Stories by Lucian Constantin

Yandex launches public DNS service with malicious URL filtering

Russian Web search firm Yandex launched a public DNS (Domain Name System) resolution service on Thursday that leverages the company's existing website scanning technology to block access to malicious and adult-rated sites.

Sophos fixes vulnerabilities in its Web security appliance

Security vendor Sophos has released an update for the software used on its Web gateway security appliance in order to address three serious vulnerabilities in the product's Web-based user interface.

Companies experience a malware event on their systems every three minutes: report

Organizations face malware-related events that bypass traditional defense technologies on their networks every three minutes, according to a new report released Wednesday by security vendor FireEye.

Researchers find APT malware that monitors mouse clicks to evade detection

Researchers from security vendor FireEye have uncovered a new APT (advanced persistent threat) that uses multiple detection evasion techniques, including the monitoring of mouse clicks, to determine active human interaction with the infected computer.

Ransomware leverages victims' browser histories for increased credibility

The authors of police-themed ransomware have started using the browsing histories from infected computers in order to make their scams more believable, according to an independent malware researcher.

Critical denial-of-service flaw in BIND software puts DNS servers at risk

A flaw in the widely used BIND DNS (Domain Name System) software can be exploited by remote attackers to crash DNS servers and affect the operation of other programs running on the same machines.

Authorities bust global credit card fraud network targeting POS terminals and ATMs in Europe

A global credit card fraud network was shut down on Thursday as the result of an international police operation called "Pandora-Storm" that saw the participation of 20 law enforcement agencies from Europe, America and Australia, Europol announced,

Researchers find new point-of-sale malware called BlackPOS

A new piece of malware that infects point-of-sale (POS) systems has already been used to compromise thousands of payment cards belonging to customers of U.S. banks, according to researchers from Group-IB, a security and computer forensics company based in Russia.

DDoS attack against Spamhaus was reportedly the largest in history

A distributed denial-of-service (DDoS) attack of unprecedented scale that targeted an international spam-fighting organisation last week ended up causing problems for Internet users around the world, experts say.

Most Java-enabled browsers vulnerable to widespread Java exploits, Websense says

Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits currently used in popular Web attack toolkits, according to statistics published Monday by security vendor Websense.

Researchers identify targeted email attack distributing Android Trojan app

Security researchers from antivirus vendor Kaspersky Lab have identified a targeted email attack against human rights and political activists that distributed a custom Android Trojan app with information-stealing capabilities.

Malware abuses Chromium Embedded Framework, developers fight back

A new version of the TDL rootkit-type malware program downloads and abuses an open-source library called the Chromium Embedded Framework that allows developers to embed the Chromium Web rendering engine inside their own applications, according to security researchers from antivirus vendor Symantec.

Researchers uncover vSkimmer malware targeting point-of-sale systems

A new piece of custom malware sold on the underground Internet market is being used to siphon payment card data from point-of-sale (POS) systems, according to security researchers from antivirus vendor McAfee.

Researchers find TeamViewer-based cyberespionage operation

Security researchers have uncovered yet another ongoing cyberespionage operation targeting political and human rights activists, government agencies, research organizations and industrial manufacturers primarily from Eastern European countries and former Soviet Union states.

Cisco inadvertently weakens password encryption in its IOS operating system

The password encryption algorithm used in some recent versions of the Cisco IOS operating system is weaker than the algorithm it was designed to replace, Cisco revealed earlier this week.