Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

20160225 stock mwc ericsson booth security locks

5 things you need to know about ransomware, the scary malware that locks away data

Ransomware has become a real scourge for consumers, businesses and even government institutions. Unfortunately, there's no end in sight, so here's what you should know.

Digital Key, security, encryption

Cerber ransomware sold as a service, speaks to victims

The Cerber ransomware is sold as a service to cybercriminals and contains an audio message for victims, researchers find.

20151005 cisco headquarters sign

Cisco issues critical patch for Nexus switches to remove hardcoded credentials

Cisco Systems has released software updates for its Nexus 3000 and 3500 switches in order to remove a default administrative account with static credentials that could allow remote attackers to compromise devices.

Digital Key, security, encryption

Latest attack against TLS shows the pitfalls of intentionally weakening encryption

For the third time in under a year, security researchers have found a method to attack encrypted Web communications, a direct result of weaknesses that were mandated two decades ago by the U.S. government.

Apple iPhone 5S (1)

Apple goofed in several ways in fight with FBI over data encryption, renowned cryptographer says

Adi Shamir, co-creator of the widely used RSA cryptographic algorithm, believes that Apple should have assisted the FBI in decrypting the iPhone of one of the San Bernardino shooters and choose to resist in a future situation.

drown attack logo SSLv2

New TLS decryption attack affects one in three servers due to legacy SSLv2 support

Security researchers have discovered a new weakness that could allow attackers to spy on encrypted communications between users and a third of all HTTPS servers.

Digital Key, security, encryption

CTB-Locker ransomware hits over 100 websites

A new malicious program that encrypts files on Web servers has affected at least 100 websites over the past few weeks, signaling a new trend in ransomware development.

generic image of a wi-fi router

Serious flaws discovered in Netgear and D-Link devices during mass firmware analysis

A team of security researchers found serious vulnerabilities in over a dozen wireless routers and access points from Netgear and D-Link with the help of an open-source framework that can be used to perform dynamic security analysis on embedded firmware.

Big Data, chart, chief data officer, data science

Fixing the Internet's routing security is urgent and requires collaboration

The Mutually Agreed Norms for Routing Security (MANRS), an initiative backed by the Internet Society to fix routing security on the Internet, is gaining some traction, but the number of attacks that take advantage of weaknesses in the global routing system are also growing.

microsoft headquarters

Microsoft adds new security enhancements to its cloud offerings

Microsoft is adding a range of new security features to its Office 365 and Azure cloud services as part of the company's holistic approach to enterprise security that it announced last year.

Digital Key, security, encryption

Outdated payment terminals exempted by Mozilla from SHA-1 certificate ban

Mozilla will allow Symantec to issue nine new SHA-1-signed certificates to Worldpay in order to accommodate over 10,000 payment terminals that haven't been upgraded before the issuing of such certificates was banned.

security code big data cyberespionage byte

The Sony Pictures hackers have been hitting organizations from different countries for years

The group of hackers that crippled the computer infrastructure of Sony Pictures Entertainment in late 2014 has been responsible for a large number of attacks against organizations from South Korea, the U.S. and other countries over the past seven years.

code big data binary programming

Attackers can turn Microsoft's exploit defense tool EMET against itself

Hackers can easily disable the Microsoft Enhanced Mitigation Experience Toolkit (EMET), a free tool used by companies to strengthen Windows security.

atm cash machine money

Latest attack against Russian bank employees highlights the threat to financial institutions

The employees of at least six Russian banks were recently the target of a well-crafted email attack where hackers masqueraded as the Russian Central Bank to trick them into installing malware.

Apple iPhone 5S (3)

Chinese devs abuse free Apple app-testing certs to install pirated apps

A Chinese iOS application recently found on Apple's official store contained hidden functionality that allowed users to install pirated apps on non-jailbroken devices, a technique that could also be leveraged by malware in the future.