Security

Thu
04
Aug
John Lister's picture

New Android Malware Discovered

Some Google Play Store apps with more than a million downloads have turned out to house malware. It's a reminder that however good Google's security vetting process is, it's not perfectly reliable. Two security companies, ThreatLabZ and Evina, say ... they found a total of 60 apps that are or have been in the Play Store and house one of four "families" of malware. One type appears to be new and has been dubbed Autolycos by researcher Maxime Ingrao. Promoted via Facebook and Instagram ads, the apps use a common technique. They are listed as carrying out a specific feature, which they ... (view more)

Mon
01
Aug
John Lister's picture

Canadian Internet Outage Has Repercussions

Canadian communications giant Rogers is to give extra credit to customers hit by a 15-hour Internet outage. But regulators want to know more about what caused the problem and how it can be prevented in the future. The outage had a huge impact, ... partly because of the sheer size of Rogers' customer base. It has a reported 11 million customers in a country with a population of 38 million. To make things even worse, the outage also affected some critical infrastructure including emergency phone lines and bank machines. That's prompted the Canadian Radio-television and Telecommunications Commission ... (view more)

Wed
20
Jul
John Lister's picture

Software Updates May Bring Back Zero-day Bugs

At least half the zero-day bugs discovered by Google this year were preventable according to one of its security experts. She pointed to sloppiness by software developers. The claims came in a talk and subsequent blog post by Maddie Stone. She's ... part of Google's Project Zero security program. While precise definitions sometimes vary, the general principle of a zero-day bug is that it's where attackers are exploiting the vulnerability before the software developers have a chance to develop a fix - in most cases because they aren't even aware of the bug. The name comes from the way the ... (view more)

Tue
28
Jun
John Lister's picture

Password Manager Goes Passwordless

Password manager LastPass will let users prove their identity with a biometric login rather than a master password. It could overcome one of the off-putting points for some users. Like most password managers, LastPass lets users store passwords for ... other websites in a secure vault that's encrypted in a way that means even LastPass itself can't access the information. It's protected with a master password that gives the service its name, the logic being it's the last password a user will ever need to remember. That does mean the master password needs a bit of a Goldilocks quality. It needs to ... (view more)

Mon
27
Jun
John Lister's picture

Device Scanning By Cops Causes Outrage

Three cyber security experts say proposals to scan user devices for illegal material will do more harm than good. They've condemned European proposals to deal with illegal collection of child abuse images. The argument is about "client-side ... scanning" which means looking for images or other material on a user's device, rather than waiting until the images are uploaded to the Internet. It's a controversial practice that Apple has previously explored. It appears to have dropped plans to scan iPhones to look for specific images that matched a database in which children were abused. Although Apple ... (view more)

Tue
07
Jun
John Lister's picture

New 'Pre-Hijacking' a Threat to User Accounts

Nearly half of all leading websites are vulnerable to an audacious hacking method according to a new report. The attacks involve hijacking an account before it has even been created. The scam uses various methods, but usually involves creating an ... account using an email address, then waiting for the actual owner of that email address to attempt to create an account on a specific website. Microsoft's Andrew Paverd and independent researcher Avinash Sudhodanan detailed the problems in a research paper and blog post. (Source: microsoft.com ) They say the "root cause" of the problem is that many ... (view more)

Thu
19
May
John Lister's picture

Google Offers Hassle-Free Way To Update Leaked Passwords

Google is making it easier to change passwords on an Android device after a security breach. It's automating much of the process through the Google Assistant feature. It works with the saved passwords tool on Chrome, which can automatically fill in ... user names and password fields on websites. The passwords themselves are then stored securely in the user's Google account, which is one of the reasons it's so important to keep the Google password secure. On both desktop and mobile devices, Chrome can already warn users if their saved login details for a particular site is known to have been ... (view more)

Tue
03
May
John Lister's picture

Report: Zero Day Bugs On The Rise

Two separate reports point to a spike in zero-day bugs . That's when would-be attackers trying to exploit a bug have a head-start over developers who are trying to fix and patch it. When software developers discover a security vulnerability (or are ... told about it by responsible researchers), they are in a race against time to find and roll out a fix before attackers discover it and start trying to take advantage. Often they'll only have a matter of days. A zero-day bug is defined as one whose existence is (or was) discovered by hackers before it is known to the software developers. That means ... (view more)

Mon
25
Apr
John Lister's picture

Android Malware Hides Behind Black Screen

A new variant of Android malware quite literally hides its activities. 'Octo' darkens the screen so that users can't see it stealing data. Researchers at Threat Fabric say the malware takes advantage of a built-in Android feature called ... "STREAM_SCREEN". It's not quite a live feed, but remotely transmits around one screenshot a second. (Source: threatfabric.com ) The scammers then misuse an accessibility feature in Android to remotely control the device. The stream screening lets them see what they are doing, despite not having physical access. Black Screen Disguise The sneakiest ... (view more)

Sat
23
Apr
John Lister's picture

Chrome Gets Urgent Patch for Zero-Day Exploit

Google has issued a third zero-day bug warning for Chrome this year. While the browser will auto-update, it's a reminder not to leave it open indefinitely. In short, a zero-day bug refers to the time developers discovered the problem and were able ... to roll out a fix. Ideally, they'll have a head start and can either get the patch in place before would-be attackers even start working on exploiting it. In this case, however, attackers not only know about the bug but are already taking advantage before developers can roll out a fix. Memory Compromised This particular bug is described as a "type ... (view more)

Pages

Subscribe to RSS - Security