Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

cia

CIA false flag team repurposed Shamoon data wiper, other malware

The U.S. Central Intelligence Agency documents published by WikiLeaks Tuesday shows that one of the agency's teams specializes in reusing bits of code and techniques from public malware samples.

Android Google marshmallow

Android gets patches for critical OpenSSL, media server and kernel driver flaws

A five-month-old flaw in Android's SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.

Legislation of privacy security keyboard law legal gavel court ruling

US DOJ drops child porn case to avoid disclosing Tor exploit

The U.S. Department of Justice is asking a federal court to dismiss its indictment in a case that involves a child porn site known as Playpen after a judge asked the government to disclose the hacking technique it used to gather evidence.

code programming software bugs cybersecurity

HackerOne offers bug bounty service for free to open-source projects

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

malware attack cyberespionage code hacker

Fileless Powershell malware uses DNS as covert communication channel

Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols that are less frequently monitored.

Digital Key encryption

Free decryption tools now available for Dharma ransomware

If you've been hit by Dharma ransomware, great news: Researchers have created decryption tools for the Dharma ransomware after someone recently leaked the encryption keys for it.

chrome intro

Chrome for MacOS will block rogue ad injections and settings changes

Google has expanded its Safe Browsing service, allowing Google Chrome on macOS to better protect users from programs that locally inject ads into web pages or that change the browser's home page and search settings.

robot hacking security A.I.

Robots are just as plagued by security vulnerabilities as IoT devices

A security analysis of robots used in homes, businesses and industrial installations has revealed many of the same basic security weaknesses that are commonly found in IoT devices, raising questions about the implications for human safety.

20151005 cisco hq sign 100620823 orig

This tool can help you discover Cisco Smart Install protocol abuse

Cisco's Talos team has released a tool that allows network owners to discover switches on their networks that might be vulnerable to Cisco Smart Install (SMI) attacks.

code hacker cyberespionage eye data

SHA-1 collision can break SVN code repositories

The recently announced SHA-1 collision attack has the potential to break code repositories that use the Subversion (SVN) revision control system.

microsoft stock campus building

Google discloses unpatched IE vulnerability after Patch Tuesday delay

Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.

security code big data cyberespionage byte

Serious Cloudflare bug revealed secret user data from major websites

For months a bug in Cloudflare's content optimization systems exposed sensitive information sent by users to websites including passwords, session cookies, authentication tokens and even private messages.

Digital Key encryption

Stop using SHA1 encryption: It’s now completely unsafe, Google proves

Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature.

Security online

Eleven-year-old root flaw found and patched in the Linux kernel

Linux system administrators should watch for kernel updates for their distributions and apply them as soon as possible because they fix a local privilege escalation flaw that could lead to a full system compromise.

Digital Key encryption

New macOS ransomware spotted in the wild

A new file-encrypting ransomware program for macOS is being distributed through bittorrent websites and users who fall victim to it won’t be able to recover their files, even if they pay.