Stories by Lucian Constantin

Email spam campaign distributes Android scareware

Android malware is following in the footsteps of Windows malware with attackers adopting some of the same distribution and monetization techniques despite the major differences between the platforms.

Leaked US spying budget reveals investments in 'groundbreaking' cryptanalysis

The U.S. intelligence community is reportedly using a fifth of its US$52.6 billion annual budget to fund cryptography-related programs and operations.

Cisco fixes critical remote command execution vulnerability in Secure Access Control Server

Cisco Systems released security patches for Secure Access Control Server (Secure ACS) for Windows to address a critical vulnerability that could allow unauthenticated attackers to remotely execute arbitrary commands and take control of the underlying operating system.

vBulletin users warned of potential exploit

The developers of the popular vBulletin commercial Internet forum software are investigating a potential exploit and advised users to delete the "install" directory from their deployments as a precaution.

Spear phishing led to DNS attack against the New York Times, others

The cyberattack that resulted in nytimes.com and some other high-profile websites being inaccessible to a large number of users Tuesday started with a targeted phishing attack against a reseller for Melbourne IT, an Australian domain registrar and IT services company.

Cybercrime service automates creation of fake scanned IDs, other identity verification documents

A new Web-based service for cybercriminals automates the creation of fake scanned documents that can help fraudsters bypass the identity verification processes used by some banks, e-commerce businesses and other online services providers, according to researchers from Russian cybercrime investigations firm Group-IB.

Report: NSA broke into UN video teleconferencing system

The U.S. National Security Agency reportedly cracked the encryption used by the video teleconferencing system at the United Nations headquarters in New York City.

Mozilla considers rejecting long-lived digital certificates following similar decision by Google

Mozilla is considering the possibility of rejecting as invalid SSL certificates issued after July 1, 2012, with a validity period of more than 60 months. Google already made the decision to block such certificates in Chrome starting early next year.

Cisco patches serious vulnerabilities in Unified Communications Manager

Cisco Systems has released new security patches for several versions of Unified Communications Manager (UCM) to address vulnerabilities that could allow remote attackers to execute arbitrary commands, modify system data or disrupt services.

Popular download management program has hidden DDoS component, researchers say

Recent versions of Orbit Downloader, a popular Windows program for downloading embedded media content and other types of files from websites, turns computers into bots and uses them to launch distributed denial-of-service (DDoS) attacks, according to security researchers.

'League of Legends' account information and transaction records compromised

A portion of the North American user base of "League of Legends" (LoL) had its account information compromised by hackers, according to Riot Games, the company developing the popular online multiplayer game. Passwords and credit card numbers stored in encrypted form were accessed, as well as other details.

Cyberattacks second most common cause of severe EU wired Internet outages in 2012

Although cyberattacks caused just 6 percent of significant outages of public electronic communications networks and services in the E.U. last year, they affected more people than hardware failure, a much more common factor in service disruptions, according to a report from the European Union Agency for Network and Information Security (ENISA).

Attackers use Ramnit malware to target Steam users

A new variant of the Ramnit financial malware is using local Web browser injections in order to steal log-in credentials for Steam accounts, according to researchers from security firm Trusteer.

Cybercriminals add new exploit for recently patched Java vulnerability to their arsenal

Cybercriminals were quick to integrate a newly released exploit for a Java vulnerability patched in June into a tool used to launch mass attacks against users, an independent malware researcher warned.

Hackers targeting servers running Apache Struts applications, researchers say

Chinese hackers are using an automated tool to exploit known vulnerabilities in Apache Struts, in order to install backdoors on servers hosting applications developed with the framework.