Stories by Lucian Constantin

Juniper updates list of backdoored enterprise firewall OS versions

The administrative access issue only affects ScreenOS 6.3.0r17 through 6.3.0r20, while the VPN decryption issue affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.

Microsoft move to revoke trust in 20 root certificates could wreak havoc on sites

Tens of thousands of secure websites might start to display certificate errors to their visitors in January, when Microsoft plans to stop trusting 20 certificate authorities (CAs) from around the world.

Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits

The Microsoft SmartScreen filtering technology built into Internet Explorer and Edge has now been updated to block Web-based attacks that silently exploit software vulnerabilities to infect computers.

Vulnerability in popular bootloader puts locked-down Linux computers at risk

Pressing the backspace key 28 times can bypass the Grub2 bootloader's password protection and allow a hacker to install malware on a locked-down Linux system.

Over 650 terabytes of data up for grabs due to publicly exposed MongoDB databases

There are at least 35,000 publicly accessible and insecure MongoDB databases on the Internet, exposing 684.8 TB of data to potential theft.

Attacks using TeslaCrypt ransomware intensify

Over the past two weeks security researchers have seen a surge in attacks using a file-encrypting ransomware program called TeslaCrypt that's known for targeting gamers in the past.

Twitter warns users targeted by state-sponsored hackers

Twitter has warned some of its users that they may have been targeted in an attack by state-sponsored hackers.

Google to revoke trust in a Symantec root certificate

Very soon, the Android OS, Chrome browser and other Google products will stop trusting all digital certificates that are linked to a 20-year-old Verisign root certificate that's now controlled by Symantec.

Cyberspy group repurposes 12-year-old Bifrose backdoor

A group of hackers that primarily targets companies from key industries in Asia is using heavily modified versions of a backdoor program called Bifrose that dates back to 2004.

SHA-1 cutoff could block millions of users from encrypted websites

Millions of Web users could be left unable to access websites over the HTTPS protocol if those websites only use digital certificates signed with the SHA-2 hashing algorithm.

Cyberspy group targets South American political figures, journalists

Since 2008, a group of attackers has used off-the-shelf remote access Trojans (RATs) to target political figures, journalists and public figures in several South American countries.

Chrome for Android blocks access to malware and scam websites

Google has implemented Safe Browsing, the blacklisting technology used to block websites that host malware or scams, in Chrome for Android.

DDoS attacks increase in number, endanger small organisations

The number of DDoS attacks increased by 180 percent during the third quarter of this year compared to the same period in 2014.

Vulnerabilities found in Lenovo, Toshiba, Dell support software

Exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.

Google patches critical media processing and rooting vulnerabilities in Android

A new batch of security fixes for Android address flaws that could allow attackers to compromise devices via rogue emails, Web pages, and MMS messages.