Security

Reports that hackers have got their hands on 10 billion passwords have been slightly overblown. The file includes passwords up to 20 years old and many may never have been used at all. The "leak" involves an online post of a text file dubbed ... "RockYou 2024" which is said to contain 9,948,575,739 unique passwords, all stored in plain text. It appears to be an update from a similar file published in 2021, with "only" 1.5 billion of the passwords added since that time. Cybernews estimates it contains passwords compiled from around 4,000 databases over the past 20 years. (Source: cybernews.com ) ... (view more)

Microsoft has competition in the market for extending Windows 10 after its scheduled end of life. An independent company is promising simple-to-use security updates - with a cost. Officially, Microsoft will stop issuing free security updates for ... Windows 10 after October 14, 2025, just over 10 years after the system was released. That's not got a great reaction given Microsoft heavily implied there would be no new version after 10, and that it has arguably made Windows 11 an unnecessarily difficult upgrade through new hardware security requirements. If all goes to plan, anyone wanting to keep ... (view more)

Microsoft says Russian hackers accessed its customers' emails during an attack earlier this year. It had previously only said Microsoft's own staff were victims. The company has not yet said how many customers are affected but says it has contacted ... them with details of the attack. Microsoft was breached by a group called Midnight Blizzard, believed to operate from Russia. The government there has not commented on the claims. The new revelations follow a Microsoft announcement in January that a small proportion of its corporate email accounts had been accessed by Midnight Blizzard. The attacks ... (view more)

A particularly embarrassing bug makes it easy to send emails that appear to be from Microsoft employees. It's bad news for the public as it could make phishing scams appear more credible. The good news is that it only works if the recipient is using ... Outlook, though "good" is a comparative term because there are over 400 million Outlook users worldwide. (Source: cyberdaily.au ) Users Asked to Remain Vigilant Exactly how the bug works and where its found still isn't known, as the security researcher says they do not want to give details that could help potential attackers exploit the bug on a ... (view more)

This month's Microsoft "Patch Tuesday" update includes a fix for a major threat in Outlook. The bug means simply opening an email can trigger the attack. The update should have been applied to most systems by now, but some users may have shut off ... Windows Update, in which case it is recommended to re-enable and patch immediately. The threat, discovered by security company Morphisec, is a remote code execution vulnerability. That's particularly nasty as it gives an attacker the ability to remotely operate on the victim's computer. They could then spread malware, install ransomware or attempt to ... (view more)

The latest Windows update fixes a nasty bug that could put users at risk when connected to public WiFi. An attacker could exploit it simply by using the same network. The bug, with the reference number CVE-2024-30078, is rated as "important" by ... Microsoft. That rating takes into account both how easy it is to exploit and how much damage it would do. (Source: microsoft.com ) The problem is with WiFi drivers, used to make Windows work with the hardware in a computer (usually a laptop) to connect to a wireless network. It would allow hackers to take advantage of the way Internet data is broken up ... (view more)

Microsoft is inviting Windows 10 users to join a test program for new features. It's something of a surprise given the system theoretically reaches its "end of life" next year. The program is part of Windows Insider, where Microsoft lets people sign ... up to test new Windows features. The idea is to get an audience big enough to pick up problems in real world testing, but small enough that any problems aren't a major issue. Microsoft is reopening the Beta Channel for Windows 10. That's one of four Windows Insider channels: Canary, Dev, Beta and Release Preview. The first two are very early ... (view more)

Almost three billion personal data records have been stolen from a background check company. The massive breach has unintentionally proven the value of data opt-out laws. The people who stole the data had put it up for sale to other criminals for ... $3.5 million, but it seems they didn't find a buyer. They are reportedly now planning to release the data publicly. That might seem an odd move given its supposed value, but it's likely part of a long game. It means that if the same group steal data in the future, they would be able to blackmail the business with more credibility. The data is said to ... (view more)

Android scammers are using a creatively nasty way to spread malware. They've disguised it as an update for the Google Play store itself. It's a particularly cheeky way to try to get credibility for a malware scam. Not only is Google Play the ... official place to get Android apps in the first place, but the best and simplest Android security tip is to only use apps from Google Play. In this case, the malware doesn't originate as an app but instead as a bogus link. This could be on a web page, in a text message or in an email. The supposed source is Google itself and the link comes with a message ... (view more)

An unprotected Windows XP machine lasted just 10 minutes online before being infected. It was an extreme and arguably unrealistic experiment, but does show just how prevalent online threats are. YouTuber Eric Parker carried out the test with a ... virtual machine running Windows XP. A virtual machine is a machine that lives inside of another machine, which makes it appear as if the virtual machine is a separate, physical computer. It's often used by people running two operating systems on the same computer. In fact, this website runs as a virtual machine. At any rate: it's no secret that running ... (view more)