Stories by Lucian Constantin

Controversial MacKeeper security program opens critical hole on Mac computers

A critical vulnerability in MacKeeper, a controversial security program for Mac computers, could let attackers execute malicious commands on Macs when their owners visit specially crafted Web pages.

GPU malware can also affect Windows PCs, possibly Macs

A team of anonymous developers who recently created a Linux rootkit that runs on graphics cards has released a new proof-of-concept malware program that does the same on Windows. A Mac OS X implementation is also in the works.

New Linux rootkit leverages GPUs for stealth

A team of developers has created a rootkit for Linux systems that uses the processing power and memory of graphics cards instead of CPUs in order to remain hidden.

Visitors to top porn sites hit by malvertising attack

In the latest attack involving malicious advertisements, hackers managed to launch Flash Player exploits against the visitors of several popular porn websites.

WordPress fixes actively exploited flaw

A new WordPress version released Thursday fixes two critical cross-site scripting (XSS) vulnerabilities that could allow attackers to compromise websites.

Superfish injects ads in one in 25 Google page views

Over five percent of browser visits to Google owned websites, including Google Search, are altered by computer programs that inject ads into pages. One called Superfish is responsible for a majority of those ad injections.

Companies are falling behind on securing their SAP environments

More than 95 percent of SAP systems deployed in enterprises are exposed to vulnerabilities that could lead to a full compromise of business data, a security firm claims.

The Internet of Things to take a beating in DefCon hacking contest

Hackers will put Internet-connected embedded devices to the test at the DefCon 23 security conference in August. Judging by the results of previous Internet-of-Things security reviews, prepare for flaws galore.

Cybercriminals borrow from APT playbook in attack against PoS vendors

Cybercriminals are increasingly copying cyberespionage groups in using targeted attacks against their victims instead of large-scale, indiscriminate infection campaigns.

Researchers play cat and mouse with Google's anti-phishing Chrome extension

For the past several days security researchers have raced to demonstrate that phishing protections added by a new Google Chrome extension can be bypassed with ease.

WordPress e-commerce plug-in puts over 5,000 websites at risk

TheCartPress, an e-commerce plug-in used on thousands of WordPress-based websites, has several high-risk vulnerabilities.

After Google, Microsoft also cracks down on misleading advertisements

Microsoft is taking a hard stance against advertisements that trick users into visiting malicious websites or downloading potentially harmful applications.

Flaw in Realtek SDK for wireless chipsets exposes routers to hacking

The software that controls wireless networking chipsets made by Realtek Semiconductor contains a critical vulnerability that could allow attackers to compromise home routers.

Decryption tool available for TeslaCrypt ransomware that targets games

Some users whose computers have been infected with a ransomware program called TeslaCrypt might be in luck: security researchers from Cisco Systems have developed a tool to recover their encrypted files.

Second HTTPS snooping flaw breaks security for thousands of iOS apps

Attackers can potentially snoop on the encrypted traffic of over 25,000 iOS applications due to a vulnerability in a popular open-source networking library.