Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

Digital Key, security, encryption

HTTP compression continues to put encrypted communications at risk

Security researchers have expanded and improved the three-year-old BREACH attack that exploits the HTTP compression mechanism in order to recover sensitive information such as authentication cookies from encrypted Web traffic.

hid edge evo ehr40-k door controller

Flaw in popular door controllers allow hackers to easily unlock secure doors

A flaw in door controllers made by HID Global could allow hackers to unlock secure doors over the network without authentication.

Apple iPhone 5S (1)

Hackers can abuse the iOS mobile device management protocol to deliver malware

Researchers from Check Point Software Technologies found that the communication between MDM products and iOS devices is susceptible to man-in-the-middle attacks and can be hijacked to install malware on non-jailbroken devices.

online security

5 things you need to know about two-factor authentication

One of the best pieces of security advice any computer expert can give you is to enable two-factor authentication for websites that support it. With password breaches so common nowadays, it could be the one thing that keeps hackers from stealing your identity online.

generic image of a wi-fi router

Your router could succumb to a new Telnet worm

A new worm called Remaiten infects Linux-based embedded systems by exploiting weak Telnet passwords.

security code big data cyberespionage DDoS

Custom developed Dripion backdoor used in highly targeted attacks in Asia, US

A new custom developed backdoor program has been used over the past year in highly targeted attacks against organizations from Taiwan, Japan, South Korea and the U.S.

bitdefender ransomware tool

Free Bitdefender tool protects against ransomware infections

Antivirus firm Bitdefender has released a free tool that can prevent computers from being infected with some of the most widespread file-encrypting ransomware programs: Locky, TeslaCrypt and CTB-Locker.

petya ransomware logo

This nasty ransomware overwrites your PC's master boot record

The new Petya ransomware overwrites the master boot record (MBR) of the affected PCs, leaving the OS in an unbootable state, researchers from antivirus firm Trend Micro said.

Windows PowerShell logo

New ransomware abuses Windows PowerShell, Word document macros

A new ransomware program written in Windows PowerShell is being used in attacks against enterprises, including healthcare organizations, researchers from Carbon Black warn.

Digital Key, security, encryption

Malware authors quickly adopt SHA-2 through stolen code-signing certificates

Researchers from Symantec have recently found samples of the Carberp.B online banking Trojan that were digitally signed with two stolen certificates: one using a SHA-1 signature and one using a SHA-2 signature.

Java logo browser

Emergency Java update fixes two-year-old flaw after researchers bypass old patch

Oracle has released an emergency Java security update to fix a critical vulnerability that could allow attackers to compromise computers when they visit specially crafted websites.

v3 usb group 2 100018190 gallery

Stealthy USB Trojan hides in portable applications, targets air-gapped systems

A Trojan program is being distributed through USB drives and seems to be designed for stealing information from so-called air-gapped computers that are not connected to the Internet.

Microsoft Office at Cebit

Microsoft adds macros lockdown feature in Office 2016 in response to increasing attacks

Microsoft has added a new option in Office 2016 that allows administrators to block macros -- embedded automation scripts -- from running in Word, Excel and PowerPoint documents that originate from the Internet.

Badlock vulnerability logo

Prepare to patch a critical flaw in Windows and Samba file sharing in 3 weeks

Systems administrators should get ready to fix a critical vulnerability on April 12 that affects the Windows and Samba implementations of the Server Message Block (SMB) protocol.

150817 google marshmallow 06

Google warns of Android flaw used to gain root access to devices

An application that allows users to root their Android devices is taking advantage of a security flaw in the Linux kernel that has remained unpatched in Android since its discovery two years ago.