Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

p1200591

Apple: Macs and iPhones are safe from newly revealed CIA exploits

The Mac and iPhone exploits described in new documents attributed to the U.S. Central Intelligence Agency were patched years ago, according to Apple.

Digital Key encryption

To punish Symantec, Google may distrust a third of the web's SSL certificates

Google plans to remove the extended validation (EV) status of any such certificates issued by Symantec and to force the company to replace all of its customers' certificates.

161214 apple newyork

Leaked iCloud credentials obtained from third parties, Apple says

The iCloud credentials that the Turkish Crime Family hacker group claims to have weren't obtained through a breach of the Apple's services.

21394517746 9a77570fae o

Newly leaked documents show low-level CIA Mac and iPhone hacks

The CIA has had tools to infect Macs by connecting malicious Thunderbolt Ethernet adapters to them since 2012, according to new documents published by WikiLeaks.

code programming software bugs cybersecurity

LastPass password manager fixes serious password leak vulnerabilities in Chrome, Firefox, Edge extensions

Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users' passwords or execute malicious code on their computers.

p1200588

Hackers threaten to wipe millions of Apple devices, demand ransom

A group of hackers is threatening to wipe millions of iOS devices in two weeks if Apple doesn't pay them $150,000.

code programming software bugs cybersecurity

Flaws in Moodle CMS put thousands of e-learning websites at risk

Organizations that use the popular Moodle learning management system should deploy the latest patches as soon as possible because they fix vulnerabilities that could allow attackers to take over web servers.

Security online

Pwn2Own hacking contest ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

Digital Key encryption

Some HTTPS inspection tools might weaken security

Companies that use security products to inspect HTTPS traffic might inadvertently make their users' encrypted connections less secure and expose them to man-in-the-middle attacks, the U.S. Computer Emergency Readiness Team warns.

security hacker privacy

String of fileless malware attacks possibly tied to single hacker group

Several attacks observed over the past few months that rely heavily on PowerShell, open-source tools and fileless malware techniques, might be the work of a single group of hackers.

ubiquiti rocket m base station

Unpatched vulnerability puts Ubiquiti networking products at risk

An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.

hacker, hackers, hacking

Adobe Reader, Edge, Safari, and Ubuntu fall during first day at Pwn2Own

During the first day of the Pwn2Own hacking contest, security researchers successfully demonstrated exploits against Microsoft Edge, Apple's Safari, Adobe Reader, and Ubuntu Desktop.

microsoft stock campus building

Microsoft fixes record number of flaws, some publicly known

Microsoft's batch of security patches for March is one of the largest ever and includes fixes for several vulnerabilities that are publicly known and actively exploited.

Adware security

Malicious uploads allowed hijacking of WhatsApp and Telegram accounts

A vulnerability patched in the web-based versions of encrypted communications services WhatsApp and Telegram would have allowed attackers to take over accounts by sending users malicious files masquerading as images or videos.

petya ransomware logo

Hackers use dangerous Petya ransomware in targeted attacks

A group of attackers has found a way to hijack the Petya ransomware and use it in targeted attacks against companies without the program creators' knowledge.