Security

A popular malware-fighting tool left users unable to access Google and YouTube after a blunder. It's the second time Google has been hit by false positives in the past few weeks. This problem affected Malwarebytes, one of the more popular security ... tools other than those built in to operating systems. Specifically, the problem was with the premium version of Malwarebytes that integrates with web browsers, checks links the user might visit, and blocks the link if it points to a domain believed to pose a security risk. Such risks can include look-alike sites used for phishing scams to try to ... (view more)

A former diplomat says the amount of data shared and sold in the US puts the country at security risk. Karen Kornbluh said businesses gathering data on a large scale created a "national security loophole." She also points to a recent warning that ... China was attempting to gather data, both legally and illegally, about US citizens' health. The country is thought to be looking for blackmail material, for example on people in positions of power who have been treated for mental illness or embarrassing physical complaints. (Source: dni.gov ) Kornbluh previously held senior roles at the Federal ... (view more)

Two more applications have been removed from the Google Play Store after turning out to be a front for malware. As always in such cases, users who already have the apps installed need to uninstall them as this won't happen automatically. The apps in ... question are called Mister Phone Cleaner and Kylhavy Mobile Security. They had 50,000 and 10,000 downloads respectively before Google pulled the listings. The scam in these cases has a couple of key differences from the familiar story of scammers disguising malware as legitimate apps and finding a way to bypass Google's security checks. That ... (view more)

Ransomware scammers are targeting smaller businesses, partly because larger firms are refusing to pay up. Attackers are also more likely to threaten to expose data than in the pass. The statistics come from security company Coveware, which sells ... ransomware response services. While precise figures should be taken with a pinch of salt, the company reports the average (mean) payout to ransomware scammers in the second quarter of 2022 was $228,125, up eight percent on the previous quarter. (Source: coveware.com ) However, it appears that's a case of a few major attacks distorting the average. The ... (view more)

Some Google Play Store apps with more than a million downloads have turned out to house malware. It's a reminder that however good Google's security vetting process is, it's not perfectly reliable. Two security companies, ThreatLabZ and Evina, say ... they found a total of 60 apps that are or have been in the Play Store and house one of four "families" of malware. One type appears to be new and has been dubbed Autolycos by researcher Maxime Ingrao. Promoted via Facebook and Instagram ads, the apps use a common technique. They are listed as carrying out a specific feature, which they ... (view more)

Canadian communications giant Rogers is to give extra credit to customers hit by a 15-hour Internet outage. But regulators want to know more about what caused the problem and how it can be prevented in the future. The outage had a huge impact, ... partly because of the sheer size of Rogers' customer base. It has a reported 11 million customers in a country with a population of 38 million. To make things even worse, the outage also affected some critical infrastructure including emergency phone lines and bank machines. That's prompted the Canadian Radio-television and Telecommunications Commission ... (view more)

At least half the zero-day bugs discovered by Google this year were preventable according to one of its security experts. She pointed to sloppiness by software developers. The claims came in a talk and subsequent blog post by Maddie Stone. She's ... part of Google's Project Zero security program. While precise definitions sometimes vary, the general principle of a zero-day bug is that it's where attackers are exploiting the vulnerability before the software developers have a chance to develop a fix - in most cases because they aren't even aware of the bug. The name comes from the way the ... (view more)

Password manager LastPass will let users prove their identity with a biometric login rather than a master password. It could overcome one of the off-putting points for some users. Like most password managers, LastPass lets users store passwords for ... other websites in a secure vault that's encrypted in a way that means even LastPass itself can't access the information. It's protected with a master password that gives the service its name, the logic being it's the last password a user will ever need to remember. That does mean the master password needs a bit of a Goldilocks quality. It needs to ... (view more)

Three cyber security experts say proposals to scan user devices for illegal material will do more harm than good. They've condemned European proposals to deal with illegal collection of child abuse images. The argument is about "client-side ... scanning" which means looking for images or other material on a user's device, rather than waiting until the images are uploaded to the Internet. It's a controversial practice that Apple has previously explored. It appears to have dropped plans to scan iPhones to look for specific images that matched a database in which children were abused. Although Apple ... (view more)

Nearly half of all leading websites are vulnerable to an audacious hacking method according to a new report. The attacks involve hijacking an account before it has even been created. The scam uses various methods, but usually involves creating an ... account using an email address, then waiting for the actual owner of that email address to attempt to create an account on a specific website. Microsoft's Andrew Paverd and independent researcher Avinash Sudhodanan detailed the problems in a research paper and blog post. (Source: microsoft.com ) They say the "root cause" of the problem is that many ... (view more)