Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

code programming software bugs cybersecurity

Flaws in Moodle CMS put thousands of e-learning websites at risk

Organizations that use the popular Moodle learning management system should deploy the latest patches as soon as possible because they fix vulnerabilities that could allow attackers to take over web servers.

Security online

Pwn2Own hacking contest ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

Digital Key encryption

Some HTTPS inspection tools might weaken security

Companies that use security products to inspect HTTPS traffic might inadvertently make their users' encrypted connections less secure and expose them to man-in-the-middle attacks, the U.S. Computer Emergency Readiness Team warns.

security hacker privacy

String of fileless malware attacks possibly tied to single hacker group

Several attacks observed over the past few months that rely heavily on PowerShell, open-source tools and fileless malware techniques, might be the work of a single group of hackers.

ubiquiti rocket m base station

Unpatched vulnerability puts Ubiquiti networking products at risk

An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.

hacker, hackers, hacking

Adobe Reader, Edge, Safari, and Ubuntu fall during first day at Pwn2Own

During the first day of the Pwn2Own hacking contest, security researchers successfully demonstrated exploits against Microsoft Edge, Apple's Safari, Adobe Reader, and Ubuntu Desktop.

microsoft stock campus building

Microsoft fixes record number of flaws, some publicly known

Microsoft's batch of security patches for March is one of the largest ever and includes fixes for several vulnerabilities that are publicly known and actively exploited.

Adware security

Malicious uploads allowed hijacking of WhatsApp and Telegram accounts

A vulnerability patched in the web-based versions of encrypted communications services WhatsApp and Telegram would have allowed attackers to take over accounts by sending users malicious files masquerading as images or videos.

petya ransomware logo

Hackers use dangerous Petya ransomware in targeted attacks

A group of attackers has found a way to hijack the Petya ransomware and use it in targeted attacks against companies without the program creators' knowledge.

Digital Key encryption

It's time for websites to turn on HTTPS encryption: the benefits are worth the effort

The number of websites supporting HTTPS has skyrocketed over the past year and there are many benefits for turning on encryption on your website today.

20160225 stock mwc ericsson booth security locks

How much are vendor security assurances worth after the CIA leaks?

Google, Apple, Microsoft and other software vendors are working to identify and patch the vulnerabilities described in the CIA leak, but ultimately this doesn't change the status quo of software security.

Security

After CIA leak, Intel Security releases detection tool for EFI rootkits

Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code.

code programming software bugs cybersecurity

Hackers exploit Apache Struts vulnerability to compromise corporate web servers

Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

hacker, hackers, hacking

Leaked docs suggest NSA and CIA behind Equation cyberespionage group

Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of CIA's own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation.

cia

CIA false flag team repurposed Shamoon data wiper, other malware

The U.S. Central Intelligence Agency documents published by WikiLeaks Tuesday shows that one of the agency's teams specializes in reusing bits of code and techniques from public malware samples.