Stories by Lucian Constantin

Flaws in popular SEO plug-in put WordPress websites at risk

Many WordPress websites could be at risk of compromise if their administrators don't upgrade a popular search engine optimization (SEO) plug-in to a newly released version that fixes serious vulnerabilities.

Global mobile roaming hub accessible from the Internet and vulnerable, researchers find

The GPRS Roaming Exchange (GRX) network, which carries roaming traffic among hundreds of mobile operators worldwide, contains Internet-reachable hosts that run vulnerable and unnecessary services, recent security scans reveal.

New attack methods can 'brick' systems, defeat Secure Boot, researchers say

The Secure Boot security mechanism of the Unified Extensible Firmware Interface (UEFI) can be bypassed on around half of computers that have the feature enabled in order to install bootkits, according to a security researcher.

Vessel-tracking system vulnerable to denial-of-service, other attacks, researchers say

Inexpensive equipment can be used to disrupt vessel-tracking systems and important communications between ships and port authorities, according to two security researchers.

Google-owned VirusTotal releases file-scanning tool for Mac users

Popular file and URL scanning service VirusTotal released a new application that allows Mac OS X users to scan suspicious files with more than 50 antivirus engines supported by the service.

NFC-based seal tracks counterfeit booze

Two European companies have partnered to tackle the growing problem of fraudulent refilling of high-end wine and spirits bottles using a seal system based on near field communication chips.

New online banking Trojan program combines Zeus and Carberp features

A new computer Trojan that targets users of 450 financial institutions from around the world appears to borrow functionality and features directly from the notorious Zeus and Carberp malware programs.

DDoS attacks using SNMP amplification on the rise

Attackers are increasingly abusing devices configured to publicly respond to SNMP (Simple Network Management Protocol) requests over the Internet to amplify distributed denial-of-service attacks.

Researchers find large global botnet of infected PoS systems

Security researchers uncovered a global cybercriminal operation that infected with malware almost 1,500 point-of-sale (POS) terminals, accounting systems and other retail back-office platforms from businesses in 36 countries.

Global operation disrupts thousands of illegal online pharmacies

Law enforcement agencies in 111 countries collaborated to disrupt thousands of online pharmacies in what Interpol claims was the largest ever global operation targeting organized criminal networks that sell fake medicines.

Safari 6.1.4 and 7.0.4 address critical flaws, iOS patches missing

Apple released new versions of Safari for Mac OS X to fix critical vulnerabilities that could allow Web attackers to execute malicious code on computers. Patches are not yet available for Apple's iOS mobile OS, which is likely affected by some of the same flaws.

Point-of-sale attacks accounted for a third of data breaches in 2013, report says

A third of data breaches investigated by security firm Trustwave last year involved compromises of point-of-sale (PoS) systems and over half of all intrusions targeted payment card data.

Silverlight malvertising exploits on the rise

Microsoft Silverlight vulnerabilities are increasingly being exploited in drive-by download attacks to infect computers with malware, especially through malicious ads.

BlackShades users targeted in 16-country law enforcement action

Law enforcement agencies from 16 countries on three continents last week arrested 97 people after executing raids targeting those suspected of creating, buying and using a notorious Trojan program called BlackShades.

More fake antivirus programs found in Google Play, Windows Phone Store

Last month Google offered refunds to users who bought a fake antivirus app from Google Play, but the scam seems to be catching on and security researchers have recently identified similar apps in both the Android and Windows Phone app stores.