Security

Is there fair play amongst ransomware scammers? A particularly lazy variant of "ransomware" is making its rounds, though researchers say that paying up will never pay off. For the most part, ransomware usually involves a nasty malware program ... encrypting files on a PC, followed by a promise of a decryption key - but only if the victim pays a ransom. It would make sense that if people stopped believing this would happen, they would stop handing over the cash. Files Deleted Rather Than Encrypted Now security company Talos has spotted a variant where there's absolutely no prospect ... (view more)

Researchers say they've found a way of severely limiting the damage ransomware causes. Meanwhile California legislators are mulling over new laws specifically aimed at the tactic. Ransomware involves attackers remotely installing malicious software ... that encrypts files and makes them inaccessible without an unlock key. In many cases, this means victims can't access the data and may be unable to use the computer at all. The attackers then demand a fee to provide the unlock key. The tactic has led to controversy over whether victims should pay the fee , something critics say merely encourages ... (view more)

A newly-publicized take on a long-running scam involves on-screen messages that falsely appear to be from a user's Internet service provider. It's a trick with a variety of ways to profit from the customer. For many years, scammers have been calling ... people on the telephone claiming to work for Microsoft or other computer companies, saying the person receiving the call has a virus. The scammer will then usually try to get the victim to pay for bogus tech support services. While most people realize it's a scam, the idea is to call enough people so that even a small percentage of ... (view more)

Users of remote access tool GoToMyPC will need to reset their passwords as a security measure after an attack by hackers. Although creators Citrix describe it as a "very sophisticated" attack, it's simply another case of hackers targeting people who ... continue to re-use passwords on multiple sites. GoToMyPC is a tool that lets users remotely access their PC or Mac using another computer or mobile device. As with most such tools, the computer being remotely accessed must be switched on and connected to the Internet. The actual system that powers GoToMyPC, and its database of login ... (view more)

Belgian computers are most exposed to hacking according to a new study, with the US in 14th place. It's all because of millions of computers having open, unsecured connections to the Internet. Research firm Rapid7 looked at the full range of data ... connection services on the Internet beyond just the more familiar HTTP that most users use while browsing the web. These include FTP (file transfer protocol) SSH (secure shell for remote connections), and SMTP (simple mail transfer protocol), used for many email services. To carry out the research, the company embarked on the massive task of ... (view more)

Management at TeamViewer, a remote access computer tool, have confirmed that a "significant number" of users have fallen prey to hackers. However, the company insists that all evidence suggests that there is no flaw in the system, but is instead ... pointing fingers at its users. TeamViewer allows users to login to a remote computer (even their own) from anywhere with an Internet connection. Once connected, users can operate the computer just as if they had physical access to the machine. The security for the system works in two ways: first, users get a reference number that identifies ... (view more)

Two online accounts belonging to Facebook chief Mark Zuckerberg have been hacked. The incident, thought to have resulted from a LinkedIn data breach, is a high profile example of the dangers of poor password choices. The hackers, calling themselves ... OurMine Team, took control of Zuckerberg's Twitter account and posted a message informing him of the breach. They also claimed to have accessed his Pinterest account (which appears to be correct) and his Instagram account, which doesn't appear to be the case. Perhaps the one point of relief for Zuckerberg is that his Facebook account was not ... (view more)

A security firm says that laptops from five major PC manufacturers have inherent security flaws which make the systems open to attack the very first time they are used. The problem deals with the automatic update tools installed by the manufacturer. ... Duo Labs explored the pre-installed manufacturer software on laptops from Acer, Asus, Dell, HP and Lenovo. In total, they found 12 vulnerabilities which they described as being ridiculously simple to exploit. (Source: duo.com ) The software is what's officially known as Original Equipment Manufacturer (OEM) software, but commonly referred to ... (view more)

A series of massive but dated breaches of high-profile sites is yet another reminder of the dangers of poor password security. While the sites in question are taking preventative measures, experts warn that hackers could use the stolen details to ... access other sites. In the past few weeks, hackers have offered up massive hauls of stolen login details from four major sites. They include details of 360 million accounts from MySpace and 65 million accounts from Tumblr, both lists appearing to date from 2013. Questions Posed For Sites And Users This follows 164 million account details from ... (view more)

Google is working on an option to replace password logins on mobile devices with a "trust score" based on multiple factors. The idea is to combine all sorts of factors that aren't secure enough on their own. The idea is to balance the need for ... security with the hassle of remembering passwords by building on the concept of two-factor authentication. That's an existing philosophy that deals with the inherent weakness of using a single login factor such as a password. Two-factor authentication combines a password with another factor such as using a specific device or having ... (view more)