Stories by Lucian Constantin

Withdrawal vulnerabilities enabled bitcoin theft from Flexcoin and Poloniex

Hackers found security weaknesses that allowed them to overdraw accounts with Flexcoin and Poloniex, two websites that facilitate bitcoin transactions, and exploited them to steal bitcoins from the two services. The attacks put Flexcoin out of business and cost Poloniex's users 12.3 percent of their bitcoins.

Attack campaign compromises 300,000 home routers, alters DNS settings

A group of attackers managed to compromise 300,000 home and small-office wireless routers, altering their settings to use rogue DNS servers, according to Internet security research organization Team Cymru.

Mozilla gives plug-in developers until March 31 to apply to whitelist

Mozilla is pushing ahead with its efforts to discourage the use of plug-in based content on the Web and gave developers until the end of March to apply for an exemption from the plug-in blocking planned for the Firefox browser.

Gameover malware tougher to kill with new rootkit component

A new variant of the Gameover malware that steals online banking credentials comes with a kernel-level rootkit that makes it significantly harder to remove, according to security researchers from Sophos.

RSA Conference mobile app has vulnerabilities, researchers say

A mobile application designed to make it easier for RSA Conference 2014 attendees to navigate the event and interact with their peers exposes personal information, according to researchers from security firm IOActive.

Security researchers urge tech companies to explain their cryptographic choices

Fourteen prominent security and cryptography experts have signed an open letter to technology companies urging them to take steps to regain users' trust following reports over the past year that vendors collaborated with government agencies to undermine consumer security and facilitate mass surveillance.

IE zero-day exploit being used in widespread attacks

The number of attacks exploiting a yet-to-be-patched vulnerability in Internet Explorer has increased dramatically over the past few days, indicating the exploit is no longer used just in targeted attacks against particular groups of people.

Researchers bypass protections in Microsoft's EMET anti-exploitation tool

Security researchers managed to bypass the protections offered by Microsoft's Enhanced Mitigation Experience Toolkit (EMET), a utility designed to detect and block software exploits, and concluded that the tool would not be effective against determined attackers.

New iOS flaw allows malicious apps to record touch screen presses

Security researchers identified a vulnerability in iOS that allows apps to record all touch screen and button presses while running in the background on non-jailbroken devices.

Hacker defaces website of IT security certification body EC-Council

A hacker defaced the website of EC-Council, an organization that runs IT security training and certification programs, and claims to have obtained copies of passports of law enforcement and military officials who signed up for the organization's courses.

Source code for Android iBanking bot surfaces on underground forum

The source code for an Android mobile banking Trojan app was released on an underground forum, making it possible for a larger number of cybercriminals to launch attacks using this kind of malware in the future.

Cisco fixes unauthorized access, denial-of-service flaws in several products

Cisco Systems has released security updates to fix serious vulnerabilities in a range of products including its Intrusion Prevention System, Unified Computing System Director, Unified SIP Phone 3905 and Firewall Services Module products.

Exploit released for vulnerability targeted by Linksys router worm

Technical details about a vulnerability in Linksys routers that's being exploited by a new worm have been released Sunday along with a proof-of-concept exploit and a larger than earlier expected list of potentially vulnerable device models.

Worm 'TheMoon' infects Linksys routers

A self-replicating program is infecting Linksys routers by exploiting an authentication bypass vulnerability in various models from the vendor's E-Series product line.

Dozens of rogue self-signed SSL certificates used to impersonate high-profile sites

Dozens of self-signed SSL certificates created to impersonate banking, e-commerce and social networking websites have been found on the Web. The certificates don't pose a big threat to browser users, but could be used to launch man-in-the-middle attacks against users of many mobile apps, according to researchers from Internet services firm Netcraft who found the certificates.

Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia