Stories by Lucian Constantin

Data protection authorities find privacy lapses in majority of mobile apps

Many mobile apps request too many permissions and don't explain how they collect users' personal information, a study of 1,211 popular apps by the Global Privacy Enforcement Network has found.

Vulnerability in popular Joomla e-commerce extension puts online shops at risk

A critical vulnerability in a popular e-commerce extension for the Joomla content management system allows malicious users to gain super-admin privileges to sites that run the software.

VMware patches third-party components in vSphere platform

VMware has updated third-party libraries and components used by its vSphere server virtualization platform to integrate security patches released in recent months.

Five million Gmail addresses and passwords dumped online

An archive containing nearly 5 million Gmail addresses and plain text passwords was posted Tuesday on an online forum, but the data is old and likely sourced from multiple data breaches according to one security firm.

Adobe fixes critical flaws in Flash Player, delays Reader and Acrobat updates

Adobe Systems released a critical security update for Flash Player that fixes 12 security vulnerabilities, but pushed back its planned patches for Reader and Acrobat by a week.

Encryption failures fixed in popular PGP email security tool Enigmail

Developers of the popular Enigmail email security extension for Thunderbird have fixed several issues that could have exposed messages users believed to be encrypted.

Salesforce warns customers of malware attack users are being targeted by a new version of a computer Trojan that has typically attacked online banking customers until now.

Hackers launch Apple ID phishing campaign playing on iCloud security worries

The hackers behind the Kelihos botnet are trying to capitalize on users' increased awareness about the security of Apple online accounts through a new phishing campaign.

Cyberespionage group starts using new Mac OS X backdoor program

A group of hackers known for past cyberespionage attacks against the U.S. Defense Industrial Base, as well as companies from the electronics and engineering sectors, has recently started using a backdoor program to target Mac OS X systems.

LinkedIn beefs up account security with session management, detailed alerts

Professional networking site LinkedIn is rolling out new features that allow users to easily manage authenticated sessions across multiple devices and better understand what caused security-related changes on their accounts.

Hackers exploit critical vulnerability in popular WordPress theme component

Attackers are actively exploiting a critical vulnerability in a WordPress plug-in that's used by a large number of themes, researchers from two security companies warned Wednesday.

Twitter launches bug bounty program

Following in the footsteps of other major Internet companies, Twitter has started paying monetary rewards to security researchers who find and report vulnerabilities in its Web services and mobile apps.

Attack hijacks DNS settings on home routers in Brazil

An ongoing attack in Brazil tricks users into visiting malicious websites that attempt to silently change the Domain Name System settings of their home routers.

Hackers make drive-by download attacks stealthier with fileless infections

Cybercriminals are increasingly infecting computers with malware that resides only in memory in order to make their attacks harder to detect.

Reconnaissance code on industrial software site points to watering hole attack

Attackers deploy Web-based reconnaissance tool to gather information about potential targets in different industries