Stories by Lucian Constantin

New iOS flaw allows malicious apps to record touch screen presses

Security researchers identified a vulnerability in iOS that allows apps to record all touch screen and button presses while running in the background on non-jailbroken devices.

Hacker defaces website of IT security certification body EC-Council

A hacker defaced the website of EC-Council, an organization that runs IT security training and certification programs, and claims to have obtained copies of passports of law enforcement and military officials who signed up for the organization's courses.

Source code for Android iBanking bot surfaces on underground forum

The source code for an Android mobile banking Trojan app was released on an underground forum, making it possible for a larger number of cybercriminals to launch attacks using this kind of malware in the future.

Cisco fixes unauthorized access, denial-of-service flaws in several products

Cisco Systems has released security updates to fix serious vulnerabilities in a range of products including its Intrusion Prevention System, Unified Computing System Director, Unified SIP Phone 3905 and Firewall Services Module products.

Exploit released for vulnerability targeted by Linksys router worm

Technical details about a vulnerability in Linksys routers that's being exploited by a new worm have been released Sunday along with a proof-of-concept exploit and a larger than earlier expected list of potentially vulnerable device models.

Worm 'TheMoon' infects Linksys routers

A self-replicating program is infecting Linksys routers by exploiting an authentication bypass vulnerability in various models from the vendor's E-Series product line.

Dozens of rogue self-signed SSL certificates used to impersonate high-profile sites

Dozens of self-signed SSL certificates created to impersonate banking, e-commerce and social networking websites have been found on the Web. The certificates don't pose a big threat to browser users, but could be used to launch man-in-the-middle attacks against users of many mobile apps, according to researchers from Internet services firm Netcraft who found the certificates.

Denial-of-service vulnerability puts Apache Tomcat servers at risk

Security researchers published a proof-of-concept exploit for a recently disclosed vulnerability that allows attackers to launch denial-of-service attacks against websites hosted on Apache Tomcat servers.

Adobe patches two critical vulnerabilities in Shockwave Player

Adobe Systems released a security update for Shockwave Player in order to address two vulnerabilities that could allow attackers to remotely take control of affected systems.

Attackers use NTP reflection in huge DDoS attack

Attackers abused insecure Network Time Protocol servers to launch what appears to be one of the largest DDoS (distributed denial-of-service) attacks ever, this time against the infrastructure of CloudFlare, a company that operates a global content delivery network.

Cyberespionage operation 'The Mask' compromised organizations in 30-plus countries

A cyberespionage operation that used highly sophisticated multi-platform malware went undetected for more than five years and compromised computers belonging to hundreds of government and private organizations in more than 30 countries.

Snapchat vulnerability can be exploited to crash iPhones, researcher says

A vulnerability in Snapchat allows attackers to launch denial-of-service attacks against users of the popular photo messaging app, causing their phones to become unresponsive and even crash.

1

Cybercriminals compromise home routers to attack online banking users

Attacks recently observed in Poland involved cybercriminals hacking into home routers and changing their DNS settings so they can intercept user connections to online banking sites.

Hackers try to hijack Facebook, other high profile domains through domain registrar

The Syrian Electronic Army (SEA), a group of hackers who have made a habit of hijacking high-profile domain names, managed to change the domain registration information for Facebook.com, but failed to redirect the domain to a different server.

New Flash exploit used to distribute credential-stealing malware

A new exploit that prompted Adobe to release an emergency patch for Flash Player was used in targeted attacks that distributed malware designed to steal log-in credentials for email and other online services, according to researchers from antivirus firm Kaspersky Lab.

Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia