Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

Digital Key, security, encryption

Researcher hides stealthy malware inside legitimate digitally signed files

A new technique allows attackers to hide malicious code inside digitally signed files without breaking their signatures and then to load that code directly into the memory of another process.

Ivan Krstic Apple security Black Hat

Appleā€™s bug bounty program favors quality over quantity

After years of reluctance to pay researchers for exploits, Apple has given in and is ready to hand out up to US$200,000 for critical vulnerabilities found in the latest version of iOS and the newest iPhones.

Patrick Watson Nir Valtman point-of-sale POS PIN pad card reader

Stealing payment card data and PINs from POS systems is dead easy

The communications between card readers and point-of-sale systems is not secure and attackers can tap them to steal payment card data and even PIN numbers.

magnetic card spoof point-of-sale hotel

This tiny device can infect point-of-sale systems and unlock hotel rooms

Millions of point-of-sale systems and hotel room locks can be hacked by temporarily placing a small, inexpensive device several inches away from their card readers.

rio olympics tickets

Cybercrime infrastructure being ramped up in Brazil ahead of Olympics

Over the past few months, cybercriminals have set up a large number of malicious domains and servers in Brazil in anticipation to the Rio 2016 Olympics.

Android character at MWC 2014 Barcelona

New Android Trojan SpyNote leaks on underground forums

A new and potent Android Trojan has been leaked on several underground forums, making it available for free to less resourceful cybercriminals who are now likely to use it in attacks.

code big data binary programming

Long-running malvertising campaign infected thousands of computers per day

Security researchers have shut down a large-scale malvertising operation that used sophisticated techniques to remain undetected for months and served exploits to millions of computers.

Android N statue

Google beefs Linux up kernel defenses in Android

The future versions of Android will be more resilient to exploits thanks to developers' efforts to integrate the latest Linux kernel defenses into the operating system.a

Digital Key, security, encryption

Rival gang leaks decryption keys for Chimera ransomware

The creators of the Petya and Mischa ransomware programs leaked around 3,500 RSA private keys allegedly corresponding to systems infected with another ransomware program called Chimera.

security hacker privacy

Cyberespionage group Patchwork sets its sights on multiple industries

A cyberespionage group known for targeting diplomatic and governmental institutions has branched out into many other industries, including aviation, broadcasting, and finance, researchers warn.

20160224 stock mwc qualcomm booth sign

Devices with Qualcomm modems safe from critical ASN.1 telecom flaw

Smartphones equipped with Qualcomm modems are not vulnerable to a recently announced vulnerability that could potentially allow attackers to take over cellular network gear and consumer mobile devices.

Digital Key, security, encryption

Free your files! No-cost decryption tools released for two ransomware programs

Security researchers have released tools this week that could help users recover files encrypted by two relatively new ransomware threats: Bart and PowerWare.

20151027 openworld dell sign

Dell patches critical flaws in SonicWALL Global Management System

Dell has patched several critical flaws in its central management system for SonicWALL enterprise security appliances, such as firewalls and VPN gateways.

code vulnerability software

Flaws in Oracle file processing SDKs affect major third-party products

Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday also affect products from third-party software vendors, including Microsoft.

20151027 openworld oracle cloud signs

Oracle issues largest patch bundle ever, fixing 276 security flaws

Oracle has released a new batch of security updates for over 80 products from its software portfolio in order to fix 276 vulnerabilities.