Stories by Lucian Constantin

Denial-of-service vulnerability puts Apache Tomcat servers at risk

Security researchers published a proof-of-concept exploit for a recently disclosed vulnerability that allows attackers to launch denial-of-service attacks against websites hosted on Apache Tomcat servers.

Adobe patches two critical vulnerabilities in Shockwave Player

Adobe Systems released a security update for Shockwave Player in order to address two vulnerabilities that could allow attackers to remotely take control of affected systems.

Attackers use NTP reflection in huge DDoS attack

Attackers abused insecure Network Time Protocol servers to launch what appears to be one of the largest DDoS (distributed denial-of-service) attacks ever, this time against the infrastructure of CloudFlare, a company that operates a global content delivery network.

Cyberespionage operation 'The Mask' compromised organizations in 30-plus countries

A cyberespionage operation that used highly sophisticated multi-platform malware went undetected for more than five years and compromised computers belonging to hundreds of government and private organizations in more than 30 countries.

Snapchat vulnerability can be exploited to crash iPhones, researcher says

A vulnerability in Snapchat allows attackers to launch denial-of-service attacks against users of the popular photo messaging app, causing their phones to become unresponsive and even crash.

Cybercriminals compromise home routers to attack online banking users

Attacks recently observed in Poland involved cybercriminals hacking into home routers and changing their DNS settings so they can intercept user connections to online banking sites.

Hackers try to hijack Facebook, other high profile domains through domain registrar

The Syrian Electronic Army (SEA), a group of hackers who have made a habit of hijacking high-profile domain names, managed to change the domain registration information for Facebook.com, but failed to redirect the domain to a different server.

New Flash exploit used to distribute credential-stealing malware

A new exploit that prompted Adobe to release an emergency patch for Flash Player was used in targeted attacks that distributed malware designed to steal log-in credentials for email and other online services, according to researchers from antivirus firm Kaspersky Lab.

GCHQ reportedly infiltrated and attacked hacktivist groups

British intelligence agency Government Communications Headquarters (GCHQ) has reportedly infiltrated hacktivist groups and used denial-of-service and other techniques to disrupt their online activities.

Adobe releases critical emergency update for Flash Player

Adobe released an update for Flash Player to fix a critical remote code execution vulnerability that is actively being targeted by attackers.

Tumblr offers SSL option, but not default

Tumblr now allows users to encrypt their connections with the microblogging service, but the feature is only offered as an option for now.

Prominent cryptographer victim of malware attack related to Belgacom breach

Belgian cryptographer Jean-Jacques Quisquater had his personal computer infected with malware as the result of a targeted attack that's believed to be related to a security breach discovered last year at Belgian telecommunications group Belgacom. According to him, other cryptographers have also been targeted by the same attackers.

Mobile users at risk from lack of HTTPS use by mobile ad libraries, security researchers say

Over the past several months security researchers have found serious vulnerabilities in many mobile advertising libraries that could be exploited to abuse the permissions of Android apps or to execute unauthorized code on users' devices. The risks resulting from those vulnerabilities would be significantly lower if those libraries would use HTTPS, security researchers said.

Tor-enabled malware stole credit card data from PoS systems at dozens of retailers

Payment card data was stolen during the past three months from several dozen retailers that had their point-of-sale systems infected with a memory-scraping malware program called ChewBacca.

GoDaddy owns up to role in Twitter account hijacking incident

GoDaddy has acknowledged that one of its employees fell victim to a social engineering attack allowing a hacker to take over a customer's domain names and eventually extort a coveted Twitter user name from him. PayPal, which the victim claimed also played a role in the attack, denied the accusations.