Lucian ConstantinReporter, IDG News Service, IDG News Service

Lucian Constantin writes about information security, privacy and data protection.

cisco_logo

Cisco IOS updates fix 10 denial-of-service vulnerabilities

Cisco Systems has patched 10 vulnerabilities that could impact the availability of devices using various versions of its IOS software.

Information-theft malware 'Napolar' is gaining traction, researchers warn

A new piece of information-stealing malware that appeared earlier this year has been rapidly gaining traction during the past few weeks, with hundreds of infection attempts being detected every day by antivirus vendors.

Malware virus

Malicious browser extensions pose a serious threat and defenses are lacking

Although the number of malicious browser extensions has significantly increased in the past year many security products fail to offer adequate protection against them, while others are simply not designed to do so, according to a security researcher.

Google Chrome to block and banish plugins built using popular NPAPI architecture

Plug-ins based on the NPAPI architecture will be blocked by default in Chrome starting early next year as Google moves toward completely removing support for them in the browser.

Apache Struts security update disables vulnerable feature

A new version of the Apache Struts development framework released Friday disables a mechanism called the Dynamic Method Invocation that's a known source of possible security vulnerabilities.

Rogue hardware used in attempted cyberheist at Santander bank branch

A criminal gang attempted to plant a rogue hardware device on the network of a Santander bank branch in London to remotely control a computer and steal money.

Oracle adds long-awaited whitelisting capabilities to Java

Oracle added a feature in Java that lets companies control what specific Java applets are allowed to run on their endpoint computers, which could help them better manage Java security risks.

Small business cybercrime

Cyberspies attack key South Korean institutions, North Korean hackers suspected

The attack campaign, which has been dubbed “Kimsuky,” involves the use of malware to steal sensitive information from South Korean research institutions.

security

Flash Player, Reader and Shockwave Player get critical security updates

The new updates to Adobe's Flash Player, Reader and Shockwave Player address vulnerabilities that could allow attackers to compromise computers.

Touch ID

Researchers: Fingerprint sensor in iPhone 5S is no silver bullet

The fingerprint sensor in Apple's new iPhone 5S has the potential to enhance the security of the device, but the devil will be in the details.

android malware

Email spam campaign distributes Android scareware

Android malware is following in the footsteps of Windows malware with attackers adopting some of the same distribution and monetization techniques despite the major differences between the platforms.

us capitol with flag

Leaked U.S. spying budget reveals investments in 'groundbreaking' cryptanalysis

The U.S. intelligence community is reportedly using a fifth of its $52.6 billion annual budget to fund cryptography-related programs and operations. according to a report in The Washington Post

malware

vBulletin Internet forum software users warned of potential exploit

The developers of the popular vBulletin software used for commercial Internet forums advise users to delete the ‘install’ directory from their vBulletin installations.

cisco_logo

Cisco fixes critical remote command execution vulnerability in Secure Access Control Server

Cisco Systems released security patches for Secure Access Control Server (Secure ACS) for Windows to address a critical vulnerability that could allow unauthenticated attackers to remotely execute arbitrary commands and take control of the underlying operating system.

Spear phishing led to DNS attack against the New York Times, others

The cyberattack that resulted in nytimes.com and some other high-profile websites being inaccessible to a large number of users Tuesday started with a targeted phishing attack against a reseller for Melbourne IT, an Australian domain registrar and IT services company.