Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

petya ransomware logo

This nasty ransomware overwrites your PC's master boot record

The new Petya ransomware overwrites the master boot record (MBR) of the affected PCs, leaving the OS in an unbootable state, researchers from antivirus firm Trend Micro said.

Windows PowerShell logo

New ransomware abuses Windows PowerShell, Word document macros

A new ransomware program written in Windows PowerShell is being used in attacks against enterprises, including healthcare organizations, researchers from Carbon Black warn.

Digital Key, security, encryption

Malware authors quickly adopt SHA-2 through stolen code-signing certificates

Researchers from Symantec have recently found samples of the Carberp.B online banking Trojan that were digitally signed with two stolen certificates: one using a SHA-1 signature and one using a SHA-2 signature.

Java logo browser

Emergency Java update fixes two-year-old flaw after researchers bypass old patch

Oracle has released an emergency Java security update to fix a critical vulnerability that could allow attackers to compromise computers when they visit specially crafted websites.

v3 usb group 2 100018190 gallery

Stealthy USB Trojan hides in portable applications, targets air-gapped systems

A Trojan program is being distributed through USB drives and seems to be designed for stealing information from so-called air-gapped computers that are not connected to the Internet.

Microsoft Office at Cebit

Microsoft adds macros lockdown feature in Office 2016 in response to increasing attacks

Microsoft has added a new option in Office 2016 that allows administrators to block macros -- embedded automation scripts -- from running in Word, Excel and PowerPoint documents that originate from the Internet.

Badlock vulnerability logo

Prepare to patch a critical flaw in Windows and Samba file sharing in 3 weeks

Systems administrators should get ready to fix a critical vulnerability on April 12 that affects the Windows and Samba implementations of the Server Message Block (SMB) protocol.

150817 google marshmallow 06

Google warns of Android flaw used to gain root access to devices

An application that allows users to root their Android devices is taking advantage of a security flaw in the Linux kernel that has remained unpatched in Android since its discovery two years ago.

Digital Key, security, encryption

Google, Microsoft, Yahoo and others publish new email security standard

Engineers from Google, Microsoft, Yahoo, Comcast, LinkedIn and 1&1 have devised a new mechanism that improves the encryption of email traffic.

Security online

Pwn2Own contest highlights renewed hacker focus on kernel issues

Hackers have used 21 new vulnerabilities in their attacks against browsers and operatings systems during this year's Pwn2Own hacking contest.

security code big data cyberespionage byte

Safari, Chrome and Flash Player hacked during first day at Pwn2Own, some of them twice

Security researchers exploited previously unknown vulnerabilities in Apple Safari, Google Chrome and Flash Player to compromise the latest versions of OS X and Windows during the first day of the annual Pwn2Own hacking contest.


Attack campaign uses keylogger to hijack key business email accounts

A new email-based attack campaign is targeting key employees from companies in the US, Middle East and Asia with the goal of compromising their computers and email accounts.

security hacker privacy

Cyberespionage groups are stealing digital certificates to sign malware

An increasing number of cyberespionage groups are using stolen code-signing certificates to make their hacking tools and malware look like legitimate applications.

symantec encryption everywhere logo

Symantec partners with hosting providers to offer free TLS certificates to websites

Symantec will offer free basic SSL/TLS certificates to domain owners through Web hosting companies that join its new Encryption Everywhere program.

malware infection cyberattack

Documents with malicious macros deliver fileless malware to financial-transaction systems

A new spam campaign combines documents with malicious macros, encoded PowerShell scripts and fileless malware to compromise computers used for financial transactions, researchers from Palo Alto Networks found.