Lucian ConstantinReporter, IDG News Service, IDG News Service

Lucian Constantin writes about information security, privacy and data protection.

samsung galaxyround

Developer: some Samsung Galaxy devices contain file access backdoor

A software program shipped with some Samsung mobile devices allows access to the file system through the modem, the developers said.

Adobe patches a critical vulnerability in Shockwave Player

The flaw could enable remote code execution attacks, the company says.

NSA's plans reportedly involve infecting millions of computers with surveillance malware

Leaked documents show the agency was planning to expand its infrastructure for active attacks since at least 2009.

adobe flash logo

Adobe patches two important security holes in Flash Player

The vulnerabilities don't allow remote code execution, but can be exploited to bypass other security restrictions

Over 160,000 WordPress sites used as DDoS zombies

Attackers exploited the pingback feature in WordPress to use 160,000 WordPress sites as DDoS proxies, researchers from Sucuri said

PCWorld News

Joomla receives patches for zero-day SQL injection vulnerability, other flaws

An exploit for the SQL injection vulnerability has been publicly available for over a month, said security researchers from Sucuri

802.11ac routers

Cisco patches vulnerabilities in small business routers and wireless LAN controllers

The flaws can be exploited to gain unauthorized access or cause denial-of-service conditions.

android devil malware

New crimeware tool Dendroid makes it easier to create Android malware, researchers warn

The tool can be used to add malicious functionality to legitimate applications, researchers from Symantec said.

Withdrawal vulnerabilities enabled bitcoin theft from Flexcoin and Poloniex

The flaws allowed hackers to overdraw accounts on the two websites without being detected.

TP-Link Archer AC1900

Attack campaign compromises 300,000 home routers, alters DNS settings

Attackers have used a variety of techniques to exploit known vulnerabilities in router models from different manufacturers.

Mozilla accepting whitelist requests for Firefox's coming plug-in block

Developers will need to present compelling arguments for getting their plug-ins on the whitelist, Mozilla said

malware

Gameover malware tougher to kill with new rootkit component

The rootkit works on 32-bit and 64-bit Windows versions and protects the malware's components from being deleted.

securityshowdown primary

Security conference's own app leaks user info

The RSA Conference app exposes information about attendees in a SQLite database file, according to IOActive.

Security researchers urge tech companies to explain their cryptographic choices

Researchers signed an open letter outlining 10 transparency principles for companies to regain user trust following surveillance revelations

IE zero-day exploit that struck VFW website being used in widespread attacks

The exploit is being distributed from many compromised websites around the world, researchers from Symantec said