Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

wordpress logo 8

Serious flaw fixed in widely used WordPress plug-in

The latest version of the All in One SEO Pack plug-in for WordPress fixes a flaw that could be used to hijack the site's admin account.

security code big data cyberespionage byte

Enterprise software developers continue to use flawed code in apps

Companies that develop enterprise applications download over 200,000 open-source components on average every year and one in every sixteen of those components has security vulnerabilities.

generic image of a wi-fi router

How to secure your router and home network

Many users don't realize it, but their internet router is the most important electronic device in their home and is an attractive target for attackers.

OS X El Capitan installation

New Mac backdoor program steals keychain contents

Researchers have identified a new Mac backdoor program that's designed to steal credentials stored in the OS encrypted keychain and give attackers control over the system.

dlink dcs 930l camera webcame wireless

Code reuse exposes over 120 D-Link devices models to hacking

A recently discovered vulnerability in a D-Link network camera exists in over 120 different D-Link products and allows attackers to remotely take over the affected devices.

150817 google marshmallow 06

Google fixes over 100 security flaws in Android, many in chipset drivers

Google released a new batch of Android patches, fixing over 20 critical flaws in Android's own components and in chipset-specific drivers from different manufacturers.

New Tor-powered backdoor malware targets Macs

Security researchers have found a new backdoor program that allows attackers to hijack Mac systems and control them over the Tor network.

Security

Nasty Lenovo UEFI exploit also affects products from other vendors

A critical vulnerability that was recently found in the low-level firmware of Lenovo ThinkPad systems also reportedly exists in products from other vendors including HP and Gigabyte Technology.

Digital Key, security, encryption

Android's full disk encryption can be brute-forced on devices with Qualcomm chips

Attackers can exploit vulnerabilities in Android devices with Qualcomm chipsets in order to extract the encrypted keys that protect users' data and run brute-force attacks against them.

security keys locks

New Satana ransomware encrypts user files and master boot record

Attackers are developing an aggressive new ransomware program that encrypts both user files and the computer's master boot record (MBR), leaving affected machines unable to boot into the OS.

hardware security embedded circuit board integrated controller

Firmware exploit can defeat new Windows security features on Lenovo ThinkPads

A newly released UEFI exploit for Lenovo ThinkPad laptops could disable low-level Windows security features like Secure Boot, Virtual Secure Mode and Credential Guard.

security camera attack surveillance

Over 100 DDoS botnets built using Linux malware for embedded devices

LizardStresser, the DDoS malware for Linux systems written by the infamous Lizard Squad attacker group, was used over the past year to create over 100 botnets, some built almost exclusively from compromised internet-of-things devices.

xx

Researchers dismantle decade-long Iranian cyberespionage operation

The infrastructure used by an Iranian cyberespionage group to control infected computers has been hijacked by security researchers.

symantec logo

Nasty flaws in Symantec security tools expose millions of computers to hacking

A Google security researcher has found high severity vulnerabilities in enterprise and consumer products from antivirus vendor Symantec that could be easily be exploited by hackers to take control of computers.

security code big data cyberespionage DDoS

Thousands of hacked CCTV devices used in DDoS attacks

Attackers have compromised more than 25,000 digital video recorders and CCTV cameras and are using them to launch distributed denial-of-service (DDoS) attacks against websites.