Lucian ConstantinReporter, IDG News Service, IDG News Service

Lucian Constantin writes about information security, privacy and data protection.

D'oh! Basic flaw in WhatsApp could allow attackers to decrypt messages

The popular mobile messaging application WhatsApp Messenger has a major design flaw in its cryptographic implementation that could allow attackers to decrypt intercepted messages, according to a Dutch developer.

Four suspected users of Silk Road Internet drug marketplace arrested in the UK

After arresting four men for drug offenses in connection with their involvement in Silk Road, U.K.'s new National Crime Agency promises that more arrests related to the Internet underground market will follow.

Black Hole

Blackhole exploit kit author arrested in Russia

Russian authorities have arrested the main developer of the notorious Blackhole exploit kit, one of the most popular attack tools used to infect Web users with malware.

LeaseWeb domain name hijacked

Hosting provider LeaseWeb falls victim to DNS hijacking

Hosting provider LeaseWeb became the latest high-profile company to have its domain name taken over by attackers, highlighting that DNS (Domain Name System) hijacking is a significant threat, even to technically adept businesses.

Malware virus

Web hosting firms at risk from critical vulnerability in WHMCS billing and support system

The developers of WHMCS, a popular client management, billing and support application for Web hosting providers, released emergency security updates Thursday to patch a critical vulnerability that was publicly disclosed.

Mozilla unmasks security flaw in Persona, warns other OpenID implementers

Mozilla Persona allows users to verify their ownership of one or more email addresses and then use those addresses to authenticate on websites.

Silent Circle ditches NIST cryptographic standards to thwart NSA spying

The U.S. National Security Agency's reported efforts to weaken encryption standards have prompted an encrypted communications company to move away from cryptographic algorithms sanctioned by the U.S. National Institute of Standards and Technology (NIST).

Small business cybercrime

Public release of IE exploit could spark widespread attacks

An exploit for a vulnerability that affects all versions of Internet Explorer and has yet to be patched by Microsoft has been integrated into the open-source Metasploit penetration testing tool, a move that might spur an increasing number of attacks targeting the flaw.

Symantec seizes part of massive peer-to-peer botnet ZeroAccess

One of the largest botnets in existence has lost access to more than a quarter of the infected machines it controlled.

malware

Brute-force malware targets email and FTP servers

A piece of malware designed to launch brute-force password guessing attacks against websites built with popular content management systems like WordPress and Joomla has started being used to also attack email and FTP servers.

IE zero-day vulnerability exploited more widely than previously thought

A recently announced and yet-to-be-patched vulnerability that affects all versions of Microsoft Internet Explorer (IE) has been exploited in targeted attacks against organizations in Taiwan since the beginning of July, according to security researchers.

cisco_logo

Cisco IOS updates fix 10 denial-of-service vulnerabilities

Cisco Systems has patched 10 vulnerabilities that could impact the availability of devices using various versions of its IOS software.

Information-theft malware 'Napolar' is gaining traction, researchers warn

A new piece of information-stealing malware that appeared earlier this year has been rapidly gaining traction during the past few weeks, with hundreds of infection attempts being detected every day by antivirus vendors.

Malware virus

Malicious browser extensions pose a serious threat and defenses are lacking

Although the number of malicious browser extensions has significantly increased in the past year many security products fail to offer adequate protection against them, while others are simply not designed to do so, according to a security researcher.

Google Chrome to block and banish plugins built using popular NPAPI architecture

Plug-ins based on the NPAPI architecture will be blocked by default in Chrome starting early next year as Google moves toward completely removing support for them in the browser.