Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

microsoft stock campus building

Google discloses unpatched IE vulnerability after Patch Tuesday delay

Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.

security code big data cyberespionage byte

Serious Cloudflare bug revealed secret user data from major websites

For months a bug in Cloudflare's content optimization systems exposed sensitive information sent by users to websites including passwords, session cookies, authentication tokens and even private messages.

Digital Key encryption

Stop using SHA1 encryption: It’s now completely unsafe, Google proves

Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature.

Security online

Eleven-year-old root flaw found and patched in the Linux kernel

Linux system administrators should watch for kernel updates for their distributions and apply them as soon as possible because they fix a local privilege escalation flaw that could lead to a full system compromise.

Digital Key encryption

New macOS ransomware spotted in the wild

A new file-encrypting ransomware program for macOS is being distributed through bittorrent websites and users who fall victim to it won’t be able to recover their files, even if they pay.

microsoft stock campus building

Microsoft pushes out critical Flash Player patches with one week delay

After deciding to postpone its February patches for a month, Microsoft released one critical security update for Windows on Tuesday that contains Flash Player patches released by Adobe Systems last week.

code big data binary programming

Java and Python FTP attacks can punch holes through firewalls

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.

code hacker cyberespionage eye data

Hackers behind bank attack campaign use Russian as decoy

The hackers behind a sophisticated attack campaign that has targeted financial organizations around the world have intentionally inserted Russian words and commands into their malware in an attempt to throw investigators off.

20160224 stock mwc freeway cars traffic barcelona

Insecure Android apps put connected cars at risk

Android applications that allow millions of car owners to remotely locate and unlock their vehicles are missing security features that could allow hackers to easily hijack their functionality.

malware attack cyberespionage code hacker

Israeli soldiers hit in cyberespionage campaign using Android malware

More than 100 members of the Israel Defense Forces, the majority of them stationed around the Gaza strip, fell victim to a cyberespionage attack that used malicious Android applications to steal information from their mobile devices.

microsoft stock campus building

Microsoft's monthlong delay of security patches may pose risks, experts say

There won't be any patches from Microsoft this month, as the company has decided to bundle them together with the patches scheduled for March.

code programming software bugs cybersecurity

JavaScript-based ASLR bypass attack simplifies browser exploits

Researchers have devised a new attack that can bypass address space layout randomization (ASLR) in browsers and possibly other applications.

code hacker cyberespionage eye data

Russian cyberspies blamed for U.S. election hacks are now targeting Macs

Security researchers have discovered a macOS malware program that's likely part of the arsenal used by the Russian cyberespionage group blamed for hacking into the U.S. Democratic National Committee last year.

person smartphone office table byod roaming

Forget the network perimeter, say security vendors

Security vendors start embracing Google's BeyondCorp network security model that treats all apps and devices as being on the Internet instead of assigning higher trust to local networks.

Fraud gang targeted large European companies

Recent malware attacks on Polish banks tied to wider hacking campaign

Malware attacks that recently put the Polish banking sector on alert were part of a larger campaign that targeted financial organizations from over 30 countries.