Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

Mozilla Firefox browser

Unlike Mozilla, Google anticipated SHA-1 errors caused by HTTPS traffic inspection systems

Unlike Mozilla, Google plans to ban only SHA-1 certificates that were issued after Jan. 1 by public certificate authorities, not self-generated ones too.

security hacker privacy

Antivirus software could make your company more vulnerable

Cyberespionage groups could easily exploit vulnerabilities in antivirus programs to break into corporate networks, according to vulnerability researchers who have analyzed such products in recent years.

atm cash machine money

Authorities dismantle criminal gang that used malware to steal cash from ATMs

Law enforcement authorities from Romania and Republic of Moldova dismantled a gang of criminals that stole 200,000 euros from ATMs in the E.U. and Russia after infecting them with a malware program.

drupal 7

Drupal sites at risk due to insecure update mechanism

The update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates.

Digital Key, security, encryption

Continued support for MD5 endangers widely used cryptographic protocols

Researchers from the INRIA institute in France have devised several attacks which prove that the continued support for MD5 in cryptographic protocols is much more dangerous than previously believed.

Digital Key, security, encryption

Third try is no charm for failed Linux ransomware creators

Researchers found a flaw that allows them to decrypt files affected by a new version of Linux.Encoder, a file-encrypting ransomware program that infects Linux Web servers.

Security online

Exploit broker places $100k bounty on bypassing Flash Player's latest defenses

Exploit acquisition firm Zerodium is offering up to $100,000 for exploits that bypass Flash Player's latest heap isolation protection.

150817 google marshmallow 03

Google fixes dangerous rooting vulnerabilities in Android

Media processing and kernel privilege escalation flaws were patched in the January Android security update.

Web attack silently modifies DNS configurations in routers

BlackEnergy cyberespionage group adds disk wiper and SSH backdoor to its arsenal

A cyberespionage group focused on companies and organizations from the energy sector has recently updated its arsenal with a destructive data-wiping component and a backdoored SSH server.

payment terminal hacking reverse engineering HSM JTAG debugging

Poor security decisions expose payment terminals to mass fraud

Many payment terminals in Germany - and in other countries too -- were designed without following best security principles, making them vulnerable to attacks that could result in mass fraud against both customers and merchants.

juniper netscreen 5200 firewall

Juniper's VPN backdoor: buggy code with a dose of shady NSA crypto

Juniper was using a known flawed random number generator as the foundation for cryptographic operations in NetScreen's ScreenOS and the safeguards it put in place were ineffective.

Security online

Google joins Mozilla, Microsoft in pushing for early SHA-1 crypto cutoff

Google is considering banning certificates signed with the SHA-1 hashing function in Google Chrome starting Jul. 1.

juniper netscreen 5200

Juniper updates list of backdoored enterprise firewall OS versions

The administrative access issue only affects ScreenOS 6.3.0r17 through 6.3.0r20, while the VPN decryption issue affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.

Digital Key, security, encryption

Microsoft move to revoke trust in 20 root certificates could wreak havoc on sites

Tens of thousands of secure websites might start to display certificate errors to their visitors in January, when Microsoft plans to stop trusting 20 certificate authorities (CAs) from around the world.

Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits

pcworld.com

The Microsoft SmartScreen filtering technology built into Internet Explorer and Edge has now been updated to block Web-based attacks that silently exploit software vulnerabilities to infect computers.