Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

linux tux mascot logo

Easy-to-exploit rooting flaw puts Linux PCs at risk

The maintainers of Linux distributions are rushing to patch a privilege escalation vulnerability that's already being exploited in the wild and poses a serious risk to Linux based servers, desktops and other devices.

Security (3)

This free tool protects PCs from master boot record attacks

A new open-source tool called MBRFilter can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks.

Security online

Intel CPU flaw could help attackers defeat security features

A feature in Intel's Haswell CPUs can be abused to reliably defeat an anti-exploitation technology that exists in all major operating systems, researchers have found.

20151027 oracle cloud on building

Oracle fixes 100s of vulnerabilities that put enterprise data at risk

Oracle has released another large batch of patches, fixing many critical vulnerabilities in enterprise products that are used to store and work with critical business data.

Digital Key, security, encryption

Critical flaws found in open-source encryption software VeraCrypt

A new security audit has found critical vulnerabilities in VeraCrypt, an open-source full-disk encryption program that's the direct successor to the widely popular, but now defunct, TrueCrypt.

malware payment terminal credit card

Hackers hide stolen payment-card data inside website product images

Attackers compromise online shops and store stolen payment-card details inside legitimate image files in order to avoid detection.

malware payment terminal credit card

Dyre banking Trojan successor rears its ugly head

Cybercriminals have unleashed a new banking Trojan onto the Internet and it bears striking similarities to Dyre, a malware threat believed to be dead for almost a year.

Digital Key, security, encryption

GlobalSign certificate revocation error leaves websites inaccessible

Many users around the world had trouble accessing some HTTPS websites due to an error at GlobalSign, one of the world's largest certificate authorities.

security code big data cyberespionage byte

Thousands of online stores compromised by credit-card theft

Almost 6,000 online shops have been compromised by hackers who added specially crafted code that intercepts and steals payment card details.

20151005 Cisco headquarters sign

Cisco patches critical authentication flaw in conferencing servers

Cisco Systems has patched a critical vulnerability that could allow attackers to gain access to Cisco Meeting Server deployments, which are used in enterprise environments for video and audio conferencing.

Digital Key, security, encryption

Encrypted communications could have an undetectable backdoor

Researchers warn that many 1024-bit keys used to secure communications on the Internet today might be based on prime numbers that have been intentionally backdoored in an undetectable way.

Digital Key, security, encryption

Certificate policy violations force reform at StartCom and WoSign

The top management of StartCom and WoSign will be replaced and the two certificate authorities will undergo audits after browser vendors discovered that they mis-issued a number of digital certificates, violating industry rules.

Digital Key, security, encryption

Cerber ransomware kills database connections to access important data

In order to encrypt some of the most important data stored on computers and servers, the Cerber ransomware now tries to kill processes associated with database servers.

onetouch ping

New insulin pump flaws highlights security risks from medical devices

Medical device manufacturer Animas warns diabetic patients who use its OneTouch Ping insulin pumps about security issues that could allow hackers to take over the devices and deliver unauthorized doses of insulin.

apple campus headquarters stock

After Mozilla inquiry, Apple untrusts Chinese certificate authority

Following a Mozilla-led investigation that found multiple problems in the SSL certificate issuance process of WoSign, a China-based certificate authority, Apple will make modifications to the iOS and macOS to block future certificates issued by the company.