Stories by Lucian Constantin

Free tool automates phishing attacks for Wi-Fi passwords

A new open-source tool can be used to launch phishing attacks against users of wireless networks in order to steal their Wi-Fi access keys.

Think that software library is safe to use? Not so fast!

In today's world of agile software development and fast release cycles, developers increasingly rely on third-party libraries and components to get the job done. Since many of those libraries come from long-running, open-source projects, developers often assume they're getting well-written, bug-free code. They're wrong.

Romanian version of EU cybersecurity directive allows warrantless access to data

More than a dozen Romanian non-governmental organizations are protesting new cybersecurity legislation passed by the parliament last week that would force businesses to provide the country's national intelligence agencies with access to their data without a court warrant.

Thunderbolt devices can infect MacBooks with persistent rootkits

Attackers can infect MacBook computers with highly persistent boot rootkits by connecting malicious devices to them over the Thunderbolt interface.

Flaw in open-source PDF viewer could put WikiLeaks users, others at risk

An open-source component used to display PDF files on WikiLeaks.org and other websites contains vulnerabilities that could be exploited to launch cross-site scripting (XSS) and content spoofing attacks against visitors.

Two-factor authentication oversight led to JPMorgan breach, investigators reportedly found

The attackers who stole information about 83 million JPMorgan Chase customers earlier this year gained a foothold on the company's network because a server reportedly lacked two-factor authentication.

Cybercrime group steals millions from Russian banks, targets US and European retailers

A sophisticated group of cybercriminals has stolen over US$25 million by hacking into the infrastructure of numerous financial institutions in Russia and former Soviet Union countries, as well as into point-of-sale systems belonging to U.S. and European retailers.

Exploits for dangerous network time protocol vulnerabilities can compromise systems

Remote code execution vulnerabilities in the standard implementation of the network time protocol (NTP) can be exploited by attackers to compromise servers, embedded devices and even critical infrastructure systems that run UNIX-like operating systems.

Trojan program based on ZeuS targets 150 banks, can hijack webcams

A new computer Trojan based on the infamous ZeuS banking malware is targeting users of over 150 banks and payment systems from around the world, security researchers warn.

Critical vulnerability in Git clients puts developers at risk

A critical vulnerability in client software used to interact with Git, a distributed revision control system for managing source code repositories, allows attackers to execute rogue commands on computers used by developers.

Vulnerability in embedded Web server exposes millions of routers to hacking

A serious vulnerability in an embedded Web server used by many router models from different manufacturers allows remote attackers to take control of affected devices over the Internet.

Point-of-sale malware creators still in business with Spark, an Alina spinoff

A malware program dubbed Spark that steals payment card data from compromised point-of-sale (POS) systems is likely a modification of an older Trojan called Alina, and highlights a continuing, lucrative business for cybercriminals.

Over 30 vulnerabilities found in Google App Engine

Serious vulnerabilities exist in Google App Engine (GAE), a cloud service for developing and hosting Web applications, a team of security researchers has found.

The Turla espionage operation also infected Linux systems with malware

A newly discovered malware program designed to infect Linux systems is tied to a sophisticated cyberespionage operation of Russian origin dubbed Epic Turla, security researchers found.

Forgotten subdomains boost risk of account hijacking, other attacks

Subdomains that once served a purpose but later were forgotten by website administrators can be abused by hackers to attack users of sites under the same main domain.