Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

Baidu Beijing Office Sign

Baidu app component puts 100 million Android devices at risk

A software development kit created by Chinese Internet services company Baidu and used by thousands of Android applications contains a feature that gives attackers backdoor-like access to users' devices.

Digital Key

All CoinVault and Bitcryptor ransomware victims can now recover their files for free

Researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained the last set of encryption keys from command-and-control servers that were used by CoinVault and Bitcryptor, two related ransomware threats.

xen fu panda 2000px

Xen's highly critical virtual machine escape flaw gets a fix

The Xen Project fixed several vulnerabilities in its popular virtualization software, including one that could allow potential attackers to break out of a virtual machine and gain control over the host system.

Data center servers

Hackers infect MySQL servers with malware for DDoS attacks

Hackers infect MySQL database servers with a malware program that's used to launch distributed denial-of-service (DDoS) attacks.

Digital Key

Google threatens action against Symantec-issued SSL certificates following botched investigation

Google wants Symantec to publicly disclose all the certificates it issues and to undergo a third-party security audit after an incident involving the CA issuing unauthorized certificates as part of internal testing.

Cars on a busy street

U.S. copyright law exemption allows good-faith car, medical device hacking

The U.S. Copyright Office added security research on cars and medical devices to the list of exemptions from the rules prohibiting the circumvention of access controls that are used to protect works.

spying eye

South Korean manufacturing industry targeted with new backdoor program

South Korean organizations are being targeted in attacks with a new stealthy backdoor program that gives attackers full access to infected computers.

victim identity theft computer problem

Webmasters have only hours to deploy patches, Joomla incident shows

Less than four hours after a critical vulnerability was patched in Joomla, security firms already detected attacks exploiting the flaw.

bundeskanzleramt

Germany probes Regin-powered cyberespionage

The head of a German Federal Chancellery unit reportedly had his laptop infected with Regin, a cyberespionage program believed to be used by the U.S. National Security Agency and its closest intelligence allies.

Malaysia Airlines

Russian cyberspies targeted the MH17 crash investigation

A Russian cyberespioange group tried to infiltrate the international investigation into the crash of Malaysia Airlines Flight 17 (MH17) that was shot down by a missile over Ukraine in July 2014.

ip camera

Attackers hijack CCTV cameras and network-attached storage devices to launch DDoS attacks

A recently detected distributed denial-of-service (DDoS) attack was launched from 900 compromised CCTV cameras that were hijacked by hackers.

Digital Key

Mozilla mulls early cutoff for SHA-1 digital certificates

Mozilla is considering banning digital certificates signed with the SHA-1 algorithm in July 2016.

Security online

Oracle slams door on Russian cyberspies who hacked Nato PCs through Java

Oracle fixed a vulnerability in Java that a Russian cyberespionage group used to launch stealthy exploits against NATO member countries earlier this year.

my passport

Western Digital encrypted external hard drives have flaws that can expose data

The hardware-based encryption built into popular Western Digital external hard disk drives has flaws that could allow attackers to recover data without knowing the user password.

150817 google marshmallow 03

Google makes secure boot, full-disk encryption mandatory for some Android 6.0 devices

Google will require Android devices capable of decent cryptographic performance to enable full-disk encryption by default in order to be declared compatible with Android 6.0.