Stories by Lucian Constantin

Hacker Diabl0 arrested in Thailand at the request of Swiss authorities

Russian-Morrocan hacker Farid Essebar, known online as Diabl0, was arrested in Bangkok at the request of law enforcement authorities from Switzerland who want him extradited to face charges in connection with computer fraud offenses and credit card information theft.

Proprietary firmware poses a security threat, Ubuntu founder says

Mark Shuttleworth, the founder of the popular Ubuntu Linux distribution, believes proprietary firmware and unverifiable firmware code poses a serious security threat to users and encourages hardware manufacturers to implement support for their innovations through the Linux kernel instead.

Bitcoin-stealing malware hidden in Mt. Gox data dump, researcher says

An archive containing transaction records from Mt. Gox that was released on the Internet last week by the hackers who compromised the blog of Mt. Gox CEO Mark Karpeles also contains bitcoin-stealing malware for Windows and Mac.

All major browsers fall during second day at Pwn2Own hacking contest

Security researchers demonstrated zero-day exploits against Google Chrome, Microsoft Internet Explorer, Apple Safari, Mozilla Firefox and Adobe Flash Player during the second day of the Pwn2Own hacking competition Thursday, racking up total prizes of US$450,000.

Some Samsung Galaxy devices contain a file access backdoor, Replicant developers say

The developers of Replicant, a mobile OS based on Android, claim to have found a backdoor vulnerability in a software component shipped with some Samsung Galaxy devices that potentially provides remote access to users' private files through the device modem.

Adobe patches a critical vulnerability in Shockwave Player

Adobe Systems released a new security update for Shockwave Player in order to fix a critical vulnerability that could allow attackers to remotely take control of affected systems.

Adobe patches two important vulnerabilities in Flash Player

Adobe released updates for Flash Player that fix two vulnerabilities that could allow attackers to bypass security controls in the software.

NSA's plans reportedly involve infecting millions of computers with surveillance malware

The U.S. National Security Agency has reportedly been working for the past several years on expanding its ability to infect computers with surveillance malware and creating a command-and-control infrastructure capable of managing millions of compromised systems at a time.

Large DDoS attack brings WordPress pingback abuse back into spotlight

Attackers have abused the WordPress pingback feature, which allows sites to cross-reference blog posts, to launch a large-scale, distributed denial-of-service (DDoS) attack, according to researchers from Web security firm Sucuri.

Joomla receives patches for zero-day SQL injection vulnerability, other flaws

Recently released security updates for the popular Joomla content management system (CMS) address a SQL injection vulnerability that poses a high risk and can be exploited to extract information from the databases of Joomla-based sites.

New crimeware tool Dendroid makes it easier to create Android malware, researchers warn

A new commercial tool designed to allow cybercriminals to easily transform legitimate Android applications into malicious software has hit the underground market, paving the way for cheap and easy development of sophisticated Android malware.

Cisco patches vulnerabilities in small business routers and wireless LAN controllers

Cisco Systems released new firmware versions for some of its small business routers and wireless LAN controllers in order to address vulnerabilities that could allow remote attackers to compromise the vulnerable devices or affect their availability.

Withdrawal vulnerabilities enabled bitcoin theft from Flexcoin and Poloniex

Hackers found security weaknesses that allowed them to overdraw accounts with Flexcoin and Poloniex, two websites that facilitate bitcoin transactions, and exploited them to steal bitcoins from the two services. The attacks put Flexcoin out of business and cost Poloniex's users 12.3 percent of their bitcoins.

Attack campaign compromises 300,000 home routers, alters DNS settings

A group of attackers managed to compromise 300,000 home and small-office wireless routers, altering their settings to use rogue DNS servers, according to Internet security research organization Team Cymru.

Mozilla gives plug-in developers until March 31 to apply to whitelist

Mozilla is pushing ahead with its efforts to discourage the use of plug-in based content on the Web and gave developers until the end of March to apply for an exemption from the plug-in blocking planned for the Firefox browser.

Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia