Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

20151005 Cisco headquarters sign

Cisco patches authentication, denial-of-service, NTP flaws in many products

Cisco Systems has released security patches for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls.

HSBC headquarters reception

Attack disrupts HSBC online banking services in the UK on tax deadline

A denial-of-service attack against HSBC in the U.K. left customers unable to access their accounts via the bank's online system.

Apple iPhone 5S (1)

Increasingly popular "hot patching" update tool for iOS apps puts users at risk

An increasing number of iOS application developers use a technique that allows them to remotely modify the code in their apps without going through the official app store's review process, an action that poses security risks for users.

Java logo browser

Oracle's killing a favorite security hole for attackers: the Java browser plug-in

Next year, the Java browser plug-in, which is frequently the target of Web-based exploits, will be retired by Oracle.

150817 google marshmallow 03

New Android ransomware uses clickjacking to gain admin privileges

A new Android ransomware app called Lockdroid.E is abusing system dialogs to hijack user clicks and grant itself administrator privileges.

PayPal logo

PayPal is the latest victim of Java deserialization bugs in Web apps

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor.

juniper netscreen 5200 firewall

U.S. Congress to federal agencies: You have two weeks to tally your backdoored Juniper kit

Around two dozen U.S. government departments and federal agencies are being questioned by the U.S. Congress on whether they were using backdoored Juniper network security appliances.

magento logo

Critical vulnerabilities patched in Magento e-commerce platform

The latest patches for the Magento e-commerce platform fix critical vulnerabilities that could allow attackers to hijack administrative accounts.

Fortinet FortiGate

FortiGuard SSH backdoor found in more Fortinet security appliances

Network security vendor Fortinet has identified an authentication issue that could give remote attackers administrative control over FortiSwitch, FortiAnalyzer and FortiCache devices.

20151005 cisco headquarters sign

Cisco fixes critical flaws in digital encoder, unified computing manager and security appliance

Cisco released security updates to fix a hard-coded root password in its Modular Encoding Platform D9036 and a vulnerable CGI script in the Cisco Unified Computing System (UCS) Manager and the Cisco Firepower 9000 Series appliances.

150817 google marshmallow 06

Google creates fix for zero-day kernel flaw, says effect on Android is greatly exaggerated

Google has developed a patch for a recently reported vulnerability in the Linux kernel and shared it with Android manufacturers.

tor logo

Privacy-conscious users rejoice: Facebook's Android app now supports Tor

Facebook has added the option to route traffic from its Android mobile app over the Tor anonymity network.

Intel Core i7

Serious flaw patched in Intel Driver Update Utility

A software utility that helps users download the latest drivers for their Intel hardware components contained a vulnerability that could have allowed man-in-the-middle attackers to execute malicious code on computers.


Advocacy group calls on health-care industry to adopt medical device security principles

Advocacy group I Am the Cavalry is urging organizations that manufacture and distribute medical devices to adopt a cybersecurity version of the Hippocratic Oath.

angry linux

Linux kernel flaw threatens millions of PCs, servers, and Android devices

A three-year-old vulnerability in the Linux kernel could have allowed attackers to take full control over Linux-based PCs, servers, Android phones and other embedded devices.