Security

Scammers have found a creative way to bypass spam filters, effectively tricking legitimate sites into sending the message on their behalf. It's a reminder that human skepticism is always a key part of cyber security. The new scam was spotted by Sam ... Cook of Comparitech who spotted something amiss in an email from the British Newspaper "Archive," - a perfectly legitimate organization. The scam email asked him to confirm his email address for registering an account with the site. The problem there was that Cook hadn't attempted to register. In fact, this was the first time he ever ... (view more)

Facebook has asked some new users to provide passwords for their email accounts. It's provoked fury among critics who say it goes against basic rules of online security. Often when a user signs up for an online service they provide an email address ... as a form of identification. The service will normally check the address is genuine by sending a code or a link in an email to the address, thus proving the user does indeed "own" that address. However, some people signing up to Facebook have instead been seeing a screen that offers to confirm the email address automatically. The screen includes a ... (view more)

Microsoft will add a "tamper protection" feature to the built in antivirus tools in an upcoming Windows 10 update. It's designed to stop malware from switching off key security features in Microsoft Defender. Initially the changes will be available ... for Microsoft Defender Advanced Threat Protection, which is a subscription service for businesses. However, Microsoft appears to have revealed it will later become available to home users of Windows 10. (Source: zdnet.com ) The idea is to prevent rogue apps from disabling some of the weapons in the Microsoft Defender arsenal, in turn making it far ... (view more)

Apple has released a patch for mobile devices which covers 51 security flaws. It's sparked debate over Apple's security levels and the way it issues such updates. The patch is for iOS, taking it up to version 12.2. Apple doesn't issue standalone ... security updates. Instead, it builds it into the main update for the system, which also includes new features or bug fixes. (Source: apple.com ) The most notable fix is a bug in an API (application program interface), which lets third party software interact with Apple services. In this case, the API bug could allow malware to access an iPhone, iPad ... (view more)

PC and laptop manufacturer ASUS unwittingly installed malware on its customers' laptops, according to a cyber security company. The malware went out to around a million people, yet appears to have been a highly targeted attack. The claims come from ... Kaspersky Lab, with rival firm Symantec confirming it has found similar evidence of the attack. At the time of writing, ASUS has yet to comment publicly on the claims. (Source: kaspersky.com ) According to Kaspersky Lab, the hackers took advantage of ASUS Live Update Utility. That's a tool by which ASUS automatically updates software on laptops, ... (view more)

According to a recent report, Microsoft products made up eight of the ten most exploited software bugs last year according to a security company. That's higher than in recent years, largely because Adobe Flash is becoming a less rewarding target for ... hackers as it loses popularity. As recently as 2015, most of the top ten involved bugs with Flash. Microsoft took the unwanted lead in 2017 with seven entries on the list. (Source: bleepingcomputer.com ) Internet Explorer Tops The List The top spot for 2018 went to a bug in the Windows VBScript engine . That's a tool that handles code designed for ... (view more)

A new report claims most Android "antivirus" apps don't provide enough protection to justify that term. It says two-thirds of the antivirus programs were so ineffective, they were practically useless. The report comes from AV-Comparatives, a website ... that tests antivirus and other security software. It says it was inspired to look at Android apps after spotting one that literally did nothing but show a fake progress bar before saying no malicious apps were present (without actually carrying out a scan). The test involved putting 250 different Android antivirus apps to work on Samsung Galaxy S9 ... (view more)

Google has issued an urgent warning for Chrome users to update their browser if needed. That's because a security flaw is being actively exploited. The flaw in question is referred to as a "zero-day exploit." In an ideal world, software developers ... discover a bug and get some time before hackers find out about it and start taking advantage. In this case, the hackers did so before Google could develop a fix and get it out to users. Google is keeping the full details of the flaw secret for now to avoid giving even more criminals clues on how to exploit it. It says it won't say any more ... (view more)

The demise of the password has come a step closer this week with the adoption of a new standard for physical "keys" for logging in to websites. "WebAuthn," as it's called, makes it easier for sites to let users log in through a physical method - ... rather than relying on users having to remember a password. These methods range from USB devices that act like a physical key to biometric devices such as fingerprint or eye scanners. The big hope is that such devices reduce the need to rely on passwords which can be guessed or stolen in data breaches. Browsers Already On Board Having a ... (view more)

At least eight apps in the official Microsoft Store were secretly designed to use a computer's resources without permission. It undermines Microsoft's efforts to promote the store as a "safe source of software." In the past few years, Microsoft has ... heavily pushed the idea of Windows users getting software from an app store - similar to the way mobile devices work - rather than the more traditional method of getting programs from a third-party sources and installing them directly to the PC or smartphone / tablet. There's even a special 'S' mode for Windows 10 that only allows the ... (view more)