Stories by Lucian Constantin

New Web vulnerability enables powerful social engineering attacks

Users who are careful to download files only from trusted websites may be tricked by a new type of Web vulnerability: this one cons them into downloading malicious executable files that are not actually hosted where they appear to be.

New technique allows attackers to hide stealthy Android malware in images

A new technique that allows attackers to hide encrypted malicious Android applications inside images could be used to evade detection by antivirus products and possibly Google Play's own malware scanner.

All-in-one printers can be used to control infected air-gapped systems from far away

Isolating computers from the Internet, called "air gapping," is considered one of the best ways to defend critical systems and their sensitive data from cyberattacks, but researchers have found that can be undermined using an all-in-one printer.

Dropbox dismisses claims of hack affecting 7 million accounts

Hackers claim to have stolen a database of almost 7 million Dropbox log-in credentials, but the company says its service was not hacked and that unrelated websites are the data source.

Russian hackers exploit Windows zero-day flaw to target Ukraine, US organizations

A cyberespionage group operating out of Russia has launched malware attacks against the Ukrainian government and at least one U.S.-based organization through a previously unknown vulnerability that affects most versions of Windows.

What you should consider when choosing a password manager

Many security experts feel that passwords are no longer sufficient to keep online accounts safe from hackers, but we're still a long way from widespread adoption of biometrics and alternative methods of authentication.

Linux botnet Mayhem spreads through Shellshock exploits

Shellshock continues to reverberate: Attackers are exploiting recently discovered vulnerabilities in the Bash command-line interpreter in order to infect Linux servers with a sophisticated malware program known as Mayhem.

Android SMS worm Selfmite returns, more aggressive than ever

A new version of an Android worm called Selfmite has the potential to ramp up huge SMS charges for victims in its attempt to spread to as many devices as possible.

Leaked programming manual may help criminals develop more ATM malware

A leaked programming manual for interacting with the physical components of automated teller machines might have helped attackers create malware programs that were used to steal cash from ATMs in various parts of the world this year.

Almost half of Android devices still have a vulnerable browser installed

Around 45 percent of Android devices have a browser that is vulnerable to two serious security issues, but some countries have a considerably larger percentage of affected users than others, according to data from mobile security firm Lookout.

Criminals use malware program to steal millions from ATMs around the world

Criminals have stolen millions of dollars from ATMs worldwide using a specialized malware program that forces the machines to dispense cash on command.

Critical Bugzilla vulnerability could give hackers access to undisclosed software flaws

Hackers could have had an inside track on unpatched flaws in major software projects because of a critical vulnerability in Bugzilla, a system that many developers use to track and discuss bugs in their code.

Tools for creating malicious USB thumb drives released by security researchers

In a gambit aimed at driving manufacturers to beef up protections for USB flash drive firmware, two security researchers have released a collection of tools that can be used to turn those drives into silent malware installers.

Is that used iPad actually stolen? Apple creates tool for would-be buyers to check

If you're looking to buy a used iPhone, iPad or iPod touch device, Apple is now offering an online tool to let you first check if it's been locked down by the previous owner, which could indicate that it was actually stolen or lost.

Xen Project discloses serious vulnerability that impacts virtualized servers

The Xen Project has revealed the details of a serious vulnerability in the Xen hypervisor that could put the security of many virtualized servers at risk.