Security

A researcher has found a major bug with Thunderbolt port technology that could undermine major security measures on multiple computer systems. There's a big mitigating factor though: an attacker would need extended physical access to the computer in ... order to carry out the exploit. Thunderbolt is a technology that is similar in concept to USB, but adds fiber optic to the usual copper wires. Compared to USB, Thunderbolt has high speed and capacity. Common uses include super-fast device charging (including laptops), 4K video, and extremely quick data transfers. Originally Thunderbolt was only ... (view more)

A security company says it found a simple way to turn antivirus software into a weapon for attackers. Most major manufacturers have now fixed the problem, but it's a reminder to keep such software updated. The discovery by Rack911 Labs effectively ... meant that a hacker could force the antivirus software to delete files on a computer. That would mean the hacker would need to have gained access to a computer first - whether internally on a network, or remotely using malware. The exploit is based on one of the most fundamental actions of any antivirus software: they scan files, check if they are a ... (view more)

A third-party Android app store has been hit by a big data breach. Aptoide users who registered between 21 July 2016 and 28 January 2018 may be affected. Aptoide works in a same way as Google's own Play app store, but isn't subject to its content ... regulations or security vettings. As with all third-party stores, users must confirm they accept security risks when installing apps from it. A hacker has published data from 20 million users and claims to have details of another 19 million users altogether. That's a big chunk of the 150 million people Aptoide claims have used its service at some ... (view more)

The latest Windows 10 update blunder temporarily left some users without full use of the system's in-built antivirus / antimalware protection. Though enthusiasts quickly spotted a workaround, the problem has now been fixed with a Windows 10 update. ... The initial problem wasn't actually a system update to Windows 10 itself that caused the issue, but rather an antivirus definition update file for Windows Defender. Essentially, a "definition update" contains details of the latest known threats that the tool can immediately deal with. For some users, the problem only arose when running a full scan ... (view more)

Security researchers have warned of 56 infected Android apps that could compromise performance. They've been deleted from the Google Play Store, but could still be on users' phones and tablets. According to Check Point, the apps contain malware ... designed to hijack phones and simulate user actions to click on ads. That could run down batteries and eat into mobile data allowances. (Source: checkpoint.com ) The 56 apps include 24 supposedly aimed at children, and 32 which offer simple utilities. They all work as designed: the problem is what's happening in the background. (Source: express.co.uk ... (view more)

Microsoft has unveiled a range of new features for its Edge browser. They include vertically arranged tabs, enhanced cut and paste, and warnings of potential password breaches. Edge has been somewhat light on new features recently as Microsoft has ... been concentrating on major behind-the-scenes changes. The browser used to run on Microsoft's own code but is now based on Chromium , the same open source code behind Google's Chrome. Microsoft hopes that will tempt over some Chrome users who should be able to use many of their existing browser extension tools in Edge. However, it's also adding some ... (view more)

A new attack on Internet users combines multiple tactics into a nasty strategy. The scam includes hacking routers, redirecting users to bogus sites, and preying on fear to trick people into installing malware. The first step in the attack involved ... the hackers taking control of home and small business routers, with Linksys and D-Link models targeted. Exactly how they are doing this isn't certain, but it appears to involve a brute force attack through the optional feature that lets users access their router settings from any Internet-connected computer. Brute force is effectively an automated ... (view more)

Microsoft has warned users of a significant unpatched security flaw in Windows. It's offered some key steps to take while the problem is being fixed. The problem affects all currently supported versions of Windows, though Windows 7 and 8 machines ... are affected 'critically' according to the Microsoft advisory bulletin. Attacks on Windows 10 machines are considerably more constrained due to its enhanced security features. Microsoft says its currently only aware of targeted attacks on Windows 7 machines, though that could change now the bug has been made public. (Source: microsoft.com ) Adobe ... (view more)

Windows 10's built-in security tool Windows Defender has stopped working properly for some users. There's a workaround for those who want added peace of mind. Exactly what's causing the problem isn't yet clear, but some users are finding both manual ... and automatic scans produce messages such as: "Items skipped during scan: The Windows Defender Antivirus scan skipped an item due to exclusion or network scanning settings." In other cases, the error message reports that the entire scan was skipped. The message isn't proving particularly helpful as it's not clear what items are actually being ... (view more)

A new ransomware variant takes advantage of a Microsoft Excel feature. It's a good reminder to keep security software up-to-date. The variant has been reported by security company Lastline. It involves a known ransomware called Paradise that ... operates in the familiar fashion: the attackers find a way to get remote access to a computer then encrypt files and demand a fee to restore access - sometimes in the tens of thousands of dollars, or much higher. In this case, the attackers try to trick victims into opening a file attachment that creates the opening for accessing the machine. The ... (view more)