Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

security code big data cyberespionage DDoS

Massive application-layer attacks could defeat hybrid DDoS protection

Security researchers have recently observed a large application-layer distributed denial-of-service attack using a new technique that could foil DDoS defenses and could spell trouble for website operators.

IPhone 6S launch in Palo Alto

Apple fixes iOS lock screen bypass that gives access to photos, contacts

Apple has reportedly fixed a vulnerability that could have allowed hackers to bypass the passcode on iPhone 6s and 6s Plus running iOS 9.3.1 in order to access the address book and photos.

IBM logo

Three-year-old IBM patch for critical Java flaw is broken

Security researchers have found that a patch released by IBM three years ago for a critical vulnerability in its own Java implementation is ineffective and can be easily bypassed to exploit the flaw again.

150817 google marshmallow 03

Google fixes 39 Android flaws, some allow hackers to take over your phone

Google has released one of the largest Android monthly security updates, fixing a total of 39 vulnerabilities, 15 of which are rated critical.

Digital Key, security, encryption

HTTP compression continues to put encrypted communications at risk

Security researchers have expanded and improved the three-year-old BREACH attack that exploits the HTTP compression mechanism in order to recover sensitive information such as authentication cookies from encrypted Web traffic.

hid edge evo ehr40-k door controller

Flaw in popular door controllers allow hackers to easily unlock secure doors

A flaw in door controllers made by HID Global could allow hackers to unlock secure doors over the network without authentication.

Apple iPhone 5S (1)

Hackers can abuse the iOS mobile device management protocol to deliver malware

Researchers from Check Point Software Technologies found that the communication between MDM products and iOS devices is susceptible to man-in-the-middle attacks and can be hijacked to install malware on non-jailbroken devices.

online security

5 things you need to know about two-factor authentication

One of the best pieces of security advice any computer expert can give you is to enable two-factor authentication for websites that support it. With password breaches so common nowadays, it could be the one thing that keeps hackers from stealing your identity online.

generic image of a wi-fi router

Your router could succumb to a new Telnet worm

A new worm called Remaiten infects Linux-based embedded systems by exploiting weak Telnet passwords.

security code big data cyberespionage DDoS

Custom developed Dripion backdoor used in highly targeted attacks in Asia, US

A new custom developed backdoor program has been used over the past year in highly targeted attacks against organizations from Taiwan, Japan, South Korea and the U.S.

bitdefender ransomware tool

Free Bitdefender tool protects against ransomware infections

Antivirus firm Bitdefender has released a free tool that can prevent computers from being infected with some of the most widespread file-encrypting ransomware programs: Locky, TeslaCrypt and CTB-Locker.

petya ransomware logo

This nasty ransomware overwrites your PC's master boot record

The new Petya ransomware overwrites the master boot record (MBR) of the affected PCs, leaving the OS in an unbootable state, researchers from antivirus firm Trend Micro said.

Windows PowerShell logo

New ransomware abuses Windows PowerShell, Word document macros

A new ransomware program written in Windows PowerShell is being used in attacks against enterprises, including healthcare organizations, researchers from Carbon Black warn.

Digital Key, security, encryption

Malware authors quickly adopt SHA-2 through stolen code-signing certificates

Researchers from Symantec have recently found samples of the Carberp.B online banking Trojan that were digitally signed with two stolen certificates: one using a SHA-1 signature and one using a SHA-2 signature.

Java logo browser

Emergency Java update fixes two-year-old flaw after researchers bypass old patch

Oracle has released an emergency Java security update to fix a critical vulnerability that could allow attackers to compromise computers when they visit specially crafted websites.