Lucian ConstantinReporter, IDG News Service, IDG News Service

Lucian Constantin writes about information security, privacy and data protection.

target

Target point-of-sale terminals were infected with malware

The company's CEO confirmed that attackers used malware to steal credit and debit card data from PoS systems

linksys wag200g

Cisco promises to fix vulnerability in some routers

The company plans to release firmware updates to remove an undocumented feature by the end of the month.

PCWorld News

Security analysis of mobile banking apps reveals significant weaknesses

Many apps failed to validate SSL certificates and exposed sensitive information, a researcher from IOActive said

PCWorld News

OpenSUSE forums hack raises vBulletin zero-day exploit possibility

The openSUSE site maintainers recommend using strict directory permissions and alternative authentication systems

Yahoo starts encrypting all email, but implementation is inconsistent

The company's HTTPS implementation still needs some improvements, an SSL expert said

Trojan program hijacks World of Warcraft accounts despite two-factor authentication

The malware is bundled with a fake Curse Client, the game developer said

Malware virus

Cybercrooks developing dangerous new file-encrypting ransomware, researchers warn

The new threat might be even more difficult to remove than CryptoLocker, which plagued users in recent months

password

No hypervisor vulnerability exploited in OpenSSL site breach

The compromise was the result of the hosting provider using insecure passwords for the virtualization software, the OpenSSL Project said.

cyber threats online security

The security industry found its dream enemy in 2013. And new technical challenges, too

Revelations about mass surveillance will fuel encryption adoption in the next year, but implementing it will take care, security experts say.

snapchat

Attackers could match phone numbers to Snapchat accounts, researchers say

A legitimate feature for finding friends on Snapchat lacks rate limiting and can be abused, a security research group claims

PCWorld News

Web server malware for Nginx, Apache advertised on underground market

Effusion malware infects Web servers and injects rogue content into websites

BitTorrent develops secure, decentralized chat program using public-key crypto

pcworld.com

The program will use the BitTorrent DHT peer finding protocol to locate contacts without a central server

isight camera

Researchers: Older Mac webcams can spy without activating warning light

Researchers from Johns Hopkins University created an application that can disable the LED on first-generation iSight cameras while in use.

PCWorld News

New DDoS malware targets Linux and Windows systems

Attackers use brute-force methods to guess SSH passwords and install the malware on Linux servers

PCWorld News

Mass surveillance prompts work on SSL deployment guidelines by a Internet-friendly group

A new working group of the Internet Engineering Task Force will develop best practices for deploying and using SSL/TLS with several Internet communication protocols.