Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

Web attack silently modifies DNS configurations in routers

BlackEnergy cyberespionage group adds disk wiper and SSH backdoor to its arsenal

A cyberespionage group focused on companies and organizations from the energy sector has recently updated its arsenal with a destructive data-wiping component and a backdoored SSH server.

payment terminal hacking reverse engineering HSM JTAG debugging

Poor security decisions expose payment terminals to mass fraud

Many payment terminals in Germany - and in other countries too -- were designed without following best security principles, making them vulnerable to attacks that could result in mass fraud against both customers and merchants.

juniper netscreen 5200 firewall

Juniper's VPN backdoor: buggy code with a dose of shady NSA crypto

Juniper was using a known flawed random number generator as the foundation for cryptographic operations in NetScreen's ScreenOS and the safeguards it put in place were ineffective.

Security online

Google joins Mozilla, Microsoft in pushing for early SHA-1 crypto cutoff

Google is considering banning certificates signed with the SHA-1 hashing function in Google Chrome starting Jul. 1.

juniper netscreen 5200

Juniper updates list of backdoored enterprise firewall OS versions

The administrative access issue only affects ScreenOS 6.3.0r17 through 6.3.0r20, while the VPN decryption issue affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.

Digital Key

Microsoft move to revoke trust in 20 root certificates could wreak havoc on sites

Tens of thousands of secure websites might start to display certificate errors to their visitors in January, when Microsoft plans to stop trusting 20 certificate authorities (CAs) from around the world.

Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits

pcworld.com

The Microsoft SmartScreen filtering technology built into Internet Explorer and Edge has now been updated to block Web-based attacks that silently exploit software vulnerabilities to infect computers.

victim identity theft computer problem

Over 650 terabytes of data up for grabs due to publicly exposed MongoDB databases

There are at least 35,000 publicly accessible and insecure MongoDB databases on the Internet, exposing 684.8 TB of data to potential theft.

angry linux

Vulnerability in popular bootloader puts locked-down Linux computers at risk

Pressing the backspace key 28 times can bypass the Grub2 bootloader's password protection and allow a hacker to install malware on a locked-down Linux system.

Security online

TeslaCrypt ransomware attacks intensify, shift from gamers to businesses

Over the past two weeks security researchers have seen a surge in attacks using a file-encrypting ransomware program called TeslaCrypt that's known for targeting gamers in the past.

Digital Key

Google will revoke trust in a Symantec root certificate

Very soon, the Android OS, Chrome browser and other Google products will stop trusting all digital certificates that are linked to a 20-year-old Verisign root certificate that's now controlled by Symantec.

Twitter iOS App

Twitter warns users targeted by state-sponsored hackers

Twitter has warned some of its users that they may have been targeted in an attack by state-sponsored hackers.

security code big data cyberespionage

Cyberspy group repurposes 12-year-old Bifrose backdoor

A group of hackers that primarily targets companies from key industries in Asia is using heavily modified versions of a backdoor program called Bifrose that dates back to 2004.

Digital Key

SHA-1 cutoff could block millions of users from encrypted websites

Millions of Web users could be left unable to access websites over the HTTPS protocol if those websites only use digital certificates signed with the SHA-2 hashing algorithm.

spying eye

Cyberspy group targets South American political figures, journalists

Since 2008, a group of attackers has used off-the-shelf remote access Trojans (RATs) to target political figures, journalists and public figures in several South American countries.