Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

nikhil mittal black hat europe 2015

Continuous integration tools can be the Achilles heel for a company's IT security

Some of the most popular continuous integration tools used by software development teams have not been designed with security in mind and can open a door for attackers to compromise enterprise networks.

self encrypting hard drives black hat europe 2015

Self-encrypting drives are hardly any better than software-based encryption

Two researchers demonstrated attacks against self-encrypting drives used in enterprise environments at the Black Hat Europe conference in Amsterdam.

big data code

Thousands of Java applications vulnerable to nine-month-old remote code execution exploit

A serious vulnerability in a popular Java library puts thousands of Java applications and servers at risk of remote code execution attacks.

Digital Key

First Linux ransomware program cracked, for now

Malware researchers from Bitdefender created a tool to recover files encrypted with a ransomware program called Linux.Encoder.1.

Cybersecurity planet big data security

Iranian cyberespionage group attacked over 1,600 high-profile targets in one year

A cyberespionage group with possible ties to the Iranian government has targeted over 1,600 defense officials, diplomats, researchers, human rights activists, journalists and other high-profile individuals around the world.


File-encrypting ransomware starts targeting Linux web servers

After targeting consumer and then business computers, ransomware authors are now going after Web servers.

Security online

Deploying application whitelisting? NIST has some advice for you

The U.S. National Institute of Standards and Technology (NIST) has published a guide to application whitelisting that explains the technology in detail and offers practical advice for how it should be used.

hack security malware

Nasty new ransomware program threatens to leak your files online

In addition to encrypting people's private files a new ransomware program dubbed Chimera threatens to publish those files on the Internet.

150817 google marshmallow 06

Trojanized Android apps flood third-party stores, compromise phones

Researchers from mobile security firm Lookout have found over 20,000 samples of trojanized apps that root devices.

victim identity theft computer problem

VBulletin resets passwords, issues emergency patches following breach

VBulletin Solutions has reset the passwords for over 340,000 accounts on its website following a security breach and released emergency security patches for its popular Internet forum software that's used on tens of thousands of websites.

edgeplus 2448

Google researchers poke holes in Galaxy S6 Edge, show phone makers add risky code

Google's security researchers found 11 serious vulnerabilities in Samsung's Galaxy S6 Edge phone in code that was added by the manufacturer.

150817 google marshmallow 03

Google patches critical media processing flaws in Android

New security patches for Google's Nexus devices address seven vulnerabilities, two of which are critical and could allow for remote code execution when processing media files.

Baidu Beijing Office Sign

Baidu app component puts 100 million Android devices at risk

A software development kit created by Chinese Internet services company Baidu and used by thousands of Android applications contains a feature that gives attackers backdoor-like access to users' devices.

Digital Key

All CoinVault and Bitcryptor ransomware victims can now recover their files for free

Researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained the last set of encryption keys from command-and-control servers that were used by CoinVault and Bitcryptor, two related ransomware threats.

xen fu panda 2000px

Xen's highly critical virtual machine escape flaw gets a fix

The Xen Project fixed several vulnerabilities in its popular virtualization software, including one that could allow potential attackers to break out of a virtual machine and gain control over the host system.