in Toronto that provides a platform for aggregating and managing local business listings.

New vulnerability found in Java 7 opens door to 10-year-old attack, researchers say

Security researchers from Polish vulnerability research firm Security Explorations claim to have identified a new vulnerability in Java 7 that could allow attackers to bypass the software's security sandbox and execute arbitrary code on the underlying system.

Cisco releases security patches to mitigate attack against Unified Communications Manager

Cisco Systems released a security patch for its Unified Communications Manager (Unified CM) enterprise telephony product in order to mitigate an attack that could allow hackers to take full control of the systems. The company also patched denial-of-service vulnerabilities in its Intrusion Prevention System software.

Most enterprise networks riddled with vulnerable Java installations, report says

Despite the significant Java security improvements made by Oracle during the past six months, Java vulnerabilities continue to represent a major security risk for organizations because most of them have outdated versions of the software installed on their systems, according to a report by security firm Bit9.

Apache Struts security update fixes critical vulnerabilities

The Apache Software Foundation has released Struts 2.3.15.1, a security update for its popular Java Web application development framework that addresses two vulnerabilities, including a critical one that could allow remote attackers to execute arbitrary code on the server.

New digitally signed Mac malware confuses users with right-to-left file name tricks

A new piece of digitally signed spyware for Mac OS X uses a special Unicode character in its file name to hide its real file extension from users and trick them into installing it.

Health insurance credentials raise the cost of identity theft kits on underground marketplaces

Several underground marketplaces are offering full information packages for sale that contain verified health insurance credentials, bank account numbers, Social Security numbers and other personal information, along with counterfeit physical documents corresponding to the data.

Unusual file-infecting malware steals FTP credentials, researchers say

A new version of a file-infecting malware program that's being distributed through drive-by download attacks is also capable of stealing FTP (File Transfer Protocol) credentials, according to security researchers from antivirus firm Trend Micro.

Microsoft to pay first IE 11 Preview bug bounty to BlueHat security contest finalist

Microsoft has already received several vulnerability reports that qualify for monetary rewards as part of the company's bug bounty program launched in June for the preview version of Internet Explorer 11.

Researchers find another Android attack that can get past signature checks

A second vulnerability that can be exploited to modify legitimate Android apps without breaking their digital signatures has been identified and publicly documented.

CIO
ARN
Techworld
CMO