Security

Google is testing a new way of showing a web page address in the browser. It hopes that simply showing the domain name will make it easier for users to spot phishing scams - as already happens with some rival browsers. At the moment most browsers ... will show the entire web page address (URL) in the address bar. That's the box near the top of the screen that has a dual purpose in most browsers: it shows the current page address but is also where users type in both addresses and search terms. A study for Google looked at ways scammers can take advantage of the browser bar. One example was the ... (view more)

Security researchers spotted a major flaw in a processor that's in more than a billion Android phones. It's been fixed now, but highlights the importance of a couple of key security measures users should take. Researchers at Check Point say they ... spotted the errors on a processor from Qualcomm that's used on more than 40 percent of cellphones. The processor is known as a "system on a chip" (SoC) because it combines hardware and software in a single unit. The processor controls some key functions on a phone including charging, video and audio. Because it's a system on a chip, it runs partially ... (view more)

Microsoft has revealed it paid more than $13 million in bounties to people who reported security bugs in the past 12 months. It's three times the amount for the previous year, raising questions about Microsoft's attitude to security. Like many tech ... firms, Microsoft has a series of programs that pay rewards for reports of vulnerabilities. It's not so much meant as a way to compete against the potential earnings of would-be cyber criminals. Instead, it's meant as an incentive for legitimate independent security researchers to put their efforts into a particular application, device or platform. ... (view more)

PayPal has released a list of tips for avoiding scam emails. It follows officials in the UK receiving more than a thousand reports of phishing emails in just one day. The reports were about a series of fake emails claming to be from PayPal . They ... followed a familiar format of claiming the recipient's account had been limited because of a violation of the company's Acceptable Use Policy. (Source: countypress.co.uk ) The messages included a link supposedly pointing to PayPal for the user to log in and confirm their identity. In fact the link took the user to a fake page designed to trick them ... (view more)

Windows 10 users have been warned to watch out for an error message that could mean their PC is less secure than normal. Thankfully the glitch can be fixed with a simple restart. The problem affects two key security measures, one of which may be ... used on company networks and the other is more likely to be harnessed by expert users. In both cases, it's worth employees pointing out the error message to company IT staff if it appears. Microsoft says one of two messages will appear if the error is triggered: "ERROR_VSMB_SAVED_STATE_FILE_NOT_FOUND (0xC0370400)" or "E_PATHNOTFOUND (0x80070003)" ... (view more)

Politicians on both sides of the Atlantic are considering laws to tighten cyber security for the so-called Internet of Things (IoT). The rules would cover devices that aren't traditional computers or phones but still connect to the Internet. The ... United States Congress is considering the Internet of Things Cyber Security Improvement Act. It's been examined by a Senate committee and is currently awaiting a date to be examined by the Senate as a whole. However, there's no guarantee it will be heard before the end of the year and newly elected or re-elected Senators taking their seats. Agency To ... (view more)

A new strain of Android malware targets both social media accounts and online banking. It's a reminder of the risks of installing software from outside of the official Google Play store. The malware is dubbed BlackRock and appears to ultimately ... derive from the code used in an attack called LokiBot. Now thought to be inactive, LokiBot attempted to gain access to financial accounts through banking and related apps. One technique involved using automated scripts to login to a PayPal account and transfer money to the scammers. (Source: threatfabric.com ) BlackRock looks to take the same tactics ... (view more)

Microsoft is testing a new Windows 10 security measure that could neutralize a malware technique. It's called Kernel Data Protection and will protect part of a computer's memory from tampering. The idea is to protect two key software parts of a ... computer: the operating system kernel and drivers. The kernel is the most central part of a system and acts a little like a central command point, deciding what the computer does at any precise moment. Meanwhile, drivers control the way the operating system communicates and interacts with hardware devices. Within the computer's memory, the kernel is ... (view more)

An email with a "winky face" for a subject line has helped a malware campaign become one of the most widespread in the world. It's a scam to expand the reach of the Phorpiex botnet which distributes spam and malware from infected machines to others ... online the Internet. According to researchers at security company Check Point, Phorpiex jumped from the 13th most detected malware campaign in May to the number two slot last month. It reports that one in 50 organizations suffered at least one attempted breach from Phorpiex last month. (Source: zdnet.com ) Ransomware, Botnets and Blackmail The ... (view more)

Windows 7 computers running the Zoom videoconferencing tool are at risk from a "zero day" vulnerability. It's a reminder of the dangers of an outdated operating system. The problem will be fixed in a patch by Zoom itself rather than from Microsoft. ... Microsoft dropped support for Windows 7 on January 14 this year, meaning it doesn't offer security updates or fix any bugs. A zero day vulnerability is one that is known by somebody other than the developer or manufacturer before a fix is ready. In effect, the developers have "zero days" of head start distributing the fix before people can start ... (view more)