Stories by Lucian Constantin

Flaw in WordPress caching plug-in could affect over 1 million sites

A vulnerability in the popular WP Super Cache plug-in for WordPress could allow attackers to inject malicious scripts into websites. The scripts, when loaded by administrators, could trigger unauthorized actions.

Large-scale Google malvertising campaign hits users with exploits

A large number of ads distributed by a Google advertising partner redirected users to Web-based exploits that attempted to install malware on users' computers.

Researchers show that IoT devices are not designed with security in mind

In the latest blow to Internet of Things (IoT) security, an analysis of smart home devices has found flaws that could give attackers access to sensitive data or allow them to control door locks and sensors.

Vulnerable Dell support tool now detected as risky software

Security vendor Malwarebytes has flagged the Dell System Detect tool as a potentially unwanted application after older versions of the program were found to put computers at risk.

Expired Google certificate temporarily disrupts Gmail service

Google forgot to renew one of its TLS certificates, leading to service disruption Saturday for people using Gmail through third-party email clients.

Under one percent of Android devices affected by potentially harmful applications

Based on data collected by Google, less than one percent of Android devices had a potentially harmful application installed last year. This includes devices on which users have installed applications from outside the official Google Play store.

This tool can alert you about evil twin access points in the area

A new open-source tool can periodically scan an area for rogue Wi-Fi access points and can alert network administrators if any are found.

Like Google, Mozilla set to punish Chinese agency for certificate debacle

The Mozilla Foundation plans to reject new digital certificates issued by the China Internet Network Information Center (CNNIC) in its products, but will continue to trust certificates that already exist.

Over 100,000 devices can be used to amplify DDoS attacks via multicast DNS

Over 100,000 devices have a misconfigured service called multicast DNS that accepts requests from the Internet and can potentially be abused to amplify distributed denial-of-service (DDoS) attacks.

Google cracks down on ad-injecting Chrome extensions

Google has identified and disabled 192 Chrome browser extensions that injected rogue ads into Web pages opened by users without being upfront about it. The company will scan for similar policy violations in future.

New malware program used in attacks against energy sector companies

A new malware program is being used to do reconnaissance for targeted attacks against companies in the energy sector.

Lebanese cyberespionage campaign hits defense, telecom, media firms worldwide

For the past two years, a cyberespionage group that likely operates from Lebanon has hacked into hundreds of defense contractors, telecommunications operators, media groups and educational organizations from at least 10 countries.

British Airways notifies frequent flyers of possible breach of their accounts

Over the last few days, a large number of British Airways customers have found that reward points they accumulated for flights, called Avios, have disappeared from their accounts. Others have been locked out of their accounts completely.

New mobile-malware detection technique uses gestures

Mobile malware is a growing problem, but researchers from University of Alabama at Birmingham have figured out a new way of detecting when shady mobile apps get up to no good, such as trying to call premium-rate numbers unbeknowst to a phone's owner.

Popular hotel Internet gateway devices vulnerable to hacking

Some Internet gateway devices commonly used by hotels and conference centers can easily be compromised by hackers, allowing them to launch a variety of attacks against guests accessing the Wi-Fi networks.