Stories by Lucian Constantin

Rare SMS worm targets Android devices

A rare Android worm that propagates itself to other users via links in text messages has been discovered by security researchers.

Privacy-focused Blackphone starts shipping to early adopters

The wait is almost over for early adopters of Blackphone, an Android-based smartphone that promises enhanced privacy and security.

VMware catches up with some Apache Struts patches, but not all

Two months after critical vulnerabilities were patched in Apache Struts, a popular open-source framework for developing Java-based Web applications, VMware released a security update to incorporate the fixes in its vCenter Operations Management Suite product but appears to have left out a more recent patch.

Researchers bypass PayPal's two-factor authentication system

PayPal was one of the first large online services providers to offer two-factor authentication to its users, but until recently the company's implementation had a loophole that could have allowed attackers to bypass this additional protection.

Fewer NTP servers can be abused to amplify DDoS attacks, but threat remains

The number of NTP (Network Time Protocol) servers that can be abused to amplify DDoS attacks has decreased dramatically this year, but the threat remains.

Researchers expect large wave of rootkits targeting 64-bit systems

Following a downward trend during the past two years, the number of new rootkit samples rose in the first quarter of this year to a level not seen since 2011, according to statistics from security vendor McAfee.

New Havex malware variants target industrial control system and SCADA users

A malware threat previously used in attacks against energy sector companies is now being aimed at organizations that use or develop industrial applications and machines.

Heartbleed patching effort stalls at around 300,000 vulnerable servers

Despite a great start, the rate of patching OpenSSL servers against the critical Heartbleed vulnerability has slowed down to almost a halt. Around 300,000 servers remain vulnerable and many of them are unlikely to get patched anytime soon.

Ad network compromise led to rogue page redirects on Reuters site

Users who accessed some stories on the Reuters website Sunday were redirected to a message from hackers criticizing the news agency's coverage of Syria.

Tool aims to help enterprise IT manage 'honeypot' hacker decoys

A new tool called the Modern Honey Network (MHN) aims to make deploying and managing large numbers of honeypots easier so that enterprises can adopt such systems as part of their active defense strategies.

Android 4.4.4 fixes OpenSSL connection hijacking flaw

Less than three weeks after pushing Android 4.4.3 to users of its Nexus devices, Google released a new version of the OS that incorporates a patch for a serious vulnerability identified in the OpenSSL cryptographic library.

Hacker puts 'full redundancy' code-hosting firm out of business

A code-hosting and project management services provider was forced to shut down operations indefinitely after a hacker broke into its cloud infrastructure and deleted customer data, including most of the company's backups.

Symbian signing key reportedly stolen from Nokia could have enabled powerful malware

An unknown person or group reportedly stole the cryptographic key used by Nokia to digitally sign applications for Symbian OS and extorted millions of euros from the company in 2007 by threatening to make the key public.

Maliciously crafted files can disable Microsoft's antimalware products

A vulnerability allows attackers to disable Microsoft's antimalware products by sending specifically crafted files to users via websites, email or instant messaging applications.

UK student develops antidote for first Android file-encrypting ransomware

Victims of Simplocker, the first file-encrypting ransomware threat for Android devices, can recover files without paying cybercriminals because the malicious program uses a hardcoded encryption key.