Lucian Constantin
CSO Senior Writer
Lucian Constantin writes about information security, privacy, and data protection for CSO.
Apple fixes wireless-based remote code execution flaw in iOS
Apple fixed a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi chips used in iPhones, iPads, and iPods.
UEFI flaws can be exploited to install highly persistent ransomware
A team of researchers from security vendor Cylance demonstrated a proof-of-concept ransomware program that ran inside a motherboard's Unified Extensible Firmware Interface (UEFI).
Google's Android hacking contest fails to attract exploits
Google offered to pay $200,000 to any researcher who could remotely hack into an Android device by knowing only the victim's phone number and email address, but no one stepped up to the challenge for six months.
Apple: Macs and iPhones are safe from newly revealed CIA exploits
The Mac and iPhone exploits described in new documents attributed to the U.S. Central Intelligence Agency were patched years ago, according to Apple.
Leaked iCloud credentials obtained from third parties, Apple says
The iCloud credentials that the Turkish Crime Family hacker group claims to have weren't obtained through a breach of the Apple's services.
Newly leaked documents show low-level CIA Mac and iPhone hacks
The U.S. CIA has had tools to infect Apple Mac computers by connecting malicious Thunderbolt Ethernet adapters to them since 2012, according to new documents purported to be from the agency and published by WikiLeaks.
Hackers threaten to wipe millions of Apple devices, demand ransom
A group of hackers is threatening to wipe millions of iOS devices in two weeks if Apple doesn't pay them US$150,000.
Pwn2Own hacking contest ends with two virtual machine escapes
Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.
Unpatched vulnerability puts Ubiquiti networking products at risk
An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.
Microsoft fixes record number of flaws, some publicly known
Microsoft's batch of security patches for March is one of the largest ever and includes fixes for several vulnerabilities that are publicly known and actively exploited.
Android gets patches for critical OpenSSL, media server and kernel driver flaws
A five-month-old flaw in Android's SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.
Chrome for MacOS to block rogue ad injections and settings changes
Google has expanded its Safe Browsing service, allowing Google Chrome on macOS to better protect users from programs that locally inject ads into web pages or that change the browser's home page and search settings.
Robots are just as plagued by security vulnerabilities as IoT devices
A security analysis of robots used in homes, businesses and industrial installations has revealed many of the same basic security weaknesses that are commonly found in IoT devices, raising questions about the implications for human...
Google discloses unpatched IE vulnerability after Patch Tuesday delay
Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.
New macOS ransomware spotted in the wild
A new file-encrypting ransomware program for macOS is being distributed through bittorrent websites and users who fall victim to it won't be able to recover their files, even if they pay.
Microsoft pushes out critical Flash Player patches with one week delay
After deciding to postpone its February patches for a month, Microsoft released one critical security update for Windows on Tuesday that contains Flash Player patches released by Adobe Systems last week.
Insecure Android apps put connected cars at risk
Android applications that allow millions of car owners to remotely locate and unlock their vehicles are missing security features that could allow hackers to easily hijack their functionality.
Israeli soldiers hit in cyberespionage campaign using Android malware
More than 100 members of the Israel Defense Forces, the majority of them stationed around the Gaza strip, fell victim to a cyberespionage attack that used malicious Android applications to steal information from their mobile devices.
Microsoft's monthlong delay of patches may pose risks
There won't be any patches from Microsoft this month, as the company has decided to bundle them together with the patches scheduled for March.