Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

PCWorld News

Sonatype aims to help developers reduce risk from open-source components

The Sonatype Component Lifecycle Management 2.0 tracks vulnerable third-party components used in software

PCWorld News

Microsoft fixes critical crypto flaw, strenghtens encryption for older systems

A vulnerability in the Microsoft SChannel component could expose servers to remote code execution attacks

PCWorld News

First Stuxnet victims were five Iranian industrial automation companies

To reach the uranium enrichment plant at Natanz, Stuxnet's creators likely targeted Iranian companies tied to it, researchers said

Adobe fixes 18 critical vulnerabilities in Flash Player

Fifteen of them are critical and can result in remote code execution

8 securitytips primary 100024721 large

Microsoft bolsters EMET security tool with hardened exploit mitigations

EMET 5.1 fixes incompatibilities detected between certain mitigations and popular software programs

PCWorld News

Cyberespionage group targets traveling execs through hotel networks

The group infects the network access Web portals used by hotels and business centers to target specific guests

PCWorld News

DigiCert is considering SSL certificates for more Tor hidden services

The company has received requests for .onion SSL certificates after issuing one to Facebook

PCWorld News

WireLurker attacks against iOS devices also launched from Windows PCs

Researchers find Windows applications designed to infect iOS devices with an older WireLurker malware variant

PCWorld News

Informational Wi-Fi traffic can be used as covert communication channel for malware

Data packets used by wireless access points to advertise their capabilities can be used to control malware running on nearby computers

PCWorld News

Cisco patches serious vulnerabilities in small business RV Series routers

The flaws allow attackers to execute commands, overwrite files and launch CSRF attacks

PCWorld News

Google releases tool to test apps, devices for SSL/TLS weaknesses

The tool simulates man-in-the-middle attacks to detect SSL/TLS vulnerabilities and implementation issues

snapchat

Top messaging apps flat-out flunk EFF's security review

The organization ranked 39 digital communication tools based on security features and best practices

PCWorld News

BlackEnergy cyberespionage group targets Linux systems and Cisco routers

Kaspersky Lab researchers found BlackEnergy malware modules designed for ARM and MIPS systems running Linux

credit cards generic

American Express aims to dump credit card numbers for tokens

The company's token service allows merchants and mobile payment providers to stop working with sensitive payment card numbers

PCWorld News

Google to kill off SSL 3.0 in Chrome 40

A vulnerability in SSL 3.0 enabled the POODLE attack. In the meantime, Chrome 39 will no longer support SSL 3.0 fallback for TLS connections.