Security

Three cyber security experts say proposals to scan user devices for illegal material will do more harm than good. They've condemned European proposals to deal with illegal collection of child abuse images. The argument is about "client-side ... scanning" which means looking for images or other material on a user's device, rather than waiting until the images are uploaded to the Internet. It's a controversial practice that Apple has previously explored. It appears to have dropped plans to scan iPhones to look for specific images that matched a database in which children were abused. Although Apple ... (view more)

Nearly half of all leading websites are vulnerable to an audacious hacking method according to a new report. The attacks involve hijacking an account before it has even been created. The scam uses various methods, but usually involves creating an ... account using an email address, then waiting for the actual owner of that email address to attempt to create an account on a specific website. Microsoft's Andrew Paverd and independent researcher Avinash Sudhodanan detailed the problems in a research paper and blog post. (Source: microsoft.com ) They say the "root cause" of the problem is that many ... (view more)

Google is making it easier to change passwords on an Android device after a security breach. It's automating much of the process through the Google Assistant feature. It works with the saved passwords tool on Chrome, which can automatically fill in ... user names and password fields on websites. The passwords themselves are then stored securely in the user's Google account, which is one of the reasons it's so important to keep the Google password secure. On both desktop and mobile devices, Chrome can already warn users if their saved login details for a particular site is known to have been ... (view more)

Two separate reports point to a spike in zero-day bugs . That's when would-be attackers trying to exploit a bug have a head-start over developers who are trying to fix and patch it. When software developers discover a security vulnerability (or are ... told about it by responsible researchers), they are in a race against time to find and roll out a fix before attackers discover it and start trying to take advantage. Often they'll only have a matter of days. A zero-day bug is defined as one whose existence is (or was) discovered by hackers before it is known to the software developers. That means ... (view more)

A new variant of Android malware quite literally hides its activities. 'Octo' darkens the screen so that users can't see it stealing data. Researchers at Threat Fabric say the malware takes advantage of a built-in Android feature called ... "STREAM_SCREEN". It's not quite a live feed, but remotely transmits around one screenshot a second. (Source: threatfabric.com ) The scammers then misuse an accessibility feature in Android to remotely control the device. The stream screening lets them see what they are doing, despite not having physical access. Black Screen Disguise The sneakiest ... (view more)

Google has issued a third zero-day bug warning for Chrome this year. While the browser will auto-update, it's a reminder not to leave it open indefinitely. In short, a zero-day bug refers to the time developers discovered the problem and were able ... to roll out a fix. Ideally, they'll have a head start and can either get the patch in place before would-be attackers even start working on exploiting it. In this case, however, attackers not only know about the bug but are already taking advantage before developers can roll out a fix. Memory Compromised This particular bug is described as a "type ... (view more)

Microsoft is releasing a major security update to Windows 11 that could theoretically block malicious applications completely. It's such a fundamental change in the operating system that it will require a reset and clean installation of Windows. At ... the moment, most of the built-in security on Windows uses two main approaches. One is to scan any files or links the user wants to open or download, then alerts the user if they match any know threats. This is referred to as file and link scanning. The other is to scan files on the hard drive to look for anything suspicious. This is usually done in ... (view more)

Scammers who don't want to write their own malware can now pay just $20 to start a campaign of attacks. They can then customize their "bait" with Windows installations and non-fungible tokens (NFTs) among the ways to target users. The malware is ... available on dark web sites. These are sites that are part of the world wide web, but set up in a way that means they aren't indexed by search engines. That makes them suitable for people who don't want their activities easily traced. A piece of malware called BitRAT costs just $20 for lifetime access. The name derives from "remote ... (view more)

A security researcher has warned that a fake browser could be used to more effectively scam users into handing over login details. Password managers and similar tools may be one way to combat the tactic. The warning comes from a security researcher ... who chooses to use the pseudonym mrd0x. They dubbed the approach a "browser-in-the-browser" attack. (Source: mrd0x.com ) The tactic would take advantage of websites that have registration and accounts but let users sign in with a third party account such as Google or Facebook. This works by displaying a pop-up window that's hosted by the ... (view more)

Microsoft has warned users that a "wipe clean" option in Windows won't remove all files thanks to an ongoing bug. It's mainly a practical problem for anyone planning to sell or give away a computer with hopes of removing all personal data prior. The ... problem is specifically with the reset option in Windows that lets users "reinstall" the system without needing to download files or create a USB or DVD boot disc. This option always removes all installed applications, but users have a choice whether or not to also remove files such as documents. When they choose "remove everything", ... (view more)