Stories by Lucian Constantin

All major browsers hacked at Pwn2Own contest

Security researchers who participated in the Pwn2Own hacking contest this week demonstrated remote code execution exploits against the top four browsers, and also hacked the widely used Adobe Reader and Flash Player plug-ins.

New attacks suggest leeway for patching Flash Player is shrinking

Cybercriminals are exploiting newly patched vulnerabilities faster, a sign that users and companies need to improve their software updating habits.

At least 700,000 routers given to customers by ISPs are vulnerable to hacking

More than 700,000 ADSL routers provided to customers by ISPs around the world contain serious flaws that allow remote hackers to take control of them.

OpenSSL fixes serious denial-of-service bug, 11 other flaws

The mystery high-severity flaw that people were expected to be fixed in OpenSSL is no Heartbleed, but it is serious and users should update.

IT manager gets certificate for Microsoft domain, tries to report it but gets in trouble

After a security enthusiast discovered a loophole that allowed him to register a valid SSL certificate for Microsoft's live.fi domain, he tried to responsibly disclose the issue. But instead of thanks he got locked out of his email, phone, Xbox and online storage accounts.

EMET security tool updated to prevent VBScript God Mode attacks

Microsoft updated its Enhanced Mitigation Experience Toolkit (EMET), a free exploit prevention tool, to protect against attacks that attempt to bypass Internet Explorer's sandbox using VBScript.

Microsoft blacklists fraudulently issued SSL certificate

Microsoft released an update to blacklist an SSL certificate for one of its domain names that was issued to an unauthorized third party.

Yahoo's new on-demand password system is no replacement for two-factor authentication

In an effort to simplify authentication for its services, Yahoo has introduced a new mechanism that allows users to log in with temporary passwords that are sent to their mobile phones.

Don't trust other people's USB flash drives, they could fry your laptop

Have you ever heard stories about malicious USB thumb drives frying laptops and thought they were far fetched? An electronics engineer heard them too, and then set out to create a prototype.

New ransomware program targets gamers

A new malware program attempts to extort money from gamers by encrypting game saves and other user-generated files for popular computer games.

Over a million WordPress websites at risk because of flaw in popular SEO plug-in

Over a million WordPress websites that use a popular plug-in to optimize their search engine results are at risk of being hacked if they don't apply a newly released patch.

Code name found in Equation group malware suggests link to NSA

As security researchers continue to analyze malware used by a sophisticated espionage group dubbed the Equation, more clues surface that point to the U.S. National Security Agency being behind it.

Windows PCs remained vulnerable to Stuxnet-like LNK attacks after 2010 patch

If you patched your Windows computers in 2010 against the LNK exploit used by Stuxnet and thought you were safe, researchers from Hewlett-Packard have some bad news for you: Microsoft's fix was flawed.

Snowden docs show CIA's attempts to defeat Apple device security

Researchers sponsored by the U.S. government have reportedly tried to defeat the encryption and security of Apple devices for years.

Tool allows account hijacking on sites that use Facebook Login

A new tool allows hackers to generate URLs that can hijack accounts on sites that use Facebook Login, potentially enabling powerful phishing attacks.