Lucian ConstantinReporter, IDG News Service, IDG News Service

Lucian Constantin writes about information security, privacy and data protection.

IE zero-day exploit that struck VFW website being used in widespread attacks

The exploit is being distributed from many compromised websites around the world, researchers from Symantec said

securityshowdown primary

Researchers blow past all protections in Microsoft's EMET anti-exploitation tool

The tool can't protect against determined attackers with customized exploits, researchers from Bromium claim

New iOS flaw allows malicious apps to record touch screen presses

The captured touch screen data could be used to reconstruct what users typed

PCWorld News

Hacker defaces website of IT security certification body EC-Council

The hacker claims he obtained photocopies of thousands of passports belonging to law enforcement and military officials

android devil malware

Source code for Android iBanking bot surfaces on underground forum

The leaked source code could lead to a larger number of attacks using the mobile malware, security researchers from RSA said

adobe flash logo

Adobe Flash exploit targets security, public policy sites

The attackers appear to be gathering broad intelligence about visitors to three websites, FireEye says

PCWorld News

Cisco fixes unauthorized access, denial-of-service flaws in several products

The vulnerabilities could allow attackers to take control of affected devices or cause them to become unresponsive

linksys wag320n image

Exploit released for vulnerability targeted by Linksys router worm

The list of affected router models is larger than previously thought

linksys e4200 router

Weird, self-replicating 'TheMoon' worm crawls into Linksys routers

A self-replicating program infects Linksys routers by exploiting an authentication bypass vulnerability

Dozens of rogue self-signed SSL certificates used to impersonate high-profile sites

The certificates could be used to launch man-in-the-middle attacks against desktop and mobile apps with poor certificate validation

PCWorld News

Denial-of-service vulnerability puts Apache Tomcat servers at risk

Attackers can cause Tomcat processes to use all available CPU resources by sending malformed HTTP requests

Adobe patches two critical vulnerabilities in Shockwave Player

The flaws could allow attackers to execute malicious code on computers remotely

Slew of spoofs used in massive, record-breaking DDoS attack

The attack peaked at over 400Gbps according to CloudFlare, the company whose infrastructure was targeted

Unveiling 'The Mask': Sophisticated malware ran rampant for 7 years

The attack campaign is highly sophisticated and appears to be a state-sponsored operation.

Snapchat vulnerability can be exploited to crash iPhones, researcher says

Snapchat request tokens can be resused to launch denial-of-service attacks against the app's users.