Stories by Lucian Constantin

Ransomware authors streamline attacks, infections rise

Ransomware authors continue improving file-encrypting programs and infection methods for Windows and Android, making these nightmarish attacks harder to avoid.

Advantech industrial communication devices vulnerable to remote code execution

Industrial computer manufacturer Advantech has fixed a critical vulnerability in a series of devices that handle data communication for industrial equipment with serial connections and TCP/IP networks.

Smart TVs raise privacy concerns

Reports that new Samsung TVs can capture personal information with their voice recognition feature has sparked concern about what critics perceive as digital spying by so-called smart devices.

DDoS malware for Linux systems comes with sophisticated custom-built rootkit

A malware program designed for Linux systems, including embedded devices with ARM architecture, uses a sophisticated kernel rootkit that's custom built for each infection.

Attackers exploit zero-day flaw in popular WordPress plug-in

WordPress sites with the plug-in Fancybox-for-WordPress should apply a critical security update released Thursday that fixes a vulnerability already exploited by attackers.

Siemens patches critical flaws in industrial wireless gear

Siemens released critical security patches for the firmware in its Ruggedcom WIN products which are used as broadband wireless base stations in industrial environments.

Some hackers are unknowingly gathering intel for the NSA

The U.S. National Security Agency and its intelligence partners are reportedly sifting through data stolen by state-sponsored and freelance hackers on a regular basis in search of valuable information.

Russian hackers have a foothold in Sony Pictures' network, security firm says

Sony Pictures Entertainment (SPE) might have a second security breach on its hands, or maybe the hackers from November's scandalous attack are still inside the company systems, according to a security firm that claims to have seen evidence of Russian hackers having access to SPE internal data.

Scareware found hidden in Google Play apps downloaded by millions

Google has done a good job at keeping data-stealing Trojan apps out of Google Play, but attackers still find ways to monetize rogue apps through the store.

Dangerous IE vulnerability opens door to powerful phishing attacks

An Internet Explorer vulnerability lets attackers bypass the Same-Origin Policy, a fundamental browser security mechanism, to launch highly credible phishing attacks or hijack users' accounts on any website.

Flash Player plagued by third zero-day flaw in a month, updates coming

Adobe Systems warned users that hackers are exploiting another unpatched vulnerability in Flash Player -- the third one in the past month -- to infect computers with malware.

Google will motivate bug hunters to keep probing its products with research grants

Google has expanded its bug bounty programs to cover the company's official mobile applications, and is seeking to stimulate vulnerability research on particular products by offering money in advance to bug hunters.

Can't keep this bad boy down: ZeroAccess botnet back in business

A peer-to-peer botnet called ZeroAccess came out of a six-month hibernation this month after having survived two takedown attempts by law enforcement and security researchers.

Ghost Linux vulnerability can be exploited through WordPress, other PHP apps

A critical vulnerability in glibc, a core Linux library, can be exploited remotely through WordPress and likely other PHP applications to compromise Web servers.

The end for 1024-bit SSL certificates is near, Mozilla kills a few more

Website owners take notice: In weeks, Mozilla products including its popular Firefox browser will stop trusting an unknown number of SSL certificates that were issued using old root CA certificates with 1024-bit RSA keys.