Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

xen project hypervisor panda mascot

Critical Xen hypervisor flaw endangers virtualized environments

A critical vulnerability in the widely used Xen hypervisor allows attackers to break out of a guest operating system running inside a virtual machine and access the host system's entire memory.

ios 10.3 primary

Apple fixes wireless-based remote code execution flaw in iOS

Apple fixed a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi chips used in iPhones, iPads, and iPods.

Digital Key encryption

A free decryption tool is now available for all Bart ransomware versions

Antivirus vendor Bitdefender has released a free decryption tool that works for any files affected by the Bart ransomware.

Security

UEFI BIOS flaws can be exploited to install highly persistent ransomware

A team of researchers from security vendor Cylance demonstrated a proof-of-concept ransomware program that ran inside a motherboard's Unified Extensible Firmware Interface (UEFI).

Android Google marshmallow

Google's Android hacking contest fails to attract exploits

Google offered to pay $200,000 to any researcher who could remotely hack into an Android device by knowing only the victim's phone number and email address, but no one stepped up to the challenge for six months.

security code big data cyberespionage DDoS

Millions of websites affected by unpatched flaw in Microsoft IIS 6 web server

A proof-of-concept exploit has been published for a zero-day vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that's no longer supported.

code programming software bugs cybersecurity

Open-source developers targeted in sophisticated malware attack

Developers who publish their code on GitHub have been targeted in an attack campaign that uses a little known but potent cyberespionage malware.

VMware

VMware patches critical virtual machine escape flaws

VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines.

Fraud gang targeted large European companies

Trojan source code leak poised to spur new online banking attacks

The source code for a new banking Trojan has been published online, offering an easy way for unskilled cybercriminals to launch potent malware attacks against users.

Digital Key encryption

LastPass is scrambling to fix another serious vulnerability

Developers of the popular LastPass password manager are working to fix a serious vulnerability that could allow malicious websites to steal user passwords or to infect computers with malware.

p1200591

Apple: Macs and iPhones are safe from newly revealed CIA exploits

The Mac and iPhone exploits described in new documents attributed to the U.S. Central Intelligence Agency were patched years ago, according to Apple.

Digital Key encryption

To punish Symantec, Google may distrust a third of the web's SSL certificates

Google plans to remove the extended validation (EV) status of any such certificates issued by Symantec and to force the company to replace all of its customers' certificates.

161214 apple newyork

Leaked iCloud credentials obtained from third parties, Apple says

The iCloud credentials that the Turkish Crime Family hacker group claims to have weren't obtained through a breach of the Apple's services.

21394517746 9a77570fae o

Newly leaked documents show low-level CIA Mac and iPhone hacks

The CIA has had tools to infect Macs by connecting malicious Thunderbolt Ethernet adapters to them since 2012, according to new documents published by WikiLeaks.

code programming software bugs cybersecurity

LastPass password manager fixes serious password leak vulnerabilities in Chrome, Firefox, Edge extensions

Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users' passwords or execute malicious code on their computers.