Security

A malicious network of 500,000 computers used to spread malware around the globe has been taken over by do-gooders in an apparent hijack meant to foil cyber criminals. Victims of the botnet have not only found the stealth malware removed from their ... system, but are also receiving an on screen warning to update their computers. It appears the malware creators are themselves the victim of a hack attack by an online vigilante. Phorpiex Botnet a Decade Old, 500k Strong The malware concerned is distributed through the Phorpiex botnet, which has been operating for nearly 10 years. A botnet is a ... (view more)

Ransomware attackers could turn a key Windows security tool against the system, according to new research. The tactic could also evade leading security tools. The research from SafeBreach Labs covered "EFS", otherwise known as Encrypting File ... System. EFS was released as far back as Windows 2000 (in the year 2000), and is somewhat similar to Bitlocker. The main difference between the two is that Bitlocker can encrypt an entire volume, while EFS can encrypt individual files and folders. In either case, the reason for encrypting files / folders or an entire volume is that if an ... (view more)

The National Security Agency (NSA) has told Microsoft about a major Windows 10 bug which also affects Windows Server 2016 and 2019. A patch is already available and is a must install. For the NSA to tell Microsoft about a Windows vulnerability and ... then discuss it publicly is relatively rare. In the past, the NSA has used such security flaws to take advantage of potential suspects, as part of its surveillance program. In this case, the bug was so serious the NSA seems to have concluded any benefits it could gain itself would be more than wiped out by the threat to the general public (and US ... (view more)

An old Internet scam has got a new twist. The new scam makes it appear as if local police have taken over the web browser in order to "fine" the user for "illegal activities". The "police browser locker" scam is an example of what's dubbed scareware ... by preying on a user's paranoia (or guilt). It involves popup window from within the web browser, or an unexpected web page appearing and giving a bogus message demanding payment. A common form of this scam is the infamous Microsoft tech support scam stating that the computer has been infected with malware and the user needs to ... (view more)

Cyber analysts warn Iran may further target the US with cyber attacks as tensions rise in the Middle East. While one federal website has already been compromised for propaganda purposes, the real danger may be to infrastructure, with businesses and ... home users caught in the crossfire. The most eye-catching attack this week involved the website of the Federal Depository Library Program, which was altered to show and Iranian flag and an unflattering picture of the President. However, this doesn't appear to be a particularly sophisticated breach and may well have been the work of amateur hackers ... (view more)

Researchers have spotted new ransomware with a nasty new twist. "Clop," as it's called, doesn't just encrypt files, but deliberately attempts to screw up applications as well. The move is most likely intended to reduce the chances of the ransomware ... being blocked, but also means an attack could be even more disruptive and make it more likely a complete rebuild of the affected PC is necessary. Normally ransomware's main task is to encrypt as many files as possible on a computer. The idea here is to extort the user by forcing them to pay a ransom to regain access to the locked files. ... (view more)

Microsoft has warned users to pay particularly close attention to emails that appear to come from "microsoft.com". A simple trick involving spelling was the key to a security attack that Microsoft believes was instigated by North Korea. A US court ... has given Microsoft legal control of 50 web domains it says were used to carry out cyber attacks on Windows users. It's said to be the work of a group dubbed Thallium operating out of North Korea. Microsoft says the attacks were targeted at "government employees, think tanks, university staff members, members of organizations ... (view more)

Microsoft will officially ditch support for Windows 7 in just a couple of weeks, a decade after the system debuted. It means Microsoft may face a difficult choice over security issues. January 14 will mark the end of Extended Support for Windows 7 - ... the second period of a Windows edition's lifespan. Mainstream support, which is the period when Windows 7 received new features and Microsoft deals with tech queries free of charge, already ended in 2015. (Source: bt.com ) Extended Support is where Microsoft charges for help and where the only updates are to fix security problems and major ... (view more)

A "smart" security camera maker has suffered a significant data breach. No video footage was leaked, but email addresses and details of some home gadgets were exposed. Manufacture Wyze hasn't revealed full details of how the breach happened, but ... denied that the leak was due to using cloud computing in China. According to Wyze, the exposed data covered 2.4 million customers and included "customer emails along with camera nicknames, WiFi SSIDs, Wyze device information, body metrics for a small number of product beta testers, and limited tokens associated with Alexa integrations. ... (view more)

Russian leader Vladmir Putin still uses Windows XP if official photographs are to be believed. Ironically it might actually be a security measure. The photos released by the Russian state news agency show Putin's computers in his Kremlin office and ... his official residence. In both cases the screens are displaying the toolbar and icons from XP, though the default desktop background image is replaced with a picture of the Kremlin. (Source: themoscowtimes.com ) It would certainly be frowned upon (if not entirely shocking) for senior government officials in the West to still be running XP due to ... (view more)