Lucian ConstantinReporter, IDG News Service, IDG News Service

Lucian Constantin writes about information security, privacy and data protection.

WNDR3700v4

Vulnerabilities in some Netgear routers open door to remote attacks

Vulnerabilities in the management interfaces of some wireless router and network-attached storage products from Netgear expose the devices to remote attacks that could result in their complete compromise, researchers warn.

Application-layer DDoS attacks are becoming increasingly sophisticated

Attackers are using real browsers on infected computers to attack Web applications and bypass DDoS protection.

Felipe Calderon

Mexico condemns NSA's alleged hacking of president's email

The Mexican government has condemned newly reported spying activities of the U.S. National Security Agency against the country's former president while he was in office.

security

Belgacom investigates router compromise at its carrier services arm

Belgian telecommunications group Belgacom found unauthorized changes made to a router at its BICS subsidiary, which provides wholesale communication services to hundreds of operators worldwide.

Hackers steal customer information from PR Newswire

Hackers managed to steal a database containing customer credentials and contact information from PR Newswire, a major press release distribution service that's used by tens of thousands of companies and public relations agencies.

Oracle plugs severe security holes that put systems at hijack risk

Oracle fixed on Tuesday 127 security issues in Java, its database and other products, patching some flaws that could let attackers take over systems.

D-Link to padlock router backdoor by Halloween

A security issue in some of D-Link routers could allow attackers to change the device settings without requiring a username and password. D-Link says it will address the problem with a firmware update by the end of the month.

Brazil to fortify government email system following NSA snooping revelations

The Brazilian Federal Data Processing Service, known as Serpro, will build a secure email system for Brazil's federal government following media reports that foreign intelligence agencies intercepted electronic communications in the country.

EFF quits Global Network Initiative over NSA surveillance revelations

The Electronic Frontier Foundation, a digital rights watchdog, says it's dropping out of the Global Network Initiative because corporate members of that group can't reveal how the government may have forced them to cooperate with surveillance programs.

hackers

Hackers exploit vBulletin Internet forum software vulnerability

The vulnerability allows attackers to abuse the vBulletin configuration mechanism to create a secondary administrative account, the researchers said Wednesday.

cisco_logo

Cisco patches vulnerabilities in some security appliances, switches and routers

Cisco Systems has released security patches for authentication bypass, command execution and denial-of-service vulnerabilities affecting products that use its Adaptive Security Appliance (ASA) software, as well as the Cisco Catalyst 6500 series switches and Cisco 7600 series routers.

D'oh! Basic flaw in WhatsApp could allow attackers to decrypt messages

The popular mobile messaging application WhatsApp Messenger has a major design flaw in its cryptographic implementation that could allow attackers to decrypt intercepted messages, according to a Dutch developer.

Four suspected users of Silk Road Internet drug marketplace arrested in the UK

After arresting four men for drug offenses in connection with their involvement in Silk Road, U.K.'s new National Crime Agency promises that more arrests related to the Internet underground market will follow.

Black Hole

Blackhole exploit kit author arrested in Russia

Russian authorities have arrested the main developer of the notorious Blackhole exploit kit, one of the most popular attack tools used to infect Web users with malware.

LeaseWeb domain name hijacked

Hosting provider LeaseWeb falls victim to DNS hijacking

Hosting provider LeaseWeb became the latest high-profile company to have its domain name taken over by attackers, highlighting that DNS (Domain Name System) hijacking is a significant threat, even to technically adept businesses.