Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

Digital Key encryption

It's time for websites to turn on HTTPS encryption: the benefits are worth the effort

The number of websites supporting HTTPS has skyrocketed over the past year and there are many benefits for turning on encryption on your website today.

20160225 stock mwc ericsson booth security locks

How much are vendor security assurances worth after the CIA leaks?

Google, Apple, Microsoft and other software vendors are working to identify and patch the vulnerabilities described in the CIA leak, but ultimately this doesn't change the status quo of software security.

Security

After CIA leak, Intel Security releases detection tool for EFI rootkits

Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code.

code programming software bugs cybersecurity

Hackers exploit Apache Struts vulnerability to compromise corporate web servers

Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

hacker, hackers, hacking

Leaked docs suggest NSA and CIA behind Equation cyberespionage group

Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of CIA's own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation.

cia

CIA false flag team repurposed Shamoon data wiper, other malware

The U.S. Central Intelligence Agency documents published by WikiLeaks Tuesday shows that one of the agency's teams specializes in reusing bits of code and techniques from public malware samples.

p1200739

Android gets patches for critical OpenSSL, media server and kernel driver flaws

A five-month-old flaw in Android's SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.

Legislation of privacy security keyboard law legal gavel court ruling

US DOJ drops child porn case to avoid disclosing Tor exploit

The U.S. Department of Justice is asking a federal court to dismiss its indictment in a case that involves a child porn site known as Playpen after a judge asked the government to disclose the hacking technique it used to gather evidence.

code programming software bugs cybersecurity

HackerOne offers bug bounty service for free to open-source projects

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

malware attack cyberespionage code hacker

Fileless Powershell malware uses DNS as covert communication channel

Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols that are less frequently monitored.

Digital Key encryption

Free decryption tools now available for Dharma ransomware

If you've been hit by Dharma ransomware, great news: Researchers have created decryption tools for the Dharma ransomware after someone recently leaked the encryption keys for it.

chrome intro

Chrome for MacOS will block rogue ad injections and settings changes

Google has expanded its Safe Browsing service, allowing Google Chrome on macOS to better protect users from programs that locally inject ads into web pages or that change the browser's home page and search settings.

robot hacking security A.I.

Robots are just as plagued by security vulnerabilities as IoT devices

A security analysis of robots used in homes, businesses and industrial installations has revealed many of the same basic security weaknesses that are commonly found in IoT devices, raising questions about the implications for human safety.

20151005 cisco hq sign 100620823 orig

This tool can help you discover Cisco Smart Install protocol abuse

Cisco's Talos team has released a tool that allows network owners to discover switches on their networks that might be vulnerable to Cisco Smart Install (SMI) attacks.

code hacker cyberespionage eye data

SHA-1 collision can break SVN code repositories

The recently announced SHA-1 collision attack has the potential to break code repositories that use the Subversion (SVN) revision control system.