Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

PCWorld News

DigiCert is considering SSL certificates for more Tor hidden services

The company has received requests for .onion SSL certificates after issuing one to Facebook

PCWorld News

WireLurker attacks against iOS devices also launched from Windows PCs

Researchers find Windows applications designed to infect iOS devices with an older WireLurker malware variant

PCWorld News

Informational Wi-Fi traffic can be used as covert communication channel for malware

Data packets used by wireless access points to advertise their capabilities can be used to control malware running on nearby computers

PCWorld News

Cisco patches serious vulnerabilities in small business RV Series routers

The flaws allow attackers to execute commands, overwrite files and launch CSRF attacks

PCWorld News

Google releases tool to test apps, devices for SSL/TLS weaknesses

The tool simulates man-in-the-middle attacks to detect SSL/TLS vulnerabilities and implementation issues

snapchat

Top messaging apps flat-out flunk EFF's security review

The organization ranked 39 digital communication tools based on security features and best practices

PCWorld News

BlackEnergy cyberespionage group targets Linux systems and Cisco routers

Kaspersky Lab researchers found BlackEnergy malware modules designed for ARM and MIPS systems running Linux

credit cards generic

American Express aims to dump credit card numbers for tokens

The company's token service allows merchants and mobile payment providers to stop working with sensitive payment card numbers

PCWorld News

Google to kill off SSL 3.0 in Chrome 40

A vulnerability in SSL 3.0 enabled the POODLE attack. In the meantime, Chrome 39 will no longer support SSL 3.0 fallback for TLS connections.

PCWorld News

Vulnerabilities found in more command-line tools, wget and tnftp get patches

Flaws identified in wget and tnftp allow malicious servers to execute rogue commands on users' systems

drupal logo

Drupal users: Assume your site was hacked if you didn't apply Oct. 15 patch immediately

Drupal site owners who failed to rapidly deploy a recent critical patch were advised to restore their sites from backups

PCWorld News

Cybercriminals create platform for automating rogue credit card charges

The developers claim it can emulate human interaction to trick payment gateways

PCWorld News

Attack campaign infects industrial control systems with BlackEnergy malware

Customers of three SCADA human-machine interface products from different vendors were potentially affected, ICS-CERT said

PCWorld News

Security vendor coalition cleans 43,000 malware infections used for cyberespionage

The removed tools were used by a prolific Chinese cyberespioange group dubbed Axiom

PCWorld News

Vulnerability in widely used 'strings' utility could spell trouble for malware analysts

Extracting text strings from binary files is not as safe as most people think, a security researcher found