Stories by Lucian Constantin

South Korean manufacturing industry targeted with new backdoor program

South Korean organizations are being targeted in attacks with a new stealthy backdoor program that gives attackers full access to infected computers.

Webmasters have only hours to deploy patches, Joomla incident shows

Less than four hours after a critical vulnerability was patched in Joomla, security firms already detected attacks exploiting the flaw.

Germany probes Regin-powered cyberespionage

The head of a German Federal Chancellery unit reportedly had his laptop infected with Regin, a cyberespionage program believed to be used by the U.S. National Security Agency and its closest intelligence allies.

Russian cyberspies targeted the MH17 crash investigation

A Russian cyberespioange group tried to infiltrate the international investigation into the crash of Malaysia Airlines Flight 17 (MH17) that was shot down by a missile over Ukraine in July 2014.

Attackers hijack CCTV cameras and network-attached storage devices to launch DDoS attacks

A recently detected distributed denial-of-service (DDoS) attack was launched from 900 compromised CCTV cameras that were hijacked by hackers.

Mozilla mulls early cutoff for SHA-1 digital certificates

Mozilla is considering banning digital certificates signed with the SHA-1 algorithm in July 2016.

Oracle slams door on Russian cyberspies who hacked Nato PCs through Java

Oracle fixed a vulnerability in Java that a Russian cyberespionage group used to launch stealthy exploits against NATO member countries earlier this year.

Western Digital self-encrypting external hard disk drives have flaws that can expose data

The hardware-based encryption built into popular Western Digital external hard disk drives has flaws that could allow attackers to recover data without knowing the user password.

Google makes full-disk encryption and secure boot mandatory for some Android 6.0 devices

Google will require Android devices capable of decent cryptographic performance to enable full-disk encryption by default in order to be declared compatible with Android 6.0.

Flash Player emergency patch fixes one flaw already being exploited, and two others

Adobe released a patch for a critical vulnerability in Flash Player in response to high-profile cyberespionage attacks against governmental targets.

Cisco fixes privilege escalation flaws in AnyConnect Secure Mobility Client

The Cisco AnyConnect Secure Mobility Client was updated to fix vulnerabilities that could allow attackers to gain system or root privileges on Windows, Linux and Mac OS X computers.

New Android vulnerabilities put over a billion devices at risk of remote hacking

Newly discovered vulnerabilities in the way Android processes MP3 and MP4 files can allow attackers to compromise devices by tricking users to visit specifically-crafted Web pages.

Dyreza malware steals IT supply chain credentials

New versions of the Dyreza computer Trojan are configured to steal credentials for order fulfillment, warehousing, inventory management, ecommerce and other IT and supply chain services.

A Linux botnet is launching crippling DDoS attacks at more than 150Gbps

The security response team from Akamai Technologies have observed multiple attacks originating from a Linux botnet recently that have ranged from a few gigabits per second to over 150.

Newly found TrueCrypt flaw allows full system compromise

James Forshaw, a member of Google's Project Zero team, has recently discovered two serious vulnerabilities in the driver that the TrueCrypt full disk encryption program installs on Windows systems.