Lucian ConstantinReporter, IDG News Service, IDG News Service

Lucian Constantin writes about information security, privacy and data protection.

PCWorld News

Attackers exploited ColdFusion vulnerability to install Microsoft IIS malware

The malware works as an IIS module and can capture data entered by users in Web forms

EFF criticizes Google for removing 'vital privacy feature' with Android 4.4.2

The new Android update disables a feature that allowed users to revoke permissions for installed apps.

PCWorld News

Mozilla advises webmasters to implement X-Frame-Options security header

The header can easily solve many security problems, a Mozilla security engineer said

PCWorld News

Nvidia exploit could turn render farms into password crackers, bitcoin miners, researchers claim

A flaw in Nvidia Mental Ray software can be exploited to compromise server clusters used for 3D rendering, researchers from ReVuln said.

adobe flash logo

Adobe patches critical vulnerabilities in Flash Player, Shockwave

An exploit targets one of the vulnerabilities by using Flash content embedded in Microsoft Word documents, Adobe warns

PCWorld News

Update vulnerability in third-party SDK exposes some Android apps to attacks

Attackers could force apps using the HomeBase SDK to download and execute rogue code, researchers from Bitdefender said,

Hackers said to infiltrate European foreign affairs ministries ahead of G20

Syria-themed rogue emails were used to infect computers of foreign affairs ministers in five European countries, FireEye researchers said

PCWorld News

French government sub-CA issues unauthorized certificates for Google domains

The certificates were used to inspect encrypted traffic on a private network, Google said.

Russia arrests creator of the devastating Blackhole exploit kit, 12 others

The suspects are charged with creating and participating in a criminal organization.

New website lets users check if their online credentials were exposed in hack attacks

The site combines email addresses corresponding to accounts exposed in data breaches at Adobe, Yahoo, Stratfor, Gawker and Sony

malware

Point-of-sale malware infections on the rise, researchers warn

Researchers from Arbor Networks and IntelCrawler identify new attacks using malware designed for point-of-sale systems.

Ruby on Rails security updates patch XSS, DoS vulnerabilities

The updates also strengthen the protection for a vulnerability patched in January

Akamai to buy DDoS protection specialist Prolexic

Content delivery services provider Akamai Technologies plans to buy Prolexic Technologies, a distributed denial-of-service (DDoS) mitigation specialist, for US$370 million in cash.

Google Nexus phones vulnerable to denial-of-service attack via SMS

Attackers could force phones from Google's Nexus line to reboot or fail to connect to the mobile Internet service by sending a large number of special SMS messages to them.

New Windows privilege escalation flaw exploited in active attacks

A vulnerability in Windows XP and Windows Server 2003 is exploited with a flaw in Adobe Reader in a new attack, researchers at FireEye said.