Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

Firefox

Mozilla launches free website security scanning service

Mozilla has built an online scanner that can check if websites have the best security settings in place.

20151005 Cisco headquarters sign

Cisco starts patching firewall devices against NSA-linked exploit

Cisco Systems has started releasing security patches for a critical flaw in Adaptive Security Appliance (ASA) firewalls targeted by an exploit linked to the U.S. National Security Agency.

Paul Stone Alex Chapman DEFCON WPAD

Disable WPAD now or have your accounts and private data compromised

Security researchers have recently highlighted serious risks introduced by the Web Proxy Auto-Discovery Protocol (WPAD), which is enabled by default on Windows and is supported by other operating systems as well.

microsoft headquarters

Microsoft patches 27 flaws in Windows, Office, IE, and Edge

Microsoft has released another batch of security patches, fixing 27 vulnerabilities in Windows, Microsoft Office, Internet Explorer, and its new Edge browser.

150817 google marshmallow 06

Qualcomm-powered Android devices plagued by four rooting flaws

Hundreds of millions of Android devices based on Qualcomm chipsets are likely exposed to at least one of four critical vulnerabilities that allow non-privileged apps to take them over.

power analysis safe electronic lock

High-security electronic safes can be hacked through power and timing analysis

A hacker showed that high-security electronic safe locks are susceptible to power and timing side-channel attacks like those used to defeat cryptosystems.

Digital Key, security, encryption

Researcher hides stealthy malware inside legitimate digitally signed files

A new technique allows attackers to hide malicious code inside digitally signed files without breaking their signatures and then to load that code directly into the memory of another process.

Ivan Krstic Apple security Black Hat

Appleā€™s bug bounty program favors quality over quantity

After years of reluctance to pay researchers for exploits, Apple has given in and is ready to hand out up to US$200,000 for critical vulnerabilities found in the latest version of iOS and the newest iPhones.

Patrick Watson Nir Valtman point-of-sale POS PIN pad card reader

Stealing payment card data and PINs from POS systems is dead easy

The communications between card readers and point-of-sale systems is not secure and attackers can tap them to steal payment card data and even PIN numbers.

magnetic card spoof point-of-sale hotel

This tiny device can infect point-of-sale systems and unlock hotel rooms

Millions of point-of-sale systems and hotel room locks can be hacked by temporarily placing a small, inexpensive device several inches away from their card readers.

rio olympics tickets

Cybercrime infrastructure being ramped up in Brazil ahead of Olympics

Over the past few months, cybercriminals have set up a large number of malicious domains and servers in Brazil in anticipation to the Rio 2016 Olympics.

Android character at MWC 2014 Barcelona

New Android Trojan SpyNote leaks on underground forums

A new and potent Android Trojan has been leaked on several underground forums, making it available for free to less resourceful cybercriminals who are now likely to use it in attacks.

code big data binary programming

Long-running malvertising campaign infected thousands of computers per day

Security researchers have shut down a large-scale malvertising operation that used sophisticated techniques to remain undetected for months and served exploits to millions of computers.

Android N statue

Google beefs Linux up kernel defenses in Android

The future versions of Android will be more resilient to exploits thanks to developers' efforts to integrate the latest Linux kernel defenses into the operating system.a

Digital Key, security, encryption

Rival gang leaks decryption keys for Chimera ransomware

The creators of the Petya and Mischa ransomware programs leaked around 3,500 RSA private keys allegedly corresponding to systems infected with another ransomware program called Chimera.