Stories by Lucian Constantin

Cisco fixes unauthorised access flaws in access points, wireless LAN controllers

Cisco Systems released critical security updates for several products, including access points and wireless LAN controllers, in order to fix vulnerabilities that could give remote attackers access to devices.

Android banking malware SlemBunk is part of a well-organized campaign

The SlemBunk Android Trojan that targets mobile banking users has evolved into a hard-to-detect threat, researchers from FireEye found.

Microsoft fixes critical flaws in Windows, Office, Edge, IE and other products

Microsoft released critical fixes for remote code execution flaws in Windows, Office, Edge, Internet Explorer, Silverlight and Visual Basic.

Faulty ransomware renders files unrecoverable, even by the attacker

A hacker has built a ransomware program based on proof-of-concept code released online, but messed up the implementation resulting in victims' files being completely unrecoverable.

New remote access Trojan Trochilus used in cyberespionage operations

A cyberespionage group was found using a new remote access Trojan dubbed Trochilus whose detection rate was very low among antivirus products.

Drupal to secure its update process with HTTPS

Developers of the popular Drupal content management system are working to secure the software's update mechanism after a researcher found weaknesses in it.

Unlike Mozilla, Google anticipated SHA-1 errors caused by HTTPS traffic inspection systems

Unlike Mozilla, Google plans to ban only SHA-1 certificates that were issued after Jan. 1 by public certificate authorities, not self-generated ones too.

Antivirus software could make your company more vulnerable

Cyberespionage groups could easily exploit vulnerabilities in antivirus programs to break into corporate networks, according to vulnerability researchers who have analyzed such products in recent years.

Authorities dismantle criminal gang that used malware to steal cash from ATMs

Law enforcement authorities from Romania and Republic of Moldova dismantled a gang of criminals that stole 200,000 euros from ATMs in the E.U. and Russia after infecting them with a malware program.

Drupal sites at risk due to insecure update mechanism

The update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates.

Continued support for MD5 endangers widely used cryptographic protocols

Researchers from the INRIA institute in France have devised several attacks which prove that the continued support for MD5 in cryptographic protocols is much more dangerous than previously believed.

Third try is no charm for failed Linux ransomware creators

Researchers found a flaw that allows them to decrypt files affected by a new version of Linux.Encoder, a file-encrypting ransomware program that infects Linux Web servers.

Exploit broker places $100k bounty on bypassing Flash Player's latest defenses

Exploit acquisition firm Zerodium is offering up to $100,000 for exploits that bypass Flash Player's latest heap isolation protection.

Google fixes dangerous rooting vulnerabilities in Android

Google has fixed a new batch of vulnerabilities in Android that could allow hackers to take over devices remotely or through malicious applications.

BlackEnergy cyberespionage group adds disk wiper and SSH backdoor to its arsenal

A cyberespionage group focused on companies and organizations from the energy sector has recently updated its arsenal with a destructive data-wiping component and a backdoored SSH server.