Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

PCWorld News

Even without breaches, don't count on websites to hide that you have an account with them

Online dating websites Adult Friend Finder and Ashley Madison were exposed to account enumeration attacks, researcher finds

PCWorld News

Researchers disclose four unpatched vulnerabilities in Internet Explorer

The reports contain limited information, making exploit development hard and unlikely

computer security stock image

WordPress gets critical patch for nasty XSS flaw

WordPress 4.2.3 fixes a cross-site scripting flaw that could be used to compromise websites

PCWorld News

Microsoft follows Google to crack down on revenge porn

A special Web form will allow revenge porn victims to report content they want removed from Bing, OneDrive or Xbox Live

passwordmanagers

Bug opens OpenSSH servers to brute-force password attacks

The keyboard-interactive authentication setting could allow for thousands of password retries, a researcher found

PCWorld News

Former Hacking Team supplier stops selling zero-day exploits on ethical grounds

U.S.-based Netragard has terminated its zero-day exploit selling program in response to revelations about Hacking Team's customers

hackingback

Cyberspies love new exploits revealed in Hacking Team leak

Advanced hacking group uses a second Flash exploit leaked from the surveillance software maker.

Latest Flash Player update hardens its low-level exploit defenses

Adobe worked with Google to make Flash Player vulnerabilities harder to exploit

PCWorld News

New point-of-sale malware distributed by Andromeda botnet

Attackers use spam to infect systems with the Andromeda backdoor and then deploy GamaPoS on select point-of-sale machines

hackingback

Encrypted Web and Wi-Fi in danger as RC4 attacks become more practical

Researchers show they can recover sensitive cookies from RC4-encrypted TLS connections in 75 hours

java

Oracle patches already-exploited Java zero-day flaw, over 190 other vulnerabilities

Users should update Java as soon as possible because attackers are already taking advantage of at least one vulnerability.

hackingback

Hacking Team's malware uses a UEFI rootkit to survive operating system reinstalls

The feature allows the company's software to persist even if the hard disk drive if replaced.

PCWorld News

Cyberespionage group Pawn Storm uses exploit for unpatched Java flaw

The exploit was used in attacks against the armed forces of a NATO country and a U.S. defense organization

hackingback

Hacking Team's arsenal included at least three unpatched exploits for Flash Player

The vulnerabilities leveraged by two of the exploits have yet to be patched

Second Flash Player zero-day exploit found in Hacking Team's data

Adobe plans to patch the vulnerability next week, but attackers might move quicker.