Security

Sat
01
Jan
John Lister's picture

LastPass Blunder Causes Security Scare

Users of popular password manager tool LastPass have reported worrying emails that suggest their master passwords have been compromised. LastPass says the emails may have been sent mistakenly and that it has no evidence of any security breach. Like ... most such tools, LastPass let users create a single memorable password, the name coming from the idea it's the "last password" users will ever need to remember. This password is necessary to unlock a private vault of stored encrypted passwords for other sites. One of the big keys to the service is that LastPass itself has no access to the master ... (view more)

Thu
16
Dec
John Lister's picture

Mozilla Beefs Up Browser Security with 'RLBox'

Mozilla has announced a rethink of a key technology used to make web users safer. The latest update to its Firefox browser improves the "sandboxing" approach. One of the biggest security concerns with web browsers is the way a single application ... (the browser) can handle data from multiple sites open in different tabs. It creates the risk that a compromised site could access data from another site; for example, one tab might display or transmit emails, login details or financial information. The way browsers tackle this risk is called sandboxing. That means telling operating systems such as ... (view more)

Wed
15
Dec
John Lister's picture

Android Scammers Try New Tactics

Google has cracked down on a key method that scammers used to distribute Android malware through the Play app store. But like a game of whack-a-mole, the scammers are adjusting their tactics for greater success. The Google change is to the way it ... handles accessibility tools on Android devices. These include screen-readers, voice input systems and other modifications for users to interact with the device. Such tools often need access to key components such as the camera, microphone or speakers, access that can be abused by malware. Google relaxes the security and permissions system on such ... (view more)

Mon
13
Dec
John Lister's picture

Microsoft Uses US Courts to Disrupt Chinese Hackers

Microsoft has taken control of websites - or rather their domain names - believed to be uses by Chinese hackers. It's the latest example of a tactic that overcomes the usual problems of dealing with an international online threat. According to ... Microsoft, the "Nickel" group is based in China and is a "nation-state actor": in other words, it at the very least has the backing of the Chinese government. It uses a variety of tactics to try to spy on victims and intercept their data. Targets include government agencies and human rights groups. Microsoft somewhat understatedly says there's "often a ... (view more)

Tue
02
Nov
John Lister's picture

Report: Cyber Crime Lowest in Denmark, US Ranks #3

The United States is the third safest country for cyber crimes according to a newly-published study. However, the methodology means that might not reflect the actual risk to users. The figures come from Seon, a security company that specializes in ... automatically detecting online fraud. That makes the results (and the decision to publish them) a little surprising as such a company would have an obvious interest in suggesting cyber crime is a particularly big risk in larger, wealthier countries full of potential customers. Overall the results showed Denmark as the safest country, just ahead of ... (view more)

Mon
25
Oct
John Lister's picture

Apple Patches Major iPhone Bug linked to Gov't Spying

Apple has released a patch for a potentially serious iPhone bug. It's worth double-checking the patch was installed automatically and forcing it to do so if it has not. The fix comes in version 15.0.2 of iOS and patches an actively exploited ... zero-day bug. That means attackers not only know about the security hole but were already using it before Apple could release a fix. In other words, Apple had a "zero days" head start in the battle between patching and hacking. The bug involves memory corruption and means a correctly-targeted attack could allow malware to access parts of the memory that ... (view more)

Wed
20
Oct
John Lister's picture

Google USB Security Keys Free for Many

Google is giving free USB security keys to around 10,000 users whose accounts are at particular risk. They include politicians and human rights activists. The move follows a targeted campaign linked to Russian hackers to try to trick such users into ... revealing their passwords. The attackers could then not only look for sensitive information in email archives but also use the hijacked accounts to spread misinformation. The USB keys use the two-factor authentication approach , adding an extra level of protection, meaning that simply getting somebody's password wasn't necessarily enough to get ... (view more)

Tue
19
Oct
John Lister's picture

Google Enables '2-Step Verification' as Default

Google is switching on two-factor authentication by default for 150 million users. It's also making it mandatory for two million people who upload videos to YouTube. The system means no longer relying on passwords as the only way to control access ... to account. Instead it adds a second method such as getting a security code on a particular phone. Two-Factor versus "Two-Step" Verification Google calls the concept two-step verification, though that doesn't really describe it properly. The more commonly used "two factor" term refers to the idea of combining different types of ... (view more)

Fri
15
Oct
John Lister's picture

Android Phones Susceptible to 'FluBot' Malware

Scammers have developed a new tactic to spread malware. It's a piece of evil genius with the emphasis strictly on the evil. The scam involves a piece of malware that targets Android phones. It's dubbed FluBot, though that appears to be more a ... reference to the way it's designed to quickly spread rather than having any connection to human illnesses. FluBot first appeared earlier this year in a fairly conventional form. It starts with unsolicited text messages claiming to be from a courier company that was unable to make a delivery. The culprits appear to have been taking advantage of people ... (view more)

Mon
20
Sep
John Lister's picture

Apple Patches Critical Image Preview Bug

Apple has patched a security flaw that could compromise phones and tablets just by users receiving a message. The exploit would use an attachment in iMessages but wouldn't require the user to click or open it. It's a potentially very serious flaw ... though ironically that may be the saving factor for most ordinary users. Because it's so serious, experts believe it's most likely to be used for highly targeted attacks. The bug was discovered by researchers at the University of Toronto, who say it's an example of "zero-click spyware". While they've seen similar attacks on Apple devices before, it's ... (view more)

Pages

Subscribe to RSS - Security