Stories by Lucian Constantin

British Airways notifies frequent flyers of possible breach of their accounts

Over the last few days, a large number of British Airways customers have found that reward points they accumulated for flights, called Avios, have disappeared from their accounts. Others have been locked out of their accounts completely.

New mobile-malware detection technique uses gestures

Mobile malware is a growing problem, but researchers from University of Alabama at Birmingham have figured out a new way of detecting when shady mobile apps get up to no good, such as trying to call premium-rate numbers unbeknowst to a phone's owner.

Popular hotel Internet gateway devices vulnerable to hacking

Some Internet gateway devices commonly used by hotels and conference centers can easily be compromised by hackers, allowing them to launch a variety of attacks against guests accessing the Wi-Fi networks.

Cisco patches autonomic networking flaws in IOS routers and switches

Cisco Systems released firmware updates for several routers and switches that run its IOS and IOS XE software in order to fix flaws in their autonomic networking infrastructure (ANI) feature.

Microsoft blacklists latest rogue SSL certificates, Mozilla mulls sanctions for issuer

Microsoft has blacklisted a subordinate CA certificate that was wrongfully used to issue SSL certificates for several Google websites. The action will prevent those certificates from being used in Google website spoofing attacks against Internet Explorer users.

Dell support tool put PCs at risk of malware infection

Attackers could have remotely installed malware on systems running a flawed Dell support tool used to detect customers' products.

Flash-based vulnerability lingers on many websites three years later

Flash files that are vulnerable to a serious flaw patched by Adobe Systems over three years ago still exist on many websites, exposing users to potential attacks.

New malware program PoSeidon targets point-of-sale systems

Retailers beware: A new Trojan program targets point-of-sale (PoS) terminals, stealing payment card data that can then be abused by cybercriminals.

Cisco small business phones open to remote eavesdropping, calling

You don't need to be the NSA to tap calls on Cisco's SPA 300 and 500 IP phones: An authentication flaw allows potential attackers to do that by default.

All major browsers hacked at Pwn2Own contest

Security researchers who participated in the Pwn2Own hacking contest this week demonstrated remote code execution exploits against the top four browsers, and also hacked the widely used Adobe Reader and Flash Player plug-ins.

New attacks suggest leeway for patching Flash Player is shrinking

Cybercriminals are exploiting newly patched vulnerabilities faster, a sign that users and companies need to improve their software updating habits.

At least 700,000 routers given to customers by ISPs are vulnerable to hacking

More than 700,000 ADSL routers provided to customers by ISPs around the world contain serious flaws that allow remote hackers to take control of them.

OpenSSL fixes serious denial-of-service bug, 11 other flaws

The mystery high-severity flaw that people were expected to be fixed in OpenSSL is no Heartbleed, but it is serious and users should update.

IT manager gets certificate for Microsoft domain, tries to report it but gets in trouble

After a security enthusiast discovered a loophole that allowed him to register a valid SSL certificate for Microsoft's live.fi domain, he tried to responsibly disclose the issue. But instead of thanks he got locked out of his email, phone, Xbox and online storage accounts.

EMET security tool updated to prevent VBScript God Mode attacks

Microsoft updated its Enhanced Mitigation Experience Toolkit (EMET), a free exploit prevention tool, to protect against attacks that attempt to bypass Internet Explorer's sandbox using VBScript.