Stories by Lucian Constantin

Intel says GPU malware is no reason to panic, yet

Malware that runs inside GPUs (graphics processing units) can be harder to detect, but is not completely invisible to security products.

Linux Foundation's security checklist can help sysadmins harden workstations

The Linux Foundation published a list of security recommendations for hardening Linux workstations used by systems administrators.

Researchers find many more modules of Regin spying tool

Security researchers from Symantec have identified 49 more modules of the sophisticated Regin cyberespionage platform that many believe is used by the U.S. National Security Agency and its close allies.

BitTorrent patches flaw that could amplify distributed denial-of-service attacks

BitTorrent fixed a vulnerability that would have allowed attackers to hijack BitTorrent applications used by hundreds of millions of users in order to amplify distributed denial-of-service (DDoS) attacks.

Some routers vulnerable to remote hacking due to hard-coded admin credentials

Several DSL routers from different manufacturers contain a guessable hard-coded password that allows accessing the devices with a hidden administrator account.

Tor security concerns prompt largest dark market to suspend operations

Administrators of Agora, the largest online black marketplace operating on the Tor anonymity network, decided to temporarily suspend the website because of possible attacks based on recent methods of exposing Tor Hidden Services.

Certifi-gate flaw in Android remote support tool exploited by screen recording app

An application hosted in Google Play until yesterday took advantage for months of a flaw in the TeamViewer remote support tool for Android in order to enable screen recording on older devices.

Plenty of fish, and exploits too, on dating website

Recent visitors to Plenty of Fish, an online dating website with over 3 million daily active users, had their browsers redirected to exploits that installed malware.

Vulnerability in enterprise-managed iOS devices puts business data at risk

A vulnerability in the iOS sandbox for third party applications, like those installed by companies on their employees' devices, can expose sensitive configuration settings and credentials.

Internet company hit by credit card breach

Hackers breached the computer systems of Internet services provider Group and stole credit card information of 93,000 customers.

Adobe patches important flaw in LiveCycle Data Services

Adobe Systems released a security patch for LiveCycle Data Services, a development tool used by businesses to synchronize data between back-end servers and rich Internet applications built with Adobe Flex or AIR.

Attackers increasingly abuse insecure routers and other home devices for DDoS attacks

Attackers are taking advantage of home routers and other devices that respond to UPnP requests over the Internet in order to amplify DDoS attacks.

Another serious vulnerability found in Android's media processing service

The Android service that processes multimedia files has been the source of several vulnerabilities recently, including a new one that could give rogue applications access to sensitive permissions.

BitTorrent programs can be abused to amplify distributed denial-of-service attacks

BitTorrent applications used by hundreds of millions of users around the world could be tricked into participating in distributed denial-of-service (DDoS) attacks, amplifying the malicious traffic generated by attackers by up to 50 times.

BitTorrent programs can be abused to amplify distributed denial-of-service attacks

Attackers could launch crippling attacks by reflecting the traffic through millions of computers running BitTorrent programs