Security

A new ransomware variant takes advantage of a Microsoft Excel feature. It's a good reminder to keep security software up-to-date. The variant has been reported by security company Lastline. It involves a known ransomware called Paradise that ... operates in the familiar fashion: the attackers find a way to get remote access to a computer then encrypt files and demand a fee to restore access - sometimes in the tens of thousands of dollars, or much higher. In this case, the attackers try to trick victims into opening a file attachment that creates the opening for accessing the machine. The ... (view more)

Most online attacks don't involve malware, according to newly published figures. It's the first time "fileless techniques" have been in the majority. The figures come from an annual report by security company CrowdStrike. It says it analyzed its own ... customer data along with that from investigations into known attackers and data from reported incidents. According to the report, malware-free attacks made up 51 percent of the total during 2019, up from 40 percent the previous year. The tactics were particularly prevalent in North America, making up 74 percent of attacks. (Source: zdnet.com ) As ... (view more)

Some of the most popular VPN apps for Android are dangerous to use, according to a leading review site. The VPN apps, which are supposed to protect privacy, actually expose users to attacks according to VPN Pro. A VPN, or virtual private network, is ... meant to be a way to boost privacy online. It works by re-routing traffic through a middle-man server to make it appear that your IP is in another location. When configured properly, the VPN effectively creates a secure online connection that means even though data is going through the Internet, it can't be read by anyone other than the sender and ... (view more)

Google has issued a critically important update to its Chrome browser due to a nasty zero day bug. The browser should update automatically for most users, but the bug is serious enough that it's a case of checking to ensure that the update has been ... successfully applied. The update fixes three security problems, one of which is a critical. It means hackers were actively exploiting the problem before Google fixed it - meaning the update process gave users a zero day head start on the bad guys (hence the term, ' zero day exploit '). Perhaps unsurprisingly, Google isn't saying much at all about ... (view more)

Ransomware forced an unplanned shutdown of a US gas pipeline for two days. It's not yet clear if the attackers intended to have that effect. The full details, including the identity of the pipeline and its operators, have been kept under wraps. The ... only official information that's been made public comes from a security alert bulletin by the Department of Homeland Security (DoHS). (Source: us-cert.gov ) The attack started as an all-too-familiar "spear phishing" attack. That's a deliberately targeted email that tries to fool somebody (that typically works for a corporation) into clicking on a ... (view more)

Google says phone and tablet makers who alter Android's code to add security measures may actually be undermining security. It says device manufacturers should stick to Android's own measures. Jann Horn of Google's Project Zero security team ... specifically pointed to an alteration made by Samsung for the Galaxy A50 phone, which he says contained a bug that made the device vulnerable to attack. He says he discovered and reported the bug to Samsung in September 2018 but it wasn't patched until Samsung's security updates released this month. (Source: blogspot.com ) Ironically Horn believes the ... (view more)

Google has removed more than 500 rogue Chrome extensions that were scamming both computer users and advertisers. Some rogue extensions have been operating for more than a year. The rogue extensions were spotted by security researcher Jamila Kaya and ... Jacob Rickerd of Cisco. They used a Cisco security tool called CRXcavator that's specially designed to assess Chrome extensions. (Source: duo.com ) The pair worked on a project to try to spot common patterns of bogus extensions. They started by assessing "a few dozen" extensions they knew to be rogue and were able to use patterns to expose 70 ... (view more)

Reported cyber crime has more than doubled in the last two years according to the FBI. Over 60s are the group with the biggest value losses. The figures come from the FBI's Internet Crime Complaint Center (IC3), a central resource for reporting ... cyber crime. The IC3 works with local and national agencies and businesses to coordinate work on cyber threats and identify particular patterns of risk. In 2019 it received 467,361 complaints with the reported losses topping $3.5 billion . That's up from $2.7 billion in 2018 and $1.4 billion in 2017. (Source: bbc.co.uk ) Part of the rise may be people ... (view more)

Researchers have warned of a sneaky trick that uses malware to collect passwords for online banking. The "Metamorfo" malware disables autocomplete to force users to retype passwords that can then be hijacked. Metamorfo is familiar to security ... researchers, but has developed two new characteristics. The first is that it no longer targets only financial institutions in Brazil, but has expanded to other countries. The seconds is a new tactic to make it more effective. The malware works in a familiar fashion. It's distributed through a .ZIP file that's disguised as an invoice attached to ... (view more)

A computer security company claims malware attacks are on the decrease. The difference appears to be that criminals are more closely targeting attacks, which could be good news for the average user. The figures come from Sonicwall, which offers ... firewalls and other cyber security solutions. The data is based on the attacks and attempted attacks it detected among customers covering 1.1 million sites in 215 countries. (Source: sonicwall.com ) Although the actual numbers it gives aren't necessarily meaningful, the year-on-year comparisons between its new report covering 2019 and the one it did ... (view more)