

Lucian Constantin
CSO Senior Writer
Lucian Constantin writes about information security, privacy, and data protection for CSO.

New ransomware Jaff demands $3,700 payments
The new ransomware program is distributed via mass email spam sent by the Necurs botnet

Microsoft finally bans SHA-1 certificates in Internet Explorer, Edge
All SHA-1 certificates that chain back to publicly trusted certificate authorities will be blocked, but enterprise and self-signed certificates won't be affected

Snake cyberespionage malware is ready to bite Mac users
One of the most sophisticated cyberespionage groups is readying its malware framework to attack macOS

Xen hypervisor faces third highly critical VM escape bug in 10 months
The Xen paravirtualization mode is proving to be a constant source of serious vulnerabilities, allowing attackers to escape from virtual machines

Android patches critical flaws in media handling, hardware drivers
The Android security bulletin for May covered fixes for over 100 vulnerabilities

Network management vulnerability exposes cable modems to hacking
SNMP authentication bypass flaw could be used to hijack hundreds of thousands of cable modems from around the world

Webroot deletes Windows files and causes serious problems for users
The company's antivirus product erroneously flagged files in a Windows folder as malicious

Russian man receives longest-ever prison sentence in the US for hacking
The son of Russian parliament member Valery Seleznev was sentenced to 27 years in prison for cybercrime-related offences

Flaws let attackers hijack multiple Linksys router models
Two dozen Linksys router models are exposed to attacks that could extract sensitive information from their configurations, cause them to become unresponsive and even completely take them over.

Oracle fixes Struts and Shadow Brokers exploits in huge patch release
The quarterly Oracle patch update fixes a record 299 security vulnerabilities

Microsoft fixes 45 flaws, including three actively exploited vulnerabilities
Microsoft Patch Tuesday includes fixes for critical flaws in IE, Edge, Office, Windows, and .Net