Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

LH110 Lorex digital video recorder DVR

Hard-coded password exposes up to 46,000 video surveillance DVRs to hacking

Up to 46,000 Internet accessible digital video recorders (DVRs) that are used to monitor and record video streams from surveillance cameras in homes and businesses can be easily taken over by hackers.

xen project hypervisor panda mascot

Xen's latest hypervisor updates are missing some security patches

The Xen Project released new versions of its virtual machine hypervisor, but forgot to fully include two security patches that had been previously made available.

security code big data cyberespionage DDoS

Russian cyberspy group uses simple yet effective Linux Trojan

A cyberespionage group of Russian origin known as Pawn Storm is infecting Linux systems with a simple but effective Trojan program that doesn't require highly privileged access.

20151027 vmware sign

Pwn2Own contest puts $75,000 bounty on VMware Workstation bypass

The Pwn2Own hacking contest in March will award security researchers for exploiting Google Chrome, Microsoft Edge, Apple Safari, Flash Player and, for the first time, VMware Workstation.

20151005 cisco headquarters sign

Critical VPN key exchange flaw exposes Cisco security appliances to remote hacking

Cisco Systems patched a critical vulnerability that could allow remote attackers to take over Cisco Adaptive Security Appliance (ASA) firewalls configured as virtual private network servers by simply sending malformed network packets to them.

microsoft headquarters

Microsoft fixes 36 flaws in IE, Edge, Office, Windows, .NET

Microsoft released its second batch of security updates for this year, addressing a total of 36 flaws in Internet Explorer, Edge, Office, Windows and .NET Framework.

Internal Revenue Service IRS tax filing form 1040

Identity thieves obtain 100,000 electronic filing PINs from IRS system

The Internal Revenue Service was the target of an attack that used stolen social security numbers and other taxpayer data to obtain PINs that can be used to file tax returns electronically.

security code big data cyberespionage DDoS

Java-based Trojan was used to attack over 400,000 systems

A Java-based Trojan known as Adwind and AlienSpy has been rebranded as JSocket and is being sold as a service to all types of attackers, from opportunistic cybercriminals to cyberespionage groups.

malware payment terminal credit card

Cybercriminals adopt spies' techniques to pull off online bank heists

Researchers from security vendor Kaspersky Lab have identified three cybercrime groups that compromise and steal money from financial institutions using sophisticated techniques and custom malware.

Java logo browser

Java installer flaw shows why you should clear your Downloads folder

Older Java installers are designed to look for and automatically load a number of specifically named DLL (Dynamic Link Library) files that might exist in the folder they were launched from.

free security avast

Serious flaw discovered in Avast's security-focused SafeZone browser

A Google security researcher found a serious vulnerability in the Avast SafeZone browser that doesn't exist in Chromium, the open-source browser that serves as its foundation.

malware payment terminal credit card

Dridex banking malware mysteriously hijacked to distribute antivirus program

An unknown person -- possibly a white hat hacker -- gained access to some of the servers that cybercriminals use to distribute the Dridex online banking Trojan and replaced the malware with an installer for Avira Free Antivirus.

Data center servers

Serious flaws found in Netgear's NMS300 network management system

Serious vulnerabilities in the Netgear NMS300 ProSafe network management system, an application used to discover, monitor and configure a wide range of network devices, can allow hackers to take control of the servers it's running on.

hereO GPS watch

Flaws in smart toy back-end servers puts kids and their families at risk

Researchers from Rapid7 found privacy-invading vulnerabilities in the Web services used by the Smart Toy line of interactive stuffed animals and the hereO GPS watch for children.

Digital Key, security, encryption

Socat vulnerability shows that crypto backdoors can be hard to spot

The Socat networking service used a non-prime number for its key exchange mechanism, potentially allowing attackers to eavesdrop on encrypted connections opened with the tool.