Security

Both Microsoft and Google are warning of another bug in computer processors. It's similar to previous bugs known as 'Spectre' and 'Meltdown'. For now the new issue has the less dramatic codenames 'Speculative Store Bypass Variant 4' and ... 'CVE-2018-3639'. As with Spectre and Meltdown , it involves a processor function known as speculative execution that's meant to improve computation processes. Unlike some bugs, it's classed as a low risk to users but is significant because of the sheer number of computers that could be affected. The processor is the part of the computer that physically carries ... (view more)

A newly unleashed ransomware attack doesn't force victims to pay money to regain access to files. Instead, it demands they play a video game. It's not clear yet what the point of the attack is, though it's most likely the work of a prankster who ... wants to test their skills at creating and distributing ransomware without doing any permanent harm. Ransomware is a form of malware that encrypts files on a computer and normally only unlocks them if the victim pays a fee. In most cases every file on the computer is encrypted, meaning that victims are locked out of their systems and unable to access ... (view more)

Google Chrome users have been surprised to discover that the Chrome browser scans their computers in search of malware. It doesn't appear to be a reason to panic, but arguably Google could have been more up front about it. The scans were spotted by ... Kelly Shortidge who works at a cyber security company. She noticed that the chrome.exe executable file (which is visible in Windows Task Manager) was scanning files in her Windows documents folder. On further investigation, she discovered Chrome has been doing this since around October, 2017. The scans are being done through Chrome Cleanup, a tool ... (view more)

A man has been arrested for allegedly stealing more than a billion dollars in cyber attacks. The tactics were so outlandish, they almost sounded like the words used by Richard Pryor's character in Superman III. The unnamed man was arrested in Spain ... after an investigation that involved officials from six countries on three continents plus private cyber security firms. The man is alleged to have led a gang that attacked more than 100 banks and other financial institutions around the world. The gang has been operating for at least three years using three forms of malware, known as Anunak, ... (view more)

Last week security researchers said a piece of malware named "Slingshot" was so sophisticated it was backed by a government. Now it appears that government was the United States and that the revelations may have compromised an anti-terror campaign. ... The original reports didn't name the country involved. That might not quell controversy, however the reports came from Kaspersky Labs, a security company based in Russia. Slingshot exploited a bug in a specific brand of routers. In simple terms, it was able to take advantage of the way the router updated its operating software on an ... (view more)

A security firm says malware that targets routers is so sophisticated it's highly likely a government is behind it. Dubbed "Slingshot," the malware appears to have been working for six years without detection. The attack was on a specific brand of ... routers, namely Mikrotik. Although based in Latvia, its products have shipped around the world to business and home users. The big problem was with an associated piece of software named Winbox, used to manage the router. The way Winbox works involves taking DLL files stored on the router itself and running them directly in the computer's ... (view more)

Microsoft says it used artificial intelligence to not only spot and identify and attempted malware attack, but to block it more than a thousand times in the next half hour. It says the defense was possible thanks to Windows Defender being used ... locally on the victim's computer, as well analyzing the snippet of code using cloud-based antimalware. The company calls it an example of machine learning. This means computers are able to figure things out for themselves, rather than simply following 'true or false' routines that are part of a program. Similar to antivirus, the most basic level of anti ... (view more)

Google has revealed a security flaw with the Microsoft Edge browser before Microsoft released a patch. It's a controversial move with arguments across both the tech and security industries. The flaw in question is somewhat complicated. In very ... simplified terms, the flaw is to do with how Microsoft Edge converts website code into what users see on their computer screen when visiting a website. Google realized that it could work out precisely when the browser would access part of the computer's memory and use this knowledge to effectively set a booby trap. That could then force the computer to ... (view more)

Visitors to more than 5,000 websites had their computers hijacked to earn money for scammers. But the attack would have earned them less than $25 - and they aren't getting paid anyway. The attack involved compromising screen reader software called ... BrowseAloud. Websites can add the software to their site to make it easier for visitors with vision problems to browse the pages. Because the software is so widely used, compromising it was an effective way to reach a large number of computers - regardless of whether the owners needed to use a screen reader. The software is particularly popular ... (view more)

The recently debuted 'Facebook Protect' feature has sparked controversy. Facebook says it's a tool to protect user privacy, but critics suggest it is nothing more than a tracking tool designed to collect user activity. The tool appears in the ... iPhone/iPad app for Facebook. Although the menu option is listed as 'Protect', it's actually a virtual private network (VPN) tool called "Onavo." A VPN works by creating the virtual equivalent of a private "tunnel" on the Internet. The tunnel then allows data to flow back and forth between a user's computer and the website or service they are ... (view more)