Stories by Lucian Constantin

Facebook forces some users to reset passwords because of Adobe data breach

Facebook locked some users out of their accounts after determining that their log-in credentials were exposed as a result of a security breach at Adobe. The company is asking users who used the same log-in credentials for Adobe's online services and Facebook to verify their identity and change their password.

British spies reportedly spoofed LinkedIn, Slashdot to target network engineers

British intelligence agency Government Communications Headquarters (GCHQ) reportedly used spoofed LinkedIn and Slashdot pages to compromise the computers of network engineers working for global roaming exchange providers based in Europe.

Payment card industry gets updated security standard with new requirements

The PCI Security Standards Council released version 3.0 of the PCI Data Security Standard (PCI DSS) and corresponding Payment Application Data Security Standard (PA-DSS), adding new security requirements and guidance for payment-card industry organizations, including merchants, payment processors, financial institutions and service providers.

New bug bounty program rewards researchers for finding flaws in widely used software

A new bug bounty program sponsored by Microsoft and Facebook will reward security researchers for finding and reporting vulnerabilities in widely used software that have the potential to affect a large number of Internet users.

Despite patches, Supermicro's IPMI firmware is far from secure, researchers say

The Intelligent Platform Management Interface (IPMI) implementation found in motherboards from server manufacturer Supermicro suffers from serious vulnerabilities that could allow attackers to remotely compromise the management controllers in servers that use them.

Dutch civil society groups sue government over NSA data sharing

A coalition of defense lawyers, privacy advocates and journalists has sued the Dutch government over its collaboration and exchange of data with the U.S. National Security Agency and other foreign intelligence services.

Spike in traffic with TCP source port zero has some researchers worried

A significant increase this weekend in TCP traffic with source port zero detected could be part of reconnaissance efforts in preparation for more serious attacks, according to security researchers from Cisco Systems.

CryptoLocker creators try to extort even more money from victims with new service

The creators of CryptoLocker, a piece of malware that encrypts user data and holds it for ransom, are giving users who removed the malicious program from their computers a second chance to recover their files, but at a much higher cost.

New malware variant suggests cybercriminals targeting SAP users

A new variant of a Trojan program that targets online banking accounts also contains code to search if infected computers have SAP client applications installed, suggesting that attackers might target SAP systems in the future.

Fake social media ID duped security-aware IT guys

Security experts used fake Facebook and LinkedIn profiles pretending to represent a smart, attractive young woman to penetrate the defenses of a U.S. government agency with a high level of cybersecurity awareness, as part of an exercise that shows how effective social engineering attacks can be, even against technically sophisticated organizations.

Open-source software projects need to improve vulnerability handling practices, researchers say

Many open-source software developers need to improve the way in which they handle vulnerability reports, according to researchers from security firm Rapid7, who recently found and reported vulnerabilities in seven popular open-source software applications.

Cops should be allowed to hack into computers, police officials say

Law enforcement agencies should be allowed to hack into computers to identify cybercriminals and collect evidence, representatives from Europol and the Dutch National Police argued in front of a room full of security professionals at the RSA Europe security conference in Amsterdam.

PHP.net maintainers to reset user passwords, change SSL certificate

The PHP Group will reset the passwords for accounts on php.net, the official website of the PHP programming language, and will change the site's SSL certificate after attackers compromised two servers and injected malicious code into the website.

PHP.net compromised and used to attack visitors

Visitors to the official website for the PHP programming language over the past couple of days might have had their computers infected with malware.

Cisco fixes serious security flaws in networking, communications products

Cisco Systems released software security updates Wednesday to address denial-of-service and arbitrary command execution vulnerabilities in several products, including a known flaw in the Apache Struts development framework used by some of them.