Lucian ConstantinReporter, IDG News Service, IDG News Service

Lucian Constantin writes about information security, privacy and data protection.

Researcher: Face.com iOS flaw could have allowed Facebook, Twitter account hijacking

Facial recognition start-up Face.com patched a vulnerability in its Klik iOS app that could have allowed attackers to hijack its users' Facebook and Twitter accounts.

Adobe patches critical flaws in Photoshop, Illustrator

Adobe released several security updates on Monday, addressing nine arbitrary code execution vulnerabilities that affect Adobe Photoshop and Adobe Illustrator CS5.

Twitter spam campaign infects users with fake antivirus programs

A large spam campaign observed on Twitter during the last couple of days directed users to malicious websites that exploited vulnerabilities in browser plug-ins to infect their computers with rogue antivirus programs.

Mozilla working on click-to-play feature to stop plugin exploits

Mozilla developers are working on a new Firefox feature to block the automated display of content that requires a plugin, like Flash videos, Java applets or PDF files. The update should protect users from attacks that exploit vulnerabilities in browser plugins to install malware on their computers.

Malware infects Macs through Microsoft Office vulnerability

Security researchers have encountered new email-based targeted attacks that exploit a vulnerability in Microsoft Office to install a remote access Trojan horse on Macs.

Google Chrome update fixes high-severity vulnerabilities and patches Flash Player

Google released a new version of its Chrome browser on Wednesday in order to update the bundled Flash Player plug-in and address serious security vulnerabilities.

Hackers probably stole Steam transaction data, Valve says

Valve has informed users of its Steam online game distribution platform that hackers have probably downloaded encrypted credit card transaction data from a...

Google Chrome will no longer check for revoked SSL certificates online

Google plans to remove online certificate revocation checks from future versions of Chrome, because it considers the process inefficient and slow.

DreamHost suffers database breach

Los Angeles-based Web-hosting company DreamHost reset the FTP and shell access passwords for all of its customers on Friday after detecting unauthorized activity within one of its databases.

Facebook chat-based phishing attack impersonates Facebook Security

A new phishing attack that's spreading through Facebook chat modifies hijacked accounts in order to impersonate the social network's security team.

Scammers use browser extensions to hijack Facebook accounts

Facebook spammers have started using rogue browser extensions to prolong the life of their scams, researchers from Web security vendor Websense warned.

Chrome 16 fixes high, medium-risk vulnerabilities

Google has released Chrome 16, a new stable version of its Web browser that addresses 15 high- and medium-risk vulnerabilities.

Two zero-day vulnerabilities found in Flash Player

Two newly discovered vulnerabilities in Adobe's Flash Player can be exploited to execute arbitrary code remotely, according to advisories from the U.S...

Critical Adobe Reader zero-day vulnerability exploited in the wild

Adobe is working on a patch for a newly discovered Adobe Reader vulnerability that is currently being exploited in the wild to infect computers with malware.

EFF asks vendors to stop opposing jailbreaking

The Electronic Frontier Foundation (EFF) has asked the U.S. Copyright Office to exempt tablet and video game console jailbreaking from DMCA provisions, and asked vendors to stop opposing the practice.