Stories by Lucian Constantin

Critical vulnerability affects latest VLC media player version

Versions 2.0.5 and earlier of the popular VLC media player software contain a critical vulnerability that can be potentially exploited by attackers to execute malicious code on computers.

Kaspersky Lab adds mobile and system management to its business security offering

Kaspersky Lab on Wednesday made its bid to reduce the complexity associated with managing IT security processes in corporate environments, with a new product that combines the company's anti-malware technology with new mobile and system management tools.

Ruby on Rails receives the third security patch in less than a month

Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the software on Monday in order to address a critical remote code execution vulnerability.

UPnP flaws expose tens of millions of networked devices to remote attacks, researchers say

Tens of millions of network-enabled devices including routers, printers, media servers, IP cameras, smart TVs and more can be attacked over the Internet because of dangerous flaws in their implementation of the UPnP (Universal Plug and Play) protocol standard, security researchers from Rapid7 said Tuesday in a research paper.

Browser-hijacking malware talks to attackers using SPF email validation protocol

A new Trojan program that displays rogue advertisements during browsing sessions uses a DNS-based email validation protocol called the Sender Policy Framework (SPF) in order to receive instructions from attackers without being detected, according to security researchers from Symantec.

Two former Anonymous members jailed in UK for PayPal, Visa DDoS attacks

Three men were sentenced Thursday in the U.K. for their roles in a series of distributed denial-of-service (DDoS) attacks launched against financial and music industry organizations in 2010 by the Anonymous hacktivist collective.

Backdoor accounts found in networking and security appliances from Barracuda Networks

A variety of networking and security appliances from Barracuda Networks contain backdoor accounts that could allow attackers to log in remotely over SSH (Secure Shell) and gain administrative, or root, access on the devices.

Web server hackers install rogue Apache modules and SSH backdoors, researchers say

A group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their Secure Shell (SSH) services in order to steal login credentials from administrators and users.

Mega responds to security concerns; promises some changes

Representatives of newly launched file-storage and sharing service Mega addressed some of the concerns raised by security researchers in recent days about the site's architecture and the implementation of its cryptographic features.

Securing SCADA systems still a piecemeal affair

ReVuln, a Malta-based security startup that specializes in vulnerability research, is working on a product that could allow companies to protect their SCADA (supervisory control and data acquisition) software installations against entire classes of vulnerabilities. In the meantime, the company is developing and selling custom patches for SCADA software vulnerabilities that have yet to be addressed by the vendors.

Twitter flaw gave third-party apps unauthorized access to private messages, researcher says

Users who signed into third-party Web or mobile applications using their Twitter accounts might have given those applications access to their Twitter private "direct" messages without knowing it, according to Cesar Cerrudo, the chief technology officer of security consultancy firm IOActive.

Security researchers cripple Virut botnet

Many of the domain names used by a cybercriminal gang to control computers infected with the Virut malware were disabled last week in a coordinated takedown effort, Spamhaus, an organization dedicated to fighting spam, announced Saturday.

Researchers find critical vulnerabilities in Java 7 Update 11

Researchers from Security Explorations, a Poland-based vulnerability research firm, claim to have found two new vulnerabilities in Java 7 Update 11 that can be exploited to bypass the software's security sandbox and execute arbitrary code on computers.

Shylock banking malware updated to spread via Skype, researchers say

The Shylock home banking malware has been updated with new functionality that allows it to spread automatically using the popular Skype Voice-over-IP (VoIP) and instant messaging client.

Foxit patches critical vulnerability in PDF viewer browser plug-in

Foxit released version 5.4.5 of its Foxit Reader PDF viewer plug-in on Thursday in order to address a critical remote code execution vulnerability that could have allowed attackers to compromise computers running previous versions of the software.

Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia