Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

facebook stock headquarters building

Failure to patch known ImageMagick flaw for months costs Facebook $40k

Facebook paid a $40,000 reward to a researcher after he warned the company that its servers were vulnerable to an exploit that had been known for months.

20151027 oracle cloud on building 100625234 orig

Oracle patches raft of vulnerabilities in business applications

Oracle released its first batch of security patches this year fixing 270 vulnerabilities, mostly in business-critical applications.

Digital Key encryption

Sensitive access tokens and keys found in hundreds of Android apps

A new study performed by cybersecurity firm Fallible on 16,000 Android applications revealed that around 2,500 had API keys and access tokens for third-party services hard-coded into them.

Samsung SmartCam snh 1011

Critical flaw lets hackers take control of Samsung SmartCam cameras

The popular Samsung SmartCam security cameras contain a critical remote code execution vulnerability that could allow hackers to gain root access and take full control of them.

security code big data cyberespionage byte

After MongoDB, ransomware groups hit exposed Elasticsearch clusters

After deleting data from thousands of publicly accessible MongoDB databases, ransomware groups have started doing the same with Elasticsearch clusters that are accessible from the Internet and are not properly secured.

godaddy office

GoDaddy revokes nearly 9,000 SSL certificates issued without proper validation

GoDaddy, one of the world's largest domain registrars and certificate authorities, revoked almost 9,000 SSL certificates this week after it learned that its domain validation system has had a serious bug for the past five months.

Digital Key encryption

Professionally designed ransomware Spora might be the next big thing

Security researchers have found a new very well designed ransomware program dubbed Spora that can perform strong offline file encryption and brings several innovations to the ransom payments model.

microsoft headquarters

Microsoft releases one of its smallest monthly security patch bundles ever

Microsoft has released one of its smallest monthly patch bundles ever, with only three vulnerabilities fixed across its entire product portfolio.

adobe systems headquarters san jose

Adobe patches critical flaws in Flash Player, Reader, and Acrobat

Adobe Systems released security updates for its Flash Player, Adobe Reader, and Acrobat products fixing critical vulnerabilities that could allow attackers to install malware on computers.

code hacker cyberespionage eye data

Disk-wiping malware Shamoon targets virtual desktop infrastructure

A cyber sabotage program that wiped data from 30,000 computers at Saudi Arabia's national oil company in 2012 has now returned and is able to target server-hosted virtual desktops.

code programming software bugs cybersecurity

This tool can help weed out hard-coded keys from software projects

A security researcher developed a tool that can automatically detect sensitive access keys that were hard-coded inside software projects.

security code big data cyberespionage byte

More than 10,000 exposed MongoDB databases deleted by ransomware groups

Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them.

ransomware hardware security embedded circuit board integrated controller

KillDisk cyber sabotage tool evolves into ransomware

A malicious program called KillDisk that has been used in the past to wipe data from computers during cyberespionage attacks is now encrypting files and asking for an unusually large ransom.

robot hacking security A.I.

Plone dismisses claim that flaw in its CMS was used to hack FBI

The security team behind the Plone content management system has dismissed claims that hackers have access to information about an unpatched critical vulnerability.

Digital Key encryption

HTTPS scanning in Kaspersky antivirus exposed users to MITM attacks

Security vendor Kaspersky Lab updated its antivirus products to fix an issue that could have exposed users to traffic interception attacks.