code

Two US government apps have been revealed as using code from a Russian company that falsely claims to be based in the US. It's also claimed one of that company's developers has a history with malware. The initial revelation came from Reuters which ... highlighted "thousands" of smartphone apps included code from a company called Pushwoosh. The apps included one for the Centers for Disease Control and Prevention and another used by the US Army. Both have now removed the code. (Source: reuters.com ) The Pushwoosh code lets apps put together profiles of users and send notifications without ... (view more)

Mozilla has announced a rethink of a key technology used to make web users safer. The latest update to its Firefox browser improves the "sandboxing" approach. One of the biggest security concerns with web browsers is the way a single application ... (the browser) can handle data from multiple sites open in different tabs. It creates the risk that a compromised site could access data from another site; for example, one tab might display or transmit emails, login details or financial information. The way browsers tackle this risk is called sandboxing. That means telling operating systems such as ... (view more)

Apple has patched a security flaw that could compromise phones and tablets just by users receiving a message. The exploit would use an attachment in iMessages but wouldn't require the user to click or open it. It's a potentially very serious flaw ... though ironically that may be the saving factor for most ordinary users. Because it's so serious, experts believe it's most likely to be used for highly targeted attacks. The bug was discovered by researchers at the University of Toronto, who say it's an example of "zero-click spyware". While they've seen similar attacks on Apple devices before, it's ... (view more)

Google says phone and tablet makers who alter Android's code to add security measures may actually be undermining security. It says device manufacturers should stick to Android's own measures. Jann Horn of Google's Project Zero security team ... specifically pointed to an alteration made by Samsung for the Galaxy A50 phone, which he says contained a bug that made the device vulnerable to attack. He says he discovered and reported the bug to Samsung in September 2018 but it wasn't patched until Samsung's security updates released this month. (Source: blogspot.com ) Ironically Horn believes the ... (view more)

The Chrome browser may soon put less drain on processors and battery life in Windows 10. Perhaps surprisingly, that's because of changes made by Microsoft rather than Google. The relevant tweaks were discovered by Microsoft as part of its work to ... rebuild the Edge browser that comes with Windows 10. Originally it ran on Microsoft code, but the new version of Edge is now based on Chromium. For those unaware, Chromium is an open source project, which is the basis of Google's Chrome browser. Microsoft found one cause of battery drain was disk caching during online video playback. In simple terms ... (view more)

Most people know not to open an executable file or document attached to an email unless they were expecting it. But a new example of malware means even an audio file could trigger a payload. Researchers at Blackberry Cylance Threat recently ... uncovered malicious code hidden inside WAV files. That's a computer format for audio that was common for music on PCs before MP3 became established. The attackers are using a technique called steganography, which is a way to hide a file inside another file in a way that normally cannot be detected. Steganography has previously been used in image files, and ... (view more)

Sources close to Microsoft suggest that the company may ditch its Edge browser as the default option in Windows 10. Its replacement would run on the same underlying code as Google's Chrome. While Edge has failed to win the hearts of most users, it ... appears the main reason behind the move is that site developers are tired of having to do extra work to make their sites work on the browser. The most recent statistics show Chrome dominating the browser market, being used on more than 70 per cent of computers, compared with just four percent running Edge. Given that Edge is the default option on ... (view more)

Scammers used a computer code loophole to trick more than a million people into downloading a rogue Android app. The fake variant of WhatsApp appears to have been designed to distribute ads. The bogus app took advantage of the popularity of the ... genuine WhatsApp Messenger, which has been downloaded more than 60 million times on Google Play alone. It's a tool for exchanging messages with friends or groups over the Internet rather than eating into SMS text message allowances. Extra Space Went Unseen "Update What's App Messenger" was one of numerous bogus apps that tried to mislead users with ... (view more)

Russian-backed hackers appear to have the ability to remotely shut down power stations, researchers claim. However, the cyber weapon appears to only have been successfully deployed once so far. Two companies, Dragos Inc and ESET, have revealed their ... analysis of malware that was used in an attack on a transmission station in Kiev, the Ukrainian capital, last December. The outage lasted for an hour and blacked out buildings that normally use 20 percent of the city's electricity. (Source: washingtonpost.com ) Malware Easily Customized The researchers say the malware, which they've dubbed ... (view more)

Motion sensors in smartphones could give away your lock code to hackers according to new research. But practical limitations mean related attacks might have to be specifically targeted. Researchers at Newcastle University explored the idea that ... tools such as accelerometers, gyroscopes, compasses and GPS chips in phones could reveal more detail than users realize. The tools are used for a variety of functions such as location tracking, fitness tracking and gesture control such as a user turning a phone face down to instantly switch it to "do not disturb" mode. Their theory was that ... (view more)