Security

Mac users have been warned to watch out for bogus updates to the Safari and Chrome browsers. It's a scam to spread data-stealing malware. The AMOS malware, also called Atomic Stealer, is particularly nasty as it targets data stored or transmitted by ... web browsers. This includes login details, passwords, and credit card numbers. It also looks for cryptocurrency wallets, which give access to Bitcoin and other cryptocurrencies that can be stolen and turned into cash. (Source: malwarebytes.com ) The malware has been around since the spring when the scammers targeted people searching for popular ... (view more)

Around one in a million computer encryption keys are faulty and could be compromised according to researchers. While it sounds like an obscure issue, it could be exploited by security agencies at both friendly and hostile governments. The problem is ... with the RSA encryption that's widely used for online security. It works by users having two security keys (lengthy codes), one public and one private. The public key is used for encrypting data, while the private key is needed to decrypt it. The system also allows users to "sign" encrypted messages so that recipients know the supposed sender is ... (view more)

One of the world's largest libraries has been hit by a major ransomware attack. It's an example of an increasingly common "double-dip" attack. The attackers have not simply encrypted the British Library's files until they receive a payment, which is ... the usual core ransomware goal. Instead, they are threatening to auction off sensitive employee data seized in the attack. The library has an estimated collection of up to 200 million items, including a copy of every book published in the United Kingdom. It's also a key research facility for historians. Among other systems, the library has an ... (view more)

It's no secret that advertisers and other groups buy and sell data about people's Internet use. But a new report says the information is far more detailed and specific than realized. The Irish Council for Civil Liberties (ICCL) says it's much easier ... than people realized to identify specific individuals, in some cases threatening national security. The data isn't hacked or stolen, but rather made available to people bidding for online advertising slots and trying to reach a particular auction. The basics of how this work are well known. Legitimate online businesses track users online but don't ... (view more)

Most popular mobile apps request system permissions that aren't necessary for their stated functions, according to a new study. In some cases, an app requested more unnecessary functions than necessary ones. The figures come from NordVPN, which ... examined the five most popular apps in 18 common categories. They repeated the exercise for both Android and iOS, making a combined total of 103 different apps. (Source: nordvpn.com ) Both mobile operating systems now use a permissions system that means apps must request specific permission for different types of access to a phone's data and components ... (view more)

The average ransomware attack now takes less than a day from first breaching a system. It's the first time average attacks can be measured in hours, though ironically it may be a sign of better defenses. The figures comes from researchers at ... Secureworks, who analyze ransomware attacks. They measure dwell time, which is the period between an attacker first gaining access to a system and deploying the ransomware. That's malware which encrypts files, letting the attackers demand a fee to restore access. The average dwell time being under a day is a dramatic development as last year the average ... (view more)

Artificial Intelligence tools aren't as useful for writing malware as it first seemed. However, they may be useful for phishing scams and other social engineering. Two recent security company reports covered by The Register explored how malware ... scammers are particularly interested in AI tools that generate material. The theory goes that such tools could write code designed to exploit vulnerabilities in software and websites. (Source: theregister.com ) It's not a completely outlandish theory as some users have found such tools can efficiently write code for a particular task. It can take ... (view more)

Google says malware creators are using a simple workaround to bypass security on the official Play Store for Android apps. The problem is that the simplest fix would undermine one of the key differences between Android and closed systems such as ... Apple. In theory, all apps in the Play Store are vetted for security, including malware checks. That's one of the reasons Google recommends only using the Play Store, while still giving users the choice to get and install Android software from other sources. The problem is that scammers are using an extremely simply workaround called "versioning". ... (view more)

Researchers say they can accurately figure out what somebody is typing from the sound of their keyboard. The "technique" has some significant practical flaws but is a useful reminder of good password practice. The researchers looked into a theory ... that seems to get tested every few years: that different keys make different sounds. That's partly because they are differing distances from the device recording the audio and partly because the gaps between pressing different letters may vary depending on the typing style. The main difference with this latest test was using deep learning, which aims ... (view more)

The number of 0-day bugs, which give hackers a dangerous advantage, fell in 2022 according to Google. However, the company warns this may risk misleading complacency that forgets other factors. The figures come from Google's Threat Analysis Group, ... which aims to track, identify and report security bugs, regardless of the software or hardware concerned. The logic is that the better Internet security is overall, the better it is for an Internet-dependent business such as Google. For the past nine years, it's put together an annual tally of 0-day bugs. While definitions vary, Google classes them ... (view more)