Security

Scammers are using bogus Google Calendar invites to distribute malicious links. Google has urged users to check a setting in their Calendar account. The campaign, spotted by security company Checkpoint, takes advantage of the way the Google Calendar ... lets users invite friends, family or other contacts to an event. An acceptance will add the event to the invitee's own Google Calendar and automatically update it with any changes of time, date or other details. Usually it's possible to invite somebody just by knowing their email address. The scam involves sending an email that's been manipulated ... (view more)

Travel site Booking.com says one customer getting access to another customer's bookings was not a security breach. The problem appears to be a system that was set up without considering the possibility of human error. Website Arstechnica.com ... reported the case of a customer identified only as "Alfie," who received a confirmation email for a trip he knew nothing about. He was surprised to login to his account and find the details of the booking. (Source: arstechnica.com ) Typo Trouble After Alfie made multiple enquiries to Booking.com's support staff, he received no useful response. ... (view more)

Hackers have found a sneaky way to bypass antivirus software by intentionally corrupting documents. As always, human vigilance remains a key weapon against such tactics. Putting malware into file attachments and persuading people to open them ... remains one of the key ways attackers operate. Often such tactics involve taking advantage of known security flaws in popular software or in operating systems. The current attack is somewhat more targeted: the documents contain a QR code in the hope that either the user (manually) or the device (automatically) will scan them and open the associated ... (view more)

Google may soon warn users before they download a mediocre app. It's the first time the warnings will appear for matters of quality rather than security. The changes were spotted by Android Authority and are buried away in the code of the Play Store ... app. The code would make the app display one of three messages: This app is frequently uninstalled compared to similar apps on Play Play has limited user data about this app This app has few active users compared to others on Play Apps Not Blocked Based on the way the code is integrated, it doesn't appear this will be a high-profile warning such ... (view more)

Windows 11 users may soon be able to install updates without needing to reboot their computers. The "hotpatch" system will initially debut for business users. The idea of a Windows update without a reboot isn't new but has previously only been ... available for Windows Server and Datacenter versions, where even a brief period offline during a reboot can be problematic. (Source: techradar.com ) The new hotpatch system will initially be available for Enterprise users of Windows 11 (if already updated to the 24H2 version), covering both the outright purchase and 365 subscription models. Users will ... (view more)

The Department of Justice says it may ask a judge to forcibly break up Google's business over its alleged monopoly abuses. Google called it an overreach and says such a move could kill Android or Chrome. Google lost a court case in August for ... breaking antitrust laws in the way it built up and maintained a 90 percent market share in online searches. The DOJ must now put proposals before a court on how to remedy this breach. In a preliminary filing, the DOJ says it is considering the most serious option of "structural remedies". That could mean Google would no longer be able to maintain its ... (view more)

Facebook's parent company has been fined the equivalent of $100 million for storing user passwords in plain text. Failing to encrypt the passwords breached Europe's General Data Protection Regulation (GDPR). Meta, which runs Facebook and Instagram, ... broke the rules despite there being no evidence that anyone accessed the passwords without authorization or that anyone was then able to access accounts. Delay In Coming Clean The company was found to have breached the GDPR on four counts. Two involved failing to adequately secure personal data, one involved not properly documenting these failures ... (view more)

"Modified" versions of popular apps have helped distribute a nasty piece of Android malware. The tactic expanded the reach of the Necro Trojan despite Google's security checks. Necro was able to survive for some time before discovery, largely ... because the infection wasn't obvious to users. Its main purpose was to hijack phones and use them to make money for the people behind the malware. This included displaying paid ads in the background so that users didn't see them, but the scammers were able to claim revenue from advertisers. The malware would also install apps on the phone to earn ... (view more)

Chrome is getting more proactive on browser safety. The changes are coming to both desktops and Android devices. It's part of the browser's "Safety Check" feature which already warns users if a password has been compromised or if a website appears ... unsafe. The feature is expanding to cover permissions and notifications. The former involves the way Chrome controls whether or not a specific website has access to computer resources and data such as a microphone, webcam or precise location. Chrome will now start automatically revoking permissions from websites the user rarely visits. Google has ... (view more)

Scammers are using a creative way to trick people into handing over their Google account passwords. The tactic works by annoying the victim until they stop thinking rationally. Most scams to get hold of account passwords, particularly sensitive ones ... like a Google account, work in one of two ways. Some scammers will try to intercept the password, for example by using keylogging software that records everything a user types. Others prefer phishing, where the user is tricked into typing in details into a bogus, lookalike website. The new scam, using malware named StealC, is much simpler. It ... (view more)