Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

Fortinet FortiGate

FortiGuard SSH backdoor found in more Fortinet security appliances

Network security vendor Fortinet has identified an authentication issue that could give remote attackers administrative control over FortiSwitch, FortiAnalyzer and FortiCache devices.

20151005 cisco headquarters sign

Cisco fixes critical flaws in digital encoder, unified computing manager and security appliance

Cisco released security updates to fix a hard-coded root password in its Modular Encoding Platform D9036 and a vulnerable CGI script in the Cisco Unified Computing System (UCS) Manager and the Cisco Firepower 9000 Series appliances.

150817 google marshmallow 06

Google creates fix for zero-day kernel flaw, says effect on Android is greatly exaggerated

Google has developed a patch for a recently reported vulnerability in the Linux kernel and shared it with Android manufacturers.

tor logo

Privacy-conscious users rejoice: Facebook's Android app now supports Tor

Facebook has added the option to route traffic from its Android mobile app over the Tor anonymity network.

Intel Core i7

Serious flaw patched in Intel Driver Update Utility

A software utility that helps users download the latest drivers for their Intel hardware components contained a vulnerability that could have allowed man-in-the-middle attackers to execute malicious code on computers.

Security

Advocacy group calls on health-care industry to adopt medical device security principles

Advocacy group I Am the Cavalry is urging organizations that manufacture and distribute medical devices to adopt a cybersecurity version of the Hippocratic Oath.

angry linux

Linux kernel flaw threatens millions of PCs, servers, and Android devices

A three-year-old vulnerability in the Linux kernel could have allowed attackers to take full control over Linux-based PCs, servers, Android phones and other embedded devices.

Digital Key, security, encryption

Advantech industrial serial-to-Internet gateways wide open to unauthorized access

Specialized gateway devices made by Advantech that are used around the world in industrial environments to connect legacy serial equipment to TCP/IP and cellular networks can be accessed with any password.

malware payment terminal credit card

Hyatt hackers hit payment processing systems, scooped cards used at 250 locations

Hacker managed to compromise payment cards used at 250 Hyatt Hotels locations from around 50 countries after infecting the company's payment processing systems with malware.

Digital Key, security, encryption

OpenSSH patches information leak that could expose private SSH keys

A vulnerability in OpenSSH clients could expose users' private SSH keys to rogue or compromised servers.

150817 google marshmallow 03

Android banking malware SlemBunk is part of a well-organized campaign

The SlemBunk Android Trojan that targets mobile banking users has evolved into a hard-to-detect threat, researchers from FireEye found.

20151005 cisco headquarters sign

Cisco fixes unauthorized access flaws in access points, wireless LAN controllers

Cisco Systems released critical security updates for several products, including access points and wireless LAN controllers, in order to fix vulnerabilities that could give remote attackers access to devices.

Digital Key, security, encryption

Faulty ransomware renders files unrecoverable, even by the attacker

A hacker has built a ransomware program based on proof-of-concept code released online, but messed up the implementation resulting in victims' files being completely unrecoverable.

microsoft headquarters

Microsoft fixes critical flaws in Windows, Office, Edge, IE and other products

Microsoft released critical fixes for remote code execution flaws in Windows, Office, Edge, Internet Explorer, Silverlight and Visual Basic.

Data Scientist

New remote access Trojan Trochilus used in cyberespionage operations

A cyberespionage group was found using a new remote access Trojan dubbed Trochilus whose detection rate was very low among antivirus products.