Lucian ConstantinRomania Correspondent, IDG News Service

Lucian Constantin writes about information security, privacy, and data protection for the IDG News Service.

apple com cyrillic

Phishing attacks using internationalized domains are hard to block

The latest version of Google Chrome restricts how domain names that use non-Latin characters are displayed in the browser in response to a recently disclosed technique that could allow attackers to create highly credible phishing websites.

code programming software bugs cybersecurity

Drupal fixes critical access bypass vulnerability

The Drupal project has released a patch to fix a critical access bypass vulnerability that could put websites at risk of hacking.

linksys wrt3200acm front 1200

Flaws let attackers hijack multiple Linksys router models

Two dozen Linksys router models are exposed to attacks that could extract sensitive information from their configurations, cause them to become unresponsive and even completely take them over.

Oracle headquarters

Oracle fixes Struts and Shadow Brokers exploits in huge patch release

Oracle released a record 299 security fixes for vulnerabilities in its products, including patches for a widely exploited vulnerability in the Apache Struts framework and a Solaris exploit supposedly used by the U.S. National Security Agency.

keyboard money euro fraud

Unpatched vulnerability exposes Magento online shops to hacking

An unpatched vulnerability in the Magento e-commerce platform could allow hackers to upload and execute malicious code on web servers that host online shops.

microsoft stock campus building

Microsoft fixes Windows and Office 45 flaws, including three actively exploited vulnerabilities

Microsoft released its monthly security updates Tuesday, fixing 45 unique vulnerabilities across its products, three of which are publicly known and two already targeted by hackers.

Digital Key encryption

DNS record will help prevent unauthorized SSL certificates

Starting in September, publicly trusted certificate authorities will have to honor a special Domain Name System (DNS) record that allows domain owners to specify who is allowed to issue SSL certificates for their domains.

malware payment terminal credit card

Dridex gang uses unpatched Microsoft Word exploit to target millions

The gang behind the Dridex computer trojan has adopted an unpatched Microsoft Word exploit used in attacks for months and used it to target millions of users.

code hacker cyberespionage eye data

Latest Shadow Brokers exploit dump poses little threat

None of the new alleged NSA exploits leaked by the Shadow Brokers hacking group poses an immediate threat to users.

hacking cybercrime cybersecurity internet coding programming code

Email attacks exploit unpatched Microsoft Word vulnerability

Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware.

security code big data cyberespionage byte

IoT malware starts showing destructive behavior

Hackers have started adding data-wiping routines to malware that's designed to infect internet-of-things and other embedded devices.

security code big data cyberespionage DDoS

Apache Struts 2 exploit used to install ransomware on servers

Attackers are exploiting a vulnerability patched last month in the Apache Struts web development framework to install ransomware on servers.

OS X El Capitan installation

F-Secure buys Little Flocker to combat macOS ransomware

Endpoint security vendor F-Secure has acquired a behavior-based security application for macOS called Little Flocker that was developed by an independent researcher.

xen project hypervisor panda mascot

Critical Xen hypervisor flaw endangers virtualized environments

A critical vulnerability in the widely used Xen hypervisor allows attackers to break out of a guest operating system running inside a virtual machine and access the host system's entire memory.

ios 10.3 primary

Apple fixes wireless-based remote code execution flaw in iOS

Apple fixed a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi chips used in iPhones, iPads, and iPods.