Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

PCWorld News

Critical XSS flaws patched in WordPress and popular plug-in

The vulnerabilities could allow attackers to create administrator accounts and take control of websites

PCWorld News

Citadel malware now targets password management applications

A new Citadel configuration steals the master keys for two password managers and a secure authentication program

Privacy advocates release free 'Detekt' tool that finds surveillance malware

The tool is a joint project of multiple privacy groups who investigated malware used to target journalists and human rights activists.

PCWorld News

Long-running Android botnet evolves, could pose threat to corporate networks

The 'NotCompatible' Android Trojan now uses peer-to-peer encrypted communication, researchers from Lookout said

BitTorrent

BitTorrent dismisses Sync security concerns

The cryptographic implementation is solid and cannot be compromsied through a remote server, the company said

encryptitall

EFF, Mozilla back new certificate authority that will offer free SSL certificates

The new CA is called Let's Encrypt and its goal is to encourage the widespread adoption of SSL/TLS on the Internet

coinvault gui

New ransomware CoinVault allows users to decrypt one file for free

Cybercriminals use a popular freebie tactic in an attempt to increase the success rate of its ransomware.

shellshock bug

Shellshock-exploiting Bash malware targets embedded devices running BusyBox

Attackers use malware dubbed Bashlite to scan for and install backdoors on routers and other systems running BusyBox

tor logo 2 100056774 large

Rogue, malware-spewing Tor exit node tied to cyber espionage group

There is strong evidence that it was used to target European government agencies, researchers from F-Secure said.

PCWorld News

Sonatype aims to help developers reduce risk from open-source components

The Sonatype Component Lifecycle Management 2.0 tracks vulnerable third-party components used in software

PCWorld News

Microsoft fixes critical crypto flaw, strenghtens encryption for older systems

A vulnerability in the Microsoft SChannel component could expose servers to remote code execution attacks

PCWorld News

First Stuxnet victims were five Iranian industrial automation companies

To reach the uranium enrichment plant at Natanz, Stuxnet's creators likely targeted Iranian companies tied to it, researchers said

Adobe fixes 18 critical vulnerabilities in Flash Player

Fifteen of them are critical and can result in remote code execution

8 securitytips primary 100024721 large

Microsoft bolsters EMET security tool with hardened exploit mitigations

EMET 5.1 fixes incompatibilities detected between certain mitigations and popular software programs

PCWorld News

Cyberespionage group targets traveling execs through hotel networks

The group infects the network access Web portals used by hotels and business centers to target specific guests