Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

adobe san jose

Adobe patches critical vulnerability in ColdFusion application server

Adobe Systems released critical security patches for its ColdFusion application server which has been a target for hackers in the past.

security code big data cyberespionage DDoS

Poisoned Word docs deploy rogue web proxies to hijack your encrypted traffic

A new attack analyzed by malware researchers from Microsoft uses Word documents with malicious code that configures browsers to use a web proxy controlled by attackers.

Digital Key, security, encryption

New ransomware threat deletes files from Linux web servers

A destructive ransomware program deletes files from web servers and asks administrators for money to return them, though it's not clear if attackers can actually deliver on this promise.

malware payment terminal credit card

Sophisticated malware possibly tied to recent ATM heists in Thailand

Security researchers have found a sophisticated malware program that may have been used recently by a gang of hackers to steal more than $350,000 from ATMs in Thailand.


Mozilla launches free website security scanning service

Mozilla has built an online scanner that can check if websites have the best security settings in place.

20151005 Cisco headquarters sign

Cisco starts patching firewall devices against NSA-linked exploit

Cisco Systems has started releasing security patches for a critical flaw in Adaptive Security Appliance (ASA) firewalls targeted by an exploit linked to the U.S. National Security Agency.

Paul Stone Alex Chapman DEFCON WPAD

Disable WPAD now or have your accounts and private data compromised

Security researchers have recently highlighted serious risks introduced by the Web Proxy Auto-Discovery Protocol (WPAD), which is enabled by default on Windows and is supported by other operating systems as well.

microsoft headquarters

Microsoft patches 27 flaws in Windows, Office, IE, and Edge

Microsoft has released another batch of security patches, fixing 27 vulnerabilities in Windows, Microsoft Office, Internet Explorer, and its new Edge browser.

150817 google marshmallow 06

Qualcomm-powered Android devices plagued by four rooting flaws

Hundreds of millions of Android devices based on Qualcomm chipsets are likely exposed to at least one of four critical vulnerabilities that allow non-privileged apps to take them over.

power analysis safe electronic lock

High-security electronic safes can be hacked through power and timing analysis

A hacker showed that high-security electronic safe locks are susceptible to power and timing side-channel attacks like those used to defeat cryptosystems.

Digital Key, security, encryption

Researcher hides stealthy malware inside legitimate digitally signed files

A new technique allows attackers to hide malicious code inside digitally signed files without breaking their signatures and then to load that code directly into the memory of another process.

Ivan Krstic Apple security Black Hat

Apple’s bug bounty program favors quality over quantity

After years of reluctance to pay researchers for exploits, Apple has given in and is ready to hand out up to US$200,000 for critical vulnerabilities found in the latest version of iOS and the newest iPhones.

Patrick Watson Nir Valtman point-of-sale POS PIN pad card reader

Stealing payment card data and PINs from POS systems is dead easy

The communications between card readers and point-of-sale systems is not secure and attackers can tap them to steal payment card data and even PIN numbers.

magnetic card spoof point-of-sale hotel

This tiny device can infect point-of-sale systems and unlock hotel rooms

Millions of point-of-sale systems and hotel room locks can be hacked by temporarily placing a small, inexpensive device several inches away from their card readers.

rio olympics tickets

Cybercrime infrastructure being ramped up in Brazil ahead of Olympics

Over the past few months, cybercriminals have set up a large number of malicious domains and servers in Brazil in anticipation to the Rio 2016 Olympics.