Lucian ConstantinReporter, IDG News Service, IDG News Service

Lucian Constantin writes about information security, privacy and data protection.

malware

Financial malware program appears to communicate with attackers over the darknet

The malware is called i2Ninja and uses the I2P network (also called the darknet) as a command-and-control (C&C) channel, according to security researchers.

Trojan program steals log-in credentials, other sensitive data from SAP client applications

A recently discovered malicious program steals log-in passwords and other sensitive information from SAP client applications and allows cybercriminals to access SAP servers from infected workstations.

fire

GitHub bans weak passwords after brute-force attack results in compromised accounts

Popular source code repository service GitHub has recently been hit by a brute-force password-guessing attack that successfully compromised some accounts.

Hackers reportedly stole 42 million customer records from online dating network Cupid Media

Hackers reportedly stole 42 million customer records including email addresses and clear-text passwords from Cupid Media, a network of dating websites.

Google strengthens its SSL configuration against possible attacks

The company completed its planned switch to SSL certificates with 2048-bit keys ahead of schedule.

Malware virus

Hackers actively exploiting JBoss vulnerability to compromise servers

Attackers are actively exploiting a known vulnerability to compromise JBoss Java EE application servers that expose the HTTP Invoker service to the Internet in an insecure manner.

Hackers claim they used zero-day vulnerability to breach vBulletin support forum

A group of hackers claim to have exploited an undocumented vulnerability in the vBulletin Internet forum software in order to break into the MacRumors.com and vBulletin.com forums.

British spies monitor hotel bookings of diplomats around the world

The U.K.'s intelligence agency Government Communications Headquarters (GCHQ) has reportedly built an automated system to track the hotel bookings of foreign diplomats when travelling abroad for international summits or work meetings.

Google fixes Chrome vulnerabilities exploited at Pwn2Own contest

New versions of Chrome for Windows, Mac, Linux and Android patch a full sandbox escape vulnerability.

Cybercriminals target Silverlight browser plug-in users with new exploit kit

It’s not clear how many users have Silverlight installed on their computers, but their number is likely to be in the tens of millions.

Researchers hack Internet Explorer 11 and Chrome at Mobile Pwn2Own

Security researchers have compromised Microsoft Surface RT, Nexus 4 and Samsung Galaxy S4 devices by exploiting previously unknown vulnerabilities in Internet Explorer 11 running on Windows 8.1 and Google Chrome running on Android.

Adobe patches critical vulnerabilities in Flash Player, ColdFusion

Vulnerabilities in Adobe's software could have allowed unauthorized remote code execution or remote read access.

Microsoft Patch Tuesday advisories urge ditching old, weak crypto algorithms

Microsoft patched serious vulnerabilities Tuesday in Windows, Internet Explorer and Office, but also urged customers to stop using the aging RC4 cipher and SHA-1 hashing function in their systems and services.

Facebook forces some users to reset passwords because of Adobe data breach

Facebook locked some users out of their accounts after determining that their log-in credentials were exposed as a result of a security breach at Adobe.

on techhive.com

Spying digital

British spies reportedly spoofed LinkedIn, Slashdot to target network engineers

British intelligence agency Government Communications Headquarters (GCHQ) reportedly used spoofed LinkedIn and Slashdot pages to compromise the computers of network engineers working for global roaming exchange providers based in Europe.