Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

apple campus headquarters

After Mozilla inquiry, Apple untrusts Chinese certificate authority

Following a Mozilla-led investigation that found multiple problems in the SSL certificate issuance process of WoSign, a China-based certificate authority, Apple will make modifications to the iOS and macOS to block future certificates issued by the company.

dell emc vmax

Dell EMC patches critical flaws in VMAX enterprise storage systems

Dell EMC has fixed six flaws in its management interfaces for VMAX enterprise storage systems, including three vulnerabilities that are rated critical and could lead to the exposure of files or complete system compromise.

20160224 stock mwc internet of things iot sign

Smart device malware behind record DDoS attack is now available to all hackers

The source code for a trojan that infected hundreds of thousands of internet-of-things devices and used them to launch distributed denial-of-service attacks was published online, paving the way for more such botnets.

Firefox, Mozilla

Firefox blocks websites with vulnerable encryption keys

The popular Firefox browser will block access to HTTPS servers that use weak Diffie-Hellman keys.

Digital Key, security, encryption

Ransomware spreads through weak remote desktop credentials

Stolen or weak remote desktop credentials are routinely used to infect point-of-sale systems with malware, but recently they've also become a common distribution method for crypto-ransomware.

security code big data cyberespionage DDoS

Armies of hacked smart devices launch unprecedented DDoS attacks

The botnets made up of compromised IoT devices are now capable of launching distributed denial-of-service attacks of unprecedented scale.

Yahoo

Here's what you should know, and do, about the Yahoo breach

Yahoo's announcement that state-sponsored hackers have stolen the details of at least 500 million accounts shocks both through scale -- it's the largest data breach ever -- and the potential security implications for users.

yahoo mail

Yahoo is expected to confirm massive data breach affecting hundreds of millions of users

Yahoo is reportedly preparing to confirm a data breach that affects hundreds of millions of accounts.

security code big data cyberespionage DDoS

More than 840,000 Cisco devices are vulnerable to NSA-related exploit

More than 840,000 Cisco networking devices from around the world are affected by a recently discovered vulnerability that's similar to one exploited by a hacking group believed to be linked to the U.S. National Security Agency.

os1012 siridocsearch pr print

Apple’s new macOS Sierra fixes over 60 security flaws

Aside from new and interesting features, macOS Sierra 10.12 has a large number of important security fixes.

Digital Key, security, encryption

TLS 1.3 gets early adoption boost through CloudFlare

Website security and performance vendor CloudFlare has made the newest version of the TLS secure communications protocol available to all of its customers.

Tesla Model S

Researchers hack Tesla Model S with remote attack

Researchers from Chinese technology company Tencent found a series of vulnerabilities that, when combined, allowed them to remotely take over a Tesla Model S car.

20151005 Cisco headquarters sign

Cisco patches Equation group exploit in IOS, IOS XE and IOS XR devices

Cisco Systems has patched a vulnerability similar to one exploited by a cyberespionage group believed to be linked to the U.S. National Security Agency.

BSOD

Remote Safe Mode attack defeats Windows 10 pass-the-hash defenses

Attackers could remotely force Windows computers into Safe Mode in order to bypass pass-the-hash protections and steal user account credentials.

Google Shop in London

Chrome OS gets cryptographically verified enterprise device management

Companies will now be able to cryptographically validate the identity of Chrome OS devices connecting to their networks and verify that those devices conform to their security policies.