Stories by Lucian Constantin

Can't keep this bad boy down: ZeroAccess botnet back in business

A peer-to-peer botnet called ZeroAccess came out of a six-month hibernation this month after having survived two takedown attempts by law enforcement and security researchers.

Ghost Linux vulnerability can be exploited through WordPress, other PHP apps

A critical vulnerability in glibc, a core Linux library, can be exploited remotely through WordPress and likely other PHP applications to compromise Web servers.

The end for 1024-bit SSL certificates is near, Mozilla kills a few more

Website owners take notice: In weeks, Mozilla products including its popular Firefox browser will stop trusting an unknown number of SSL certificates that were issued using old root CA certificates with 1024-bit RSA keys.

Mozilla puts old hardware to new use, runs Tor relays

Mozilla has dusted off some decommissioned servers and networking gear and used them to set up high-speed relays on the Tor anonymity network.

Blackphone super-secure communications app had serious flaw

The SilentText secure messaging application bundled with Blackphone had a serious vulnerability that would have allowed attackers to decrypt messages, read contact information, gather location data and even execute malicious code on the phone.

DNS hijacking vulnerability affects D-Link DSL router, possibly other devices

A vulnerability found in a DSL router model from D-Link allows remote hackers to change its DNS (Domain Name System) settings and hijack users' traffic. The issue might also affect other devices because it is located in a popular firmware used by different manufacturers, according to a security researcher.

Link between NSA and Regin cyberespionage malware becomes clearer

Keylogging malware that may have been used by the NSA shares signficant portions of code with a component of Regin, a sophisticated platform that has been used to spy on businesses, government institutions and private individuals for years.

Adobe pushes critical Flash Player update to fix latest zero-day

Adobe Systems started pushing a critical Flash Player patch to users who have auto-update enabled over the weekend in order to fix a vulnerability that has been exploited by attackers since last week.

Thousands of U.S. gas stations exposed to Internet attacks

Over 5,000 devices used by gas stations in the U.S. to monitor their fuel tank levels can be manipulated from the Internet by malicious attackers.

Adobe fixes just one of two actively exploited zero-day vulnerabilities in Flash Player

Emergency updates for Flash Player released Thursday fix a vulnerability that is actively exploited by attackers, but leave a separate one unpatched.

Kim Dotcom ready to take on Skype with end-to-end encrypted video calling service

Mega has opened beta testing for a new encrypted video calling service that integrates with its existing file hosting and sharing offerings.

Atlassian fixes critical vulnerability in development collaboration products

A critical vulnerability in popular software development collaboration products by Atlassian allows attackers to compromise servers.

Attackers are exploiting a zero-day vulnerability in Flash Player

Attackers are using compromised websites to exploit a new and currently unpatched vulnerability in Flash Player, a malware researcher has reported.

Critical Java updates fix 19 vulnerabilities, disable SSL 3.0

Oracle released new security updates for Java to fix 19 vulnerabilities and disable default support for SSL 3.0, an outdated version of the secure communications protocol that is vulnerable to attacks.

Oracle to fix 167 vulnerabilities, including serious backdoor-like flaw in E-Business Suite

Oracle's monster batch of security updates will include a fix for a serious misconfiguration issue in its E-Business Suite product that can give hackers access to databases full of sensitive business records.