Lucian ConstantinReporter, IDG News Service, IDG News Service

Lucian Constantin writes about information security, privacy and data protection.

Mozilla working on click-to-play feature to stop plugin exploits

Mozilla developers are working on a new Firefox feature to block the automated display of content that requires a plugin, like Flash videos, Java applets or PDF files. The update should protect users from attacks that exploit vulnerabilities in browser plugins to install malware on their computers.

Malware infects Macs through Microsoft Office vulnerability

Security researchers have encountered new email-based targeted attacks that exploit a vulnerability in Microsoft Office to install a remote access Trojan horse on Macs.

Google Chrome update fixes high-severity vulnerabilities and patches Flash Player

Google released a new version of its Chrome browser on Wednesday in order to update the bundled Flash Player plug-in and address serious security vulnerabilities.

Hackers probably stole Steam transaction data, Valve says

Valve has informed users of its Steam online game distribution platform that hackers have probably downloaded encrypted credit card transaction data from a...

Google Chrome will no longer check for revoked SSL certificates online

Google plans to remove online certificate revocation checks from future versions of Chrome, because it considers the process inefficient and slow.

DreamHost suffers database breach

Los Angeles-based Web-hosting company DreamHost reset the FTP and shell access passwords for all of its customers on Friday after detecting unauthorized activity within one of its databases.

Facebook chat-based phishing attack impersonates Facebook Security

A new phishing attack that's spreading through Facebook chat modifies hijacked accounts in order to impersonate the social network's security team.

Scammers use browser extensions to hijack Facebook accounts

Facebook spammers have started using rogue browser extensions to prolong the life of their scams, researchers from Web security vendor Websense warned.

Chrome 16 fixes high, medium-risk vulnerabilities

Google has released Chrome 16, a new stable version of its Web browser that addresses 15 high- and medium-risk vulnerabilities.

Two zero-day vulnerabilities found in Flash Player

Two newly discovered vulnerabilities in Adobe's Flash Player can be exploited to execute arbitrary code remotely, according to advisories from the U.S...

Critical Adobe Reader zero-day vulnerability exploited in the wild

Adobe is working on a patch for a newly discovered Adobe Reader vulnerability that is currently being exploited in the wild to infect computers with malware.

EFF asks vendors to stop opposing jailbreaking

The Electronic Frontier Foundation (EFF) has asked the U.S. Copyright Office to exempt tablet and video game console jailbreaking from DMCA provisions, and asked vendors to stop opposing the practice.

Chrome extension lets users express email privacy expectations in Gmail

A team of privacy researchers and product designers from Europe and the U.S. have released a browser-based implementation of Privicons, a project that aims to...

iTunes update addresses man-in-the-middle vulnerability

Apple's iTunes 10.5.1 update addresses a weakness in the application's update mechanism that could be exploited to trick users into visiting malicious websites.

Researchers bypass restrictions of OS X default sandbox profiles

The restrictions imposed by Mac OS X generic application sandbox profiles can be easily bypassed, researchers from Core Security Technologies found.