Stories by Lucian Constantin

Web-based exploits on the decline, but users still slow to patch

The number of exploit kits on the Web dramatically decreased last year, but some have become more sophisticated and shifted their focus to software that is less frequently updated.

Report: NSA not only creates, but also hijacks, malware

In addition to having its own arsenal of digital weapons, the U.S. National Security Agency reportedly hijacks and repurposes third-party malware.

Google publishes third Windows 0-day vulnerability in a month

Google ignored Microsoft's calls for flexible vulnerability disclosure deadlines and released details of another unpatched Windows flaw, leaving users exposed for at least the next 25 days.

Cleared your browser cookies? It won't stop ad company using Verizon tracking header

A company that correlates data about users across different websites to share with marketers is using unique IDs inserted by Verizon into mobile Web traffic to recreate tracking cookies that have been deleted by users.

CryptoWall ransomware is back with new version after two months of silence

Attackers have started distributing a new and improved version of the CryptoWall file-encrypting ransomware program over the past few days, security researchers warn.

Adobe patches remote code execution and keylogging flaws in Flash Player

Adobe Systems fixed nine vulnerabilities in Flash Player that allow attackers to record users' keystrokes or take complete control of their computers.

North Korean official news agency site serves malware

Users who visited the site of the state-run North Korean news agency, to see the country's response to the Sony hacking accusations or for other reasons, might want to scan their computers for malware.

Vulnerabilities in several Corel programs allow attackers to execute malicious code

Several photo, video and other media editing programs from software maker Corel contain DLL hijacking vulnerabilities that could allow attackers to execute malicious code on users' computers.

Google discloses another unpatched Windows flaw, irritates Microsoft

Google released details of a second unpatched privilege escalation flaw in Windows 8.1 in less than a month, drawing criticism from Microsoft.

OpenSSL patches eight new vulnerabilities

Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks.

Exploit allows Asus routers to be hacked from local network

A vulnerability in Asuswrt, the firmware running on many wireless router models from Asustek Computer, allows attackers to completely compromise the affected devices. Malicious hackers, however, need to launch their attacks from within the local networks served by the vulnerable routers.

Apple blocks tool that brute-forces iCloud passwords

Apple has fixed an issue that could have allowed attackers to launch brute-force attacks against iCloud users in order to guess their passwords.

Macro-based malware is making a comeback, researchers warn

For the past several months, different groups of attackers have distributed malware through Microsoft Office documents that contain malicious macros, reviving a technique that has been out of style for over a decade.

Moonpig jeopardizes data of millions of customers through insecure API

Moonpig, a large online seller of personalized greeting cards and gifts, shut down its mobile apps Tuesday because of a security weakness that could have given hackers access to customer information.

Gogo inspects secure Web traffic in attempt to limit in-flight video streaming

In-flight Internet provider Gogo is inspecting its users' traffic exchanged with secure sites by replacing those sites' HTTPS certificates with self-signed ones.