Security

Russian leader Vladmir Putin still uses Windows XP if official photographs are to be believed. Ironically it might actually be a security measure. The photos released by the Russian state news agency show Putin's computers in his Kremlin office and ... his official residence. In both cases the screens are displaying the toolbar and icons from XP, though the default desktop background image is replaced with a picture of the Kremlin. (Source: themoscowtimes.com ) It would certainly be frowned upon (if not entirely shocking) for senior government officials in the West to still be running XP due to ... (view more)

A bug in the way Windows handles fonts could leave computers open to a "drive-by attack" - as long as the machine is connected to the Internet. It's among the vulnerabilities fixed in the latest Windows security update. All versions of Windows are ... affected . The bug involves the way Windows deals with embedded fonts. An embedded font means that the document includes the code for the font itself. It's generally used where a document or web page designer wants users to see a specific font that's not widely installed on computers. The bug means an embedded font could be coded in a way ... (view more)

Mozilla has removed security tools from Avast and AVG from the Firefox extension store. It says the tools are collecting too much personal data about users. The extensions are third-party tools for the Firefox browser that add extra functionality to ... web browsing. In this case, the advertised purposes include highlighting and blocking malware that could be downloaded, and warning users when a page may be part of a phishing attack. That's where a user is tricked into typing in personal details into what they think is a legitimate site. Mozilla acted after online posts by Wladimir Palant, who ... (view more)

Security researchers say a serious Android bug could let malware pose as a legitimate app and gain unwanted access to a phone's data and functions. The concept of the 'StrandHogg' bug has been known for several years, but now it's being actively ... exploited to target online banking. In simple terms, the bug has two unwanted effects: it can trick users into giving malware sensitive 'permissions' to access the phone, and it can hijack legitimate apps to trick users into handing over login details and sensitive information. Researchers at Promon explain the bug is with a security setting called ... (view more)

A bogus "Windows Update" distributed by email is, perhaps unsurprisingly, actually ransomware. It shouldn't fool most users but makes it a good time to remind less tech-savvy PC owners of the need to take necessary precautions. The unsolicited ... emails have a subject line of either "Critical Microsoft Windows Update!" or "Install Latest Microsoft Windows Update now!" Those who open the email will then see a message that says (complete with opening typo) "PLease install the latest critical update from Microsoft attached to this email." (Source: trustwave.com ) $500 Ransom Demand It seems a safe ... (view more)

A man who launched millions of separate attacks on websites has been jailed for 13 months for conspiracy to damage Internet-connected computers. Sergiy Usatyuk, who is 20, offered an attacks-for-hire service using Distributed Denial of Service ... (DDoS) tactics. A Denial Of Service attack is a crude but often effective technique that simply involves flooding a site with bogus "visits" until the web server becomes overloaded, which then causes the website to become inaccessible for ordinary users. It's roughly equivalent to tying up a company's switchboard with prank calls. The "distributed" ... (view more)

Google is to use outside help to scan apps before they go into the Google Play store. It says the move is needed to cope with the continuing increase in the number of rogue Android apps. Just two weeks ago, 21 Android apps were reported to be rogue ... ; in early September, 24 apps were found to be rogue . The new "App Defense Alliance" involves Google working with three security companies, namely: ESET, Lookout and Zimperium. They all specialize in mobile security with a particular emphasis not just on spotting individual rogue apps, but on figuring out common characteristics and clues ... (view more)

Most people know not to open an executable file or document attached to an email unless they were expecting it. But a new example of malware means even an audio file could trigger a payload. Researchers at Blackberry Cylance Threat recently ... uncovered malicious code hidden inside WAV files. That's a computer format for audio that was common for music on PCs before MP3 became established. The attackers are using a technique called steganography, which is a way to hide a file inside another file in a way that normally cannot be detected. Steganography has previously been used in image files, and ... (view more)

Security researchers have exposed more than 20 rogue Android apps that secretly load ads as part of a scam. The rogue apps perform their advertised tasks for cyber criminals, but also drain batteries and overheat phones in the process. It's another ... embarrassment for Google as all the apps were found in the official Google Play Store, which is designed to vet apps to reduce the chances of malicious activity. Remove These Rogue Android Apps Now Researchers at ESET antivirus say they found 42 apps have been part of an orchestrated campaign running since July last year. They were able to ... (view more)

Facebook is set to face a $35 billion class action lawsuit over claims it used facial recognition tools without permission. The case will proceed despite Facebook's protest that no one suffered direct financial losses. The case is taking place in ... Illinois, where three individual lawsuits from 2015 were combined into a single class action case. It's based on Facebook using automated recognition on uploaded photographs. The way it works is like this: let's say that Bob uploads a photograph to Facebook, which also includes his friend Alice. After the upload is complete, Facebook scans the ... (view more)