Security

Thu
23
Nov
John Lister's picture

Major Library Hit By Ransomware

One of the world's largest libraries has been hit by a major ransomware attack. It's an example of an increasingly common "double-dip" attack. The attackers have not simply encrypted the British Library's files until they receive a payment, which is ... the usual core ransomware goal. Instead, they are threatening to auction off sensitive employee data seized in the attack. The library has an estimated collection of up to 200 million items, including a copy of every book published in the United Kingdom. It's also a key research facility for historians. Among other systems, the library has an ... (view more)

Mon
20
Nov
John Lister's picture

Online Tracking More Detailed Than Thought

It's no secret that advertisers and other groups buy and sell data about people's Internet use. But a new report says the information is far more detailed and specific than realized. The Irish Council for Civil Liberties (ICCL) says it's much easier ... than people realized to identify specific individuals, in some cases threatening national security. The data isn't hacked or stolen, but rather made available to people bidding for online advertising slots and trying to reach a particular auction. The basics of how this work are well known. Legitimate online businesses track users online but don't ... (view more)

Fri
27
Oct
John Lister's picture

Most Phone Apps Want Unnecessary Device Access

Most popular mobile apps request system permissions that aren't necessary for their stated functions, according to a new study. In some cases, an app requested more unnecessary functions than necessary ones. The figures come from NordVPN, which ... examined the five most popular apps in 18 common categories. They repeated the exercise for both Android and iOS, making a combined total of 103 different apps. (Source: nordvpn.com ) Both mobile operating systems now use a permissions system that means apps must request specific permission for different types of access to a phone's data and components ... (view more)

Thu
19
Oct
John Lister's picture

Ransomware Attacks Getting Quicker

The average ransomware attack now takes less than a day from first breaching a system. It's the first time average attacks can be measured in hours, though ironically it may be a sign of better defenses. The figures comes from researchers at ... Secureworks, who analyze ransomware attacks. They measure dwell time, which is the period between an attacker first gaining access to a system and deploying the ransomware. That's malware which encrypts files, letting the attackers demand a fee to restore access. The average dwell time being under a day is a dramatic development as last year the average ... (view more)

Thu
24
Aug
John Lister's picture

AI Struggles to Write Malware

Artificial Intelligence tools aren't as useful for writing malware as it first seemed. However, they may be useful for phishing scams and other social engineering. Two recent security company reports covered by The Register explored how malware ... scammers are particularly interested in AI tools that generate material. The theory goes that such tools could write code designed to exploit vulnerabilities in software and websites. (Source: theregister.com ) It's not a completely outlandish theory as some users have found such tools can efficiently write code for a particular task. It can take ... (view more)

Mon
14
Aug
John Lister's picture

Google Admits Play Store Security Loophole

Google says malware creators are using a simple workaround to bypass security on the official Play Store for Android apps. The problem is that the simplest fix would undermine one of the key differences between Android and closed systems such as ... Apple. In theory, all apps in the Play Store are vetted for security, including malware checks. That's one of the reasons Google recommends only using the Play Store, while still giving users the choice to get and install Android software from other sources. The problem is that scammers are using an extremely simply workaround called "versioning". ... (view more)

Thu
10
Aug
John Lister's picture

Keyboard Sounds May Reveal Secrets

Researchers say they can accurately figure out what somebody is typing from the sound of their keyboard. The "technique" has some significant practical flaws but is a useful reminder of good password practice. The researchers looked into a theory ... that seems to get tested every few years: that different keys make different sounds. That's partly because they are differing distances from the device recording the audio and partly because the gaps between pressing different letters may vary depending on the typing style. The main difference with this latest test was using deep learning, which aims ... (view more)

Thu
03
Aug
John Lister's picture

Google: 0-Day Bugs Down, But Risk Still High

The number of 0-day bugs, which give hackers a dangerous advantage, fell in 2022 according to Google. However, the company warns this may risk misleading complacency that forgets other factors. The figures come from Google's Threat Analysis Group, ... which aims to track, identify and report security bugs, regardless of the software or hardware concerned. The logic is that the better Internet security is overall, the better it is for an Internet-dependent business such as Google. For the past nine years, it's put together an annual tally of 0-day bugs. While definitions vary, Google classes them ... (view more)

Tue
25
Jul
John Lister's picture

Google to Block Internet for Some Employees

Google will stop some of its employees accessing the Internet. It's a bold experiment to see if it can reduce security threats without affecting performance. The idea is reduce the risk of hackers getting access to employee machines, either to get ... hold of data on those machines or to use them as an entry point into Google's network. Perhaps unsurprisingly, Google's internal data is particularly attractive to attackers, whether they are seeking financial gain, political or commercial advantage, or plain old mischief making. For example, attackers being able to find out how Google ranks ... (view more)

Mon
17
Jul
John Lister's picture

Google VPN Gets Key Tweak

Google is to give users of its VPN service more control over the location they want their traffic to appear to come from, rather than just selecting a country. It should overcome a problem with localized webpage information. A virtual private ... network (VPN) is designed to overcome problems with an inherent aspect of the Internet: that both Internet data and its origin are readily accessible by default. One analogy likens it to vehicles passing through a giant glass tube. Even when the data itself is encrypted, the origin and destination can still be discovered. In the analogy, a VPN is like ... (view more)

Pages

Subscribe to RSS - Security