Lucian ConstantinCSO Senior Writer, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for CSO.

robot hacking security AI

Critical flaw in PHPMailer library puts millions of websites at risk

A critical remote code execution vulnerability in PHPMailer, one of the most widely used PHP email sending libraries, could put millions of websites at risk of hacking.

Apple iPhone 5S (1)

Apple gives iOS app developers more time to encrypt communications

Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year.

security code big data cyberespionage byte

The group that hacked the DNC infiltrated Ukrainian artillery units

The cyberespionage group blamed for hacking into the U.S. Democratic National Committee (DNC) has also infiltrated the Ukrainian military through a trojanized Android application used by artillery units.

Digital Key encryption

Encrypted messaging app Signal uses Google to bypass censorship

Developers of the popular Signal secure messaging app have started to use Google's domain as a front to hide traffic to their service and to sidestep blocking attempts.

VMware headquarters

VMware removes hard-coded root access key from vSphere Data Protection

VMware released a hotfix for vSphere Data Protection (VDP) to change a hard-coded SSH key that could allow remote attackers to gain root access to the virtual appliance.

Badlock vulnerability logo

Google researchers help developers test cryptographic implementations

Security experts from Google have developed a test suite that allows developers to find weaknesses in their cryptographic libraries and implementations.

20160225 stock mwc ericsson booth security locks

The year ransomware became one of the top threats to enterprises

Ransomware creators are increasingly targeting companies and other organizations, sometimes using techniques borrowed from cyberespionage attacks, because they're likely to pay more money for their data.

malware attack cyberespionage code hacker

Cyberattack suspected in Ukraine power outage

A new power outage that affected parts of Kiev and the surrounding region in Ukraine late Saturday might have been the result of a cyberattack.

encryption security Android

Mobile banking trojans adopt ransomware features

Cybercriminals are adding file-encrypting features to traditional mobile banking trojans, creating hybrid threats that steal sensitive information and lock user files at the same time.

macbookpro

Apple's macOS file encryption easily bypassed without the latest fixes

Without the macOS update released this week, Apple's disk encryption can be easily bypassed by connecting a specially crafted device to a locked MacBook.

20160225 stock mwc ericsson booth security locks

Ransomware fighting coalition adds new members and decryption tools

The No More Ransom project, a coalition of law enforcement and security companies, has expanded with 30 new members and added 32 new decryption tools for various ransomware variants.

adobe systems headquarters san jose

Adobe fixes actively exploited critical vulnerability in Flash Player

Adobe Systems released security updates for several products, including one for Flash Player that fixes a critical vulnerability that's already known and exploited by attackers.

Digital Key

Facebook helps companies detect rogue SSL certificates for domains

Facebook has launched a tool that allows domain name owners to discover TLS/SSL certificates issued without their knowledge.

Netgear Nighthawk X10 Wi-Fi router 802.11ad

Netgear starts patching routers left vulnerable to hacking by a critical flaw

Networking device manufacturer Netgear released firmware updates for several router models in order to patch a critical vulnerability that's publicly known and could be exploited by hackers.

Netgear Nighthawk X10 Wi-Fi router 802.11ad

Nasty unpatched vulnerability exposes Netgear routers to easy hacking

Several models of Netgear routers are affected by a publicly disclosed vulnerability that could allow hackers to take over those devices.