Stories by Lucian Constantin

Diplomatic and government agencies targeted in years-long cyberespionage operation

Unidentified attackers stole sensitive information from hundreds of diplomatic, government, research and military organizations from around the world as part of a newly uncovered cyberespionage campaign that started nearly six years ago. The operation involved the use of highly customized and sophisticated data theft malware, researchers from antivirus firm Kaspersky Lab said Monday.

Java 7 Update 10 allows users to restrict the use of Java in browsers

A recent Java 7 update allows users to completely prevent Java applications from running inside browsers or to restrict how Web-based Java content is handled by the Java Runtime Environment (JRE) client. These features will benefit security-conscious users, but companies still have to find methods of isolating older Java versions, security experts say.

Romanian authorities dismantle cybercrime ring

Romanian law enforcement authorities have dismantled a criminal group that stole credit card data from foreign companies as part of an operation that resulted in fraudulent transactions totaling US$25 million.

Researcher finds critical vulnerabilities in Sophos antivirus product

Security researcher Tavis Ormandy discovered critical vulnerabilities in the antivirus product developed by U.K.-based security firm Sophos and advised organizations to avoid using the product on critical systems unless the vendor improves its product development, quality assurance and security response practices.

Unprotected Apache server status pages put popular websites at risk

Many Apache Web servers, including those hosting some popular websites, expose information about the internal structure of the sites they host, the IP (Internet Protocol) addresses of their visitors, the resources users access and other potentially sensitive details because their status pages are left unprotected.

Beware of browser extension malware

Security researcher Zoltan Balazs has developed a remote-controlled piece of malware that functions as a browser extension and is capable of modifying web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more.

[]