Stories by Lucian Constantin

VMware patches vulnerabilities in Workstation, Player, Fusion and Horizon View Client

VMware released patches for serious vulnerabilities in several of its products that could lead to arbitrary code execution, privilege escalation on the host OS and denial of service.

OpenSSL fixes serious flaw that could enable man-in-the-middle attacks

A flaw in the widely used OpenSSL library could allow man-in-the-middle attackers to impersonate HTTPS servers and snoop on encrypted traffic. Most browsers are not affected, but other applications and embedded devices could be.

Emergency Flash Player updates fix vulnerability used in widespread attacks

Adobe Systems was forced to rush the release of a Flash Player update after an exploit for a previously unknown vulnerability was leaked on the Internet and quickly adopted by cybercriminals.

Hacker group that hit Twitter, Facebook, Apple and Microsoft intensifies attacks

The hackers that targeted Twitter, Facebook, Apple and Microsoft developers two years ago have escalated their economic espionage efforts as they seek confidential business information and intellectual property they can profit from.

Cybercriminals start using Flash zero-day exploit leaked from Hacking Team

It took just a day for cybercriminals to start using a new and yet-to-be-patched Flash Player exploit that was leaked from a surveillance software developer.

Researchers find previously unknown exploits among Hacking Team's leaked files

Researchers sifting through 400GB of data recently leaked from Hacking Team, an Italian company that sells computer surveillance software to government agencies from around the world, have already found an exploit for an unpatched vulnerability in Flash Player.

OpenSSL tells users to prepare for a high severity flaw

Server admins and developers beware: The OpenSSL Project plans to release security updates Thursday for its widely used cryptographic library that will fix a high severity vulnerability.

Leak of ZeusVM malware building tool might cause botnet surge

The Internet could see a new wave of botnets based on the ZeusVM banking Trojan after the tools needed to build and customize the malware program were published online for free.

Cisco leaves key to all its Unified CDM systems under doormat

Cisco Systems recently realized that its Unified Communications Domain Manager (Unified CDM) software contains a default privileged account with a static password that cannot be changed, exposing the platform to hacking by remote attackers.

Ad fraud Trojan updates Flash Player so that other malware can't get in

Someone call the malware antitrust commission: Recent versions of the Kovter ad fraud Trojan, which infects computers through Web-based exploits, close the door after themselves by updating Flash Player to the latest version.

Attackers abuse legacy routing protocol to amplify distributed denial-of-service attacks

Servers could be haunted by a ghost from the 1980s, as hackers have started abusing an obsolete routing protocol to launch distributed denial-of-service attacks.

Hacktivist group possibly compromised hundreds of websites

A hacker group known as Team GhostShell is publishing snippets of sensitive data allegedly stolen from the databases of hundreds of compromised websites.

One third of enterprise iOS devices vulnerable to app, data hijacking attacks

Apple released patches for several exploits that could allow maliciously crafted applications to destroy apps that already exist on devices, access their data or hijack their traffic, but a large number of iOS devices are still vulnerable.

Cisco plans to buy security-as-a-service provider OpenDNS

Cisco Systems plans to pay $US635 million in cash to buy OpenDNS, a company that leverages the Domain Name System (DNS) to provide security services including Web filtering, threat intelligence and malware and phishing protection.

Cybercriminals adopt recently patched zero-day exploit in a flash

Just four days after Adobe Systems patched a vulnerability in Flash Player, the exploit was adopted by cybercriminals for use in large-scale attacks. This highlights the increasingly small time frame users have to deploy patches.