Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

20160224 stock mwc qualcomm booth sign

Devices with Qualcomm modems safe from critical ASN.1 telecom flaw

Smartphones equipped with Qualcomm modems are not vulnerable to a recently announced vulnerability that could potentially allow attackers to take over cellular network gear and consumer mobile devices.

Digital Key, security, encryption

Free your files! No-cost decryption tools released for two ransomware programs

Security researchers have released tools this week that could help users recover files encrypted by two relatively new ransomware threats: Bart and PowerWare.

20151027 openworld dell sign

Dell patches critical flaws in SonicWALL Global Management System

Dell has patched several critical flaws in its central management system for SonicWALL enterprise security appliances, such as firewalls and VPN gateways.

code vulnerability software

Flaws in Oracle file processing SDKs affect major third-party products

Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday also affect products from third-party software vendors, including Microsoft.

20151027 openworld oracle cloud signs

Oracle issues largest patch bundle ever, fixing 276 security flaws

Oracle has released a new batch of security updates for over 80 products from its software portfolio in order to fix 276 vulnerabilities.

code big data binary programming

Security software that uses 'code hooking' opens the door to hackers

Code-hooking techniques used by security, performance, virtualization and other types of programs to monitor third-party processes have introduced vulnerabilities that hackers can exploit.

security code big data cyberespionage DDoS

Attackers launch multi-vector DDoS attacks that use DNSSEC amplification

Incident responders from Akamai recently helped mitigate a DDoS attack against an unnamed European media organization that used six different attack techniques, including DNSSEC-based DNS amplification.

Taking screenshot on Android phone

Attackers could steal millions through online phone verification systems

A researcher finds he could earn millions of dollars by abusing the online phone verification systems used by Google, Microsoft, and Instagram

Ubuntu China

Flaw in vBulletin add-on leads to Ubuntu Forums database breach

Ubuntu support forums users should be on the lookout for dodgy emails after the website's database of 2 million email addresses has been stolen.

20151005 Cisco headquarters sign

Cisco patches serious flaws in router and conferencing server software

Cisco Systems released patches this week for several vulnerabilities in its IOS software for networking devices and the Cisco and WebEx conferencing servers.

Digital Key, security, encryption

New Locky ransomware version can operate in offline mode

The creators of the widespread Locky ransomware have added a fallback mechanism in the latest version of their program for situations where the malware can't reach their command-and-control servers.

Juniper Networks headquarters Sunnyvale, CA

Juniper patches high-risk flaws in Junos OS

Juniper Networks has fixed several vulnerabilities in the Junos operating system that's used on its networking and security appliances, including a flaw that could allow hackers to gain administrative access to affected devices.

drupal 7

Three popular Drupal modules get patches for site takeover flaws

The security team of the popular Drupal content management system worked with the maintainers of three third-party modules to fix critical vulnerabilities that could allow attackers to take over websites.

microsoft headquarters

Microsoft fixes critical vulnerabilities in IE, Edge, Office, and Windows

Microsoft's new batch of security patches fixes 47 vulnerabilities across its products, including in Internet Explorer, Edge, Office, Windows and the .NET Framework.

malware infection cyberattack

Stealthy cyberespionage malware targets energy companies

Security researchers have discovered a new malware threat that goes to great lengths to remain undetected while targeting energy companies.