Security

Mon
18
Mar
John Lister's picture

Security Experts Call for Ransomware Payment Ban

A former cyber security chief says governments should ban organizations from paying money to ransomware gangs. Ciaran Martin likened such payment to bans on paying terrorist kidnappers. The call has had a mixed response, with critics calling it an ... unfair constraint on business freedoms. Martin was the first head of the United Kingdom's National Cyber Security Centre. That's an organization overseen by the country's intelligence services that advises businesses and the public on cyber security threats. Ransomware has become a business worth an estimated $20 billion a year to criminals who gain ... (view more)

Wed
13
Mar
John Lister's picture

Windows Bug Exploited For Six Months

A Windows bug patched last month had been exploited for six months by hackers linked to North Korea. Microsoft reportedly knew about it and the delay in fixing it may have been down to internal bureaucracy. Security company Avast found the bug last ... August and reported it to Microsoft. At the time it was already a zero-day bug , meaning there was evidence hackers not only knew about the bug but where taking advantage of it. That meant Microsoft had "zero days" head start in coming up with a fix and rolling it out before hackers exploited it. Microsoft released a fix in the February "Patch ... (view more)

Fri
01
Mar
John Lister's picture

Android Malware Targets Banking Apps

The latest malware targeting banking users may have infected up to 200,000 Android devices. The criminals behind Anatsa have deliberately exploited what's meant to be a useful feature that makes users' lives easier. The attacks have some familiar ... features such as distributing the malware through free tools that perform some basic functions and finding ways around the Android permission system. What makes it a particularly nasty campaign is that it takes advantage of the Android Accessibility system. Security researchers at ThreatFabric spotted the malware in five apps with similar names: ... (view more)

Mon
26
Feb
John Lister's picture

TikTok Accused of Fueling Addiction

TikTok is under formal investigation for allegedly deliberately making its service addictive. It's the first test of how laws banning such behavior will operate. The Chinese-owned video company is controversial on both sides of the Atlantic. In the ... US, many federal and state agencies ban employees from using TikTok over security concerns, with Montana even attempting to ban it from the state altogether. (Source: guardian.com ) Now the European Commission says it has enough evidence from a preliminary investigation to move to formal proceedings against the company. It involves several alleged ... (view more)

Fri
23
Feb
John Lister's picture

Patch Tuesday a Must Install This Month

Microsoft has fixed two bugs which bypassed Windows security measures. Both were actively exploited before the fix, making it vital to install the updates. The fixes come in this month's "Patch Tuesday" update, the main monthly security update that ... Microsoft officially calls the "B update". It should download and install without further action for anyone with automatic updates switched on, but may need a reboot to complete. Both bugs affect most supported versions of Windows, including 10, 11 and Windows Server. Microsoft rates the two bugs as "important" and "moderate" respectively, though ... (view more)

Mon
19
Feb
John Lister's picture

Fake LastPass Gets Vetted by App Store

A fake app pretending to be from password manager LastPass not only made it into the Apple App Store but had a five star rating. It's arguably among the worst possible types of bogus app to bypass Apple's usually strict vetting process. LastPass is ... one of the best known password manager tools. It lets users store their passwords in an encrypted vault, accessible only with a master password. The service can also generate secure passwords. The company's name is based on the idea that the master password is the last password the user will ever need to create or remember. The big catch, of course ... (view more)

Fri
16
Feb
John Lister's picture

Toothbrush Botnet Army Story Was Bogus

Reports that 3 million "smart" toothbrushes were hacked and weaponized turn out to be misleading at best. It appears to have been a mistranslation or misunderstanding. The reports first surfaced last week in Switzerland and involved toothbrushes ... supposedly running the Java computer language. They were said to have been hacked and used for a distributed denial of service (DDoS) attack that caused huge disruption and financial costs to a targeted business. Not every element of the story is as completely ridiculous as it might seem. "Smart" toothbrushes do exist, with connections to smartphone ... (view more)

Wed
07
Feb
John Lister's picture

German Train Company Seeks Windows 3.11 Experts

If you still have the skills for Windows 3.11, you may have been a candidate for a recent job ad in Germany. It appears the role, using the 30-year-old system, has been filled. The vacancy was advertised by national railway company Deutsche Bahn. ... The successful candidate would be assigned to Siemens, which is responsible for the rail tech division for the train control system. The role would involve keeping old systems operational so that train drivers could get real time information about equipment. The Register notes that although Windows 3.11's release in November 1993 is almost ... (view more)

Mon
05
Feb
John Lister's picture

Windows 10 Support Deadline Raises Questions

Windows 10 devices are set to become insecure next year unless users pay an extra fee. But with warnings of 240 million devices "going to landfill", it remains possible Microsoft will blink at the last moment. That Windows 10 reaches the end of its ... support period on October 14, 2025 is no secret: it's long been on Microsoft's support calendar and is in line with the company's policy of 10 years support. From that date, Microsoft will no longer issue free security updates. As happened with Windows 7, Microsoft will offer a paid update service for people in "circumstances that could prevent you ... (view more)

Mon
29
Jan
John Lister's picture

26 Billion User Records Compromised

A leak of around 26 billion user records has been labeled "the mother of all breaches." It's a major reminder of the downsides of reusing the same passwords on multiple sites. The collection of records is not a single stolen database. Instead, it ... appears to be a massive compilation of databases that have either been leaked before or sold on the black market. The database was spotted online by security researchers, likely a sign that whoever compiled it screwed up somewhere by mistakenly making it accessible. The researchers noted the database was extremely well indexed and organized. The ... (view more)

Pages

Subscribe to RSS - Security