Security

This month's Microsoft "Patch Tuesday" update includes a fix for a major threat in Outlook. The bug means simply opening an email can trigger the attack. The update should have been applied to most systems by now, but some users may have shut off ... Windows Update, in which case it is recommended to re-enable and patch immediately. The threat, discovered by security company Morphisec, is a remote code execution vulnerability. That's particularly nasty as it gives an attacker the ability to remotely operate on the victim's computer. They could then spread malware, install ransomware or attempt to ... (view more)

The latest Windows update fixes a nasty bug that could put users at risk when connected to public WiFi. An attacker could exploit it simply by using the same network. The bug, with the reference number CVE-2024-30078, is rated as "important" by ... Microsoft. That rating takes into account both how easy it is to exploit and how much damage it would do. (Source: microsoft.com ) The problem is with WiFi drivers, used to make Windows work with the hardware in a computer (usually a laptop) to connect to a wireless network. It would allow hackers to take advantage of the way Internet data is broken up ... (view more)

Microsoft is inviting Windows 10 users to join a test program for new features. It's something of a surprise given the system theoretically reaches its "end of life" next year. The program is part of Windows Insider, where Microsoft lets people sign ... up to test new Windows features. The idea is to get an audience big enough to pick up problems in real world testing, but small enough that any problems aren't a major issue. Microsoft is reopening the Beta Channel for Windows 10. That's one of four Windows Insider channels: Canary, Dev, Beta and Release Preview. The first two are very early ... (view more)

Almost three billion personal data records have been stolen from a background check company. The massive breach has unintentionally proven the value of data opt-out laws. The people who stole the data had put it up for sale to other criminals for ... $3.5 million, but it seems they didn't find a buyer. They are reportedly now planning to release the data publicly. That might seem an odd move given its supposed value, but it's likely part of a long game. It means that if the same group steal data in the future, they would be able to blackmail the business with more credibility. The data is said to ... (view more)

Android scammers are using a creatively nasty way to spread malware. They've disguised it as an update for the Google Play store itself. It's a particularly cheeky way to try to get credibility for a malware scam. Not only is Google Play the ... official place to get Android apps in the first place, but the best and simplest Android security tip is to only use apps from Google Play. In this case, the malware doesn't originate as an app but instead as a bogus link. This could be on a web page, in a text message or in an email. The supposed source is Google itself and the link comes with a message ... (view more)

An unprotected Windows XP machine lasted just 10 minutes online before being infected. It was an extreme and arguably unrealistic experiment, but does show just how prevalent online threats are. YouTuber Eric Parker carried out the test with a ... virtual machine running Windows XP. A virtual machine is a machine that lives inside of another machine, which makes it appear as if the virtual machine is a separate, physical computer. It's often used by people running two operating systems on the same computer. In fact, this website runs as a virtual machine. At any rate: it's no secret that running ... (view more)

A new form of Android malware can hijack legitimate apps. "Dirty Stream" take advantage of a legitimate function designed to make life easier for users. The function is called ContentProvider and allows one mobile app to access data from, or ... communicate with, another app. It makes it possible to, for example, open a PDF attachment from a messaging app in a dedicated PDF reader app. The people behind the DirtyStream malware found a vulnerability in the way ContentProvider worked. This made it possible not only to force another app to open a compromised file, but to then use the contents to ... (view more)

Google says it blocked 2.28 million potentially malicious apps from getting into the official Play store last year. It stopped or paused a further 200,000 which didn't correctly use the permissions system. The figure for malicious app blocks is up ... almost half compared with 2022. Google didn't say conclusively whether that means more scammers are trying their luck or if it simply did a better job of detecting them. However, it did note the 2023 figure was "in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review ... (view more)

Last month's Windows 10 and 11 updates included a bug that has broken VPN functions for some users. Microsoft is working on a fix but hasn't give a timescale. VPN stands for virtual private network. It's an approach to security and privacy that uses ... a secure connection between the user and the Internet. It's sometimes likened to a traffic tunnel: although the traffic still flows normally without disruption, it's not visible to anyone outside the tunnel. Using a VPN can disguise a user's IP address (which identifies their connection point to the Internet) and makes it much harder for anyone to ... (view more)

Microsoft has released one of the biggest Patch Tuesday updates ever. It includes 149 security fixes, including two "zero day bugs". Some reports suggest this is the most fixes in any monthly Microsoft update while others suggest it is "merely" the ... biggest in the past seven years. Either way, this is not a month for anyone who chooses to install Windows security fixes manually to hang about. Three of the fixes are for bugs Microsoft classes as "critical", meaning attackers could exploit them without requiring any action by the user. Almost all the rest are "important," meaning the attacker ... (view more)