Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

Over 160,000 WordPress sites used as DDoS zombies

Attackers exploited the pingback feature in WordPress to use 160,000 WordPress sites as DDoS proxies, researchers from Sucuri said

PCWorld News

Joomla receives patches for zero-day SQL injection vulnerability, other flaws

An exploit for the SQL injection vulnerability has been publicly available for over a month, said security researchers from Sucuri

802.11ac routers

Cisco patches vulnerabilities in small business routers and wireless LAN controllers

The flaws can be exploited to gain unauthorized access or cause denial-of-service conditions.

android devil malware

New crimeware tool Dendroid makes it easier to create Android malware, researchers warn

The tool can be used to add malicious functionality to legitimate applications, researchers from Symantec said.

Withdrawal vulnerabilities enabled bitcoin theft from Flexcoin and Poloniex

The flaws allowed hackers to overdraw accounts on the two websites without being detected.

TP-Link Archer AC1900

Attack campaign compromises 300,000 home routers, alters DNS settings

Attackers have used a variety of techniques to exploit known vulnerabilities in router models from different manufacturers.

Mozilla accepting whitelist requests for Firefox's coming plug-in block

Developers will need to present compelling arguments for getting their plug-ins on the whitelist, Mozilla said

malware

Gameover malware tougher to kill with new rootkit component

The rootkit works on 32-bit and 64-bit Windows versions and protects the malware's components from being deleted.

securityshowdown primary

Security conference's own app leaks user info

The RSA Conference app exposes information about attendees in a SQLite database file, according to IOActive.

Security researchers urge tech companies to explain their cryptographic choices

Researchers signed an open letter outlining 10 transparency principles for companies to regain user trust following surveillance revelations

IE zero-day exploit that struck VFW website being used in widespread attacks

The exploit is being distributed from many compromised websites around the world, researchers from Symantec said

securityshowdown primary

Researchers blow past all protections in Microsoft's EMET anti-exploitation tool

The tool can't protect against determined attackers with customized exploits, researchers from Bromium claim

New iOS flaw allows malicious apps to record touch screen presses

The captured touch screen data could be used to reconstruct what users typed

PCWorld News

Hacker defaces website of IT security certification body EC-Council

The hacker claims he obtained photocopies of thousands of passports belonging to law enforcement and military officials

android devil malware

Source code for Android iBanking bot surfaces on underground forum

The leaked source code could lead to a larger number of attacks using the mobile malware, security researchers from RSA said