security

Microsoft has competition in the market for extending Windows 10 after its scheduled end of life. An independent company is promising simple-to-use security updates - with a cost. Officially, Microsoft will stop issuing free security updates for ... Windows 10 after October 14, 2025, just over 10 years after the system was released. That's not got a great reaction given Microsoft heavily implied there would be no new version after 10, and that it has arguably made Windows 11 an unnecessarily difficult upgrade through new hardware security requirements. If all goes to plan, anyone wanting to keep ... (view more)

This month's Microsoft "Patch Tuesday" update includes a fix for a major threat in Outlook. The bug means simply opening an email can trigger the attack. The update should have been applied to most systems by now, but some users may have shut off ... Windows Update, in which case it is recommended to re-enable and patch immediately. The threat, discovered by security company Morphisec, is a remote code execution vulnerability. That's particularly nasty as it gives an attacker the ability to remotely operate on the victim's computer. They could then spread malware, install ransomware or attempt to ... (view more)

Google says it blocked 2.28 million potentially malicious apps from getting into the official Play store last year. It stopped or paused a further 200,000 which didn't correctly use the permissions system. The figure for malicious app blocks is up ... almost half compared with 2022. Google didn't say conclusively whether that means more scammers are trying their luck or if it simply did a better job of detecting them. However, it did note the 2023 figure was "in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review ... (view more)

Microsoft has released one of the biggest Patch Tuesday updates ever. It includes 149 security fixes, including two "zero day bugs". Some reports suggest this is the most fixes in any monthly Microsoft update while others suggest it is "merely" the ... biggest in the past seven years. Either way, this is not a month for anyone who chooses to install Windows security fixes manually to hang about. Three of the fixes are for bugs Microsoft classes as "critical", meaning attackers could exploit them without requiring any action by the user. Almost all the rest are "important," meaning the attacker ... (view more)

Google has revealed it paid $10 million in bounties to people who spotted security bugs in its products last year. More people earned rewards than in an equivalent Microsoft program, though Google paid out less per person. Such programs are designed ... not only to boost security but to encourage security researchers to work for good, rather than exploit bugs. However, critics say tech companies should put more of their resources into making software as bug-free as possible to start with. Google paid out a total of $10 million in 2023, split between 632 researchers in 68 countries. The highest ... (view more)

Microsoft has fixed two bugs which bypassed Windows security measures. Both were actively exploited before the fix, making it vital to install the updates. The fixes come in this month's "Patch Tuesday" update, the main monthly security update that ... Microsoft officially calls the "B update". It should download and install without further action for anyone with automatic updates switched on, but may need a reboot to complete. Both bugs affect most supported versions of Windows, including 10, 11 and Windows Server. Microsoft rates the two bugs as "important" and "moderate" respectively, though ... (view more)

Apple is beefing up security measures to reduce the damage caused by iPhone thefts. The new "Stolen Device Protection" feature is opt-in, possibly because it comes at the expense of convenience. The feature is designed for cases when somebody steals ... a device and successfully enters the passcode. That could happen when a thief spots somebody typing in the passcode before they steal the handset. It could also happen if the thief knows some details about the victim and they have a predictable passcode such as a birth date. Anyone who unlocks a phone will still be able to use it and access apps ... (view more)

Tougher rules mean digital device and software manufacturers will have to report security breaches more quickly. They'll also have to offer security patches for at least five years. The rules come from the European Union. They technically only cover ... products sold in EU member countries, though in many such cases manufacturers change their behavior worldwide to comply with the rules. The financial penalties for breaking the rules take into account global turnover. The rules, which will become the Cyber Resilience Act, cover "products with digital elements." These include smart and connected ... (view more)

Google says malware creators are using a simple workaround to bypass security on the official Play Store for Android apps. The problem is that the simplest fix would undermine one of the key differences between Android and closed systems such as ... Apple. In theory, all apps in the Play Store are vetted for security, including malware checks. That's one of the reasons Google recommends only using the Play Store, while still giving users the choice to get and install Android software from other sources. The problem is that scammers are using an extremely simply workaround called "versioning". ... (view more)

The number of 0-day bugs, which give hackers a dangerous advantage, fell in 2022 according to Google. However, the company warns this may risk misleading complacency that forgets other factors. The figures come from Google's Threat Analysis Group, ... which aims to track, identify and report security bugs, regardless of the software or hardware concerned. The logic is that the better Internet security is overall, the better it is for an Internet-dependent business such as Google. For the past nine years, it's put together an annual tally of 0-day bugs. While definitions vary, Google classes them ... (view more)