Security

Internal Google documents show the company's own staff believe its privacy settings are confusing. The documents became public in a court case about unexpected location tracking. The state of Arizona is suing Google after an investigation into ... claims it was storing location data about mobile users even though they had turned off the Location History setting . The problem is that Google actually tracked location in multiple ways - each with their own settings. For example, there's a difference between Location History (a user feature that lets you check back through Google Maps to see where ... (view more)

Windows 8.1 users should make sure to install an emergency patch just released by Microsoft. The company rates the risk as critical based more on the potential consequences than the risk of exploitation. The bug is patched with a security update ... that has the reference KB4578013. It affects all versions of Windows 8.1 along with Windows Server 2012. The bug doesn't affect Windows 10. In theory it could affect Windows 7 and earlier, but Microsoft no longer patches those systems as they are no longer supported. (Source: microsoft.com ) The fix comes in an "out of band security update", commonly ... (view more)

An independent test found tools from most leading security software companies failed to detect all threats - though it was one of the best set of overall results ever. The SE Labs test used simulated attacks based on real threats that are particular ... problems right now. The tests ran between April and June this year and involves anti-malware products aimed at the general public from 14 companies. Though SE Labs runs such tests regularly, it changes the simulated threats each time to reflect what's actually happening in the cyber security world. (Source: selabs.uk ) In many cases, the simulated ... (view more)

Google is testing a new way of showing a web page address in the browser. It hopes that simply showing the domain name will make it easier for users to spot phishing scams - as already happens with some rival browsers. At the moment most browsers ... will show the entire web page address (URL) in the address bar. That's the box near the top of the screen that has a dual purpose in most browsers: it shows the current page address but is also where users type in both addresses and search terms. A study for Google looked at ways scammers can take advantage of the browser bar. One example was the ... (view more)

Security researchers spotted a major flaw in a processor that's in more than a billion Android phones. It's been fixed now, but highlights the importance of a couple of key security measures users should take. Researchers at Check Point say they ... spotted the errors on a processor from Qualcomm that's used on more than 40 percent of cellphones. The processor is known as a "system on a chip" (SoC) because it combines hardware and software in a single unit. The processor controls some key functions on a phone including charging, video and audio. Because it's a system on a chip, it runs partially ... (view more)

Microsoft has revealed it paid more than $13 million in bounties to people who reported security bugs in the past 12 months. It's three times the amount for the previous year, raising questions about Microsoft's attitude to security. Like many tech ... firms, Microsoft has a series of programs that pay rewards for reports of vulnerabilities. It's not so much meant as a way to compete against the potential earnings of would-be cyber criminals. Instead, it's meant as an incentive for legitimate independent security researchers to put their efforts into a particular application, device or platform. ... (view more)

PayPal has released a list of tips for avoiding scam emails. It follows officials in the UK receiving more than a thousand reports of phishing emails in just one day. The reports were about a series of fake emails claming to be from PayPal . They ... followed a familiar format of claiming the recipient's account had been limited because of a violation of the company's Acceptable Use Policy. (Source: countypress.co.uk ) The messages included a link supposedly pointing to PayPal for the user to log in and confirm their identity. In fact the link took the user to a fake page designed to trick them ... (view more)

Windows 10 users have been warned to watch out for an error message that could mean their PC is less secure than normal. Thankfully the glitch can be fixed with a simple restart. The problem affects two key security measures, one of which may be ... used on company networks and the other is more likely to be harnessed by expert users. In both cases, it's worth employees pointing out the error message to company IT staff if it appears. Microsoft says one of two messages will appear if the error is triggered: "ERROR_VSMB_SAVED_STATE_FILE_NOT_FOUND (0xC0370400)" or "E_PATHNOTFOUND (0x80070003)" ... (view more)

Politicians on both sides of the Atlantic are considering laws to tighten cyber security for the so-called Internet of Things (IoT). The rules would cover devices that aren't traditional computers or phones but still connect to the Internet. The ... United States Congress is considering the Internet of Things Cyber Security Improvement Act. It's been examined by a Senate committee and is currently awaiting a date to be examined by the Senate as a whole. However, there's no guarantee it will be heard before the end of the year and newly elected or re-elected Senators taking their seats. Agency To ... (view more)

A new strain of Android malware targets both social media accounts and online banking. It's a reminder of the risks of installing software from outside of the official Google Play store. The malware is dubbed BlackRock and appears to ultimately ... derive from the code used in an attack called LokiBot. Now thought to be inactive, LokiBot attempted to gain access to financial accounts through banking and related apps. One technique involved using automated scripts to login to a PayPal account and transfer money to the scammers. (Source: threatfabric.com ) BlackRock looks to take the same tactics ... (view more)