Security

Wed
24
Apr
John Lister's picture

WiFi Hotspot App Leaks 2M Passwords, Many Residential

An app designed to make it easier to get on public WiFi has accidentally exposed more than two million WiFi passwords. It appears to be a case of terrible design, rather than pure malice by the app designers. The app is called "WiFi Finder - connect ... to hotspots" and is listed on the Google Play store as having more than 100,000 downloads. In theory the app is part of a project to make using WiFi on the move more convenient. It's designed to be a massive database to which users can add public WiFi networks and the relevant passwords. For example, visitors to a coffee store could add the ... (view more)

Tue
23
Apr
John Lister's picture

Hugely Popular Android Apps Exposed As Scam

Six very opular Android apps have been exposed as scams to defraud advertisers. The scam also drained batteries and sucked up mobile data on the handsets. The six apps are AIO Flashlight, Omni Cleaner, RAM Master, Selfie Camera, Smart Cooler and ... Total Cleaner. All were in the official Google Play store but have been removed since their real purpose came to life. The revelation came after three security companies - Check Point, ESET and Method Media Intelligence - worked with news site Buzzfeed to investigate risky apps. They concentrated on apps which were widely used and required permissions ... (view more)

Thu
18
Apr
John Lister's picture

MS Office Now Top Target for Hackers: Report

Hackers are now far more likely to target Microsoft Office than web browsers according to a security firm. Kaspersky Labs says the big problem is that fixing some of the most common MS Office flaws would cause serious compatibility problems. The ... figures are based on the number of users affected, rather than the sheer volume of attacks. That's arguably more informative as it doesn't treat all attacks as equally significant. Kaspersky compared the last three months of 2018 with the same period in 2016 and found a dramatic difference in just two years. Browsers and Flash Less of a Problem In the ... (view more)

Wed
17
Apr
John Lister's picture

Ad Blockers Could Be Hijacked

A feature used in several ad blocker tools could be used to "booby trap" websites according to a security researchers. It appears to be a low but credible risk. The problem is all to do with the way many ad blockers work. In simple terms, they ... maintain a blacklist of URLs that host ads and other unwanted material. Whenever a website tries to load an ad from an URL on the list, it's blocked from doing so. Since last summer some ad blockers, including Adblock Plus, added support for a feature called "$rewrite." With this feature, the ad blocker won't just block the unwanted URL from ... (view more)

Tue
16
Apr
John Lister's picture

Internet Explorer Bug Affects All Windows Users

A security researcher says an Internet Explorer flaw could affect people who don't even use the outdated browser. It's a reminder of the dangers of opening unexpected email attachments. John Page has published details of the bug which affects ... version 11 of Internet Explorer (the latest) on both Windows 7, 8 and 10. The bug involves a file format called MHT. It's a format that's not used much these days but used to be common back when Internet Explorer was king. It's used to download an entire web page (including images and other media) into a single file. It's not needed today as browsers can ... (view more)

Thu
11
Apr
John Lister's picture

Website Sign-Ups Hijacked by Email Spammers

Scammers have found a creative way to bypass spam filters, effectively tricking legitimate sites into sending the message on their behalf. It's a reminder that human skepticism is always a key part of cyber security. The new scam was spotted by Sam ... Cook of Comparitech who spotted something amiss in an email from the British Newspaper "Archive," - a perfectly legitimate organization. The scam email asked him to confirm his email address for registering an account with the site. The problem there was that Cook hadn't attempted to register. In fact, this was the first time he ever ... (view more)

Thu
04
Apr
John Lister's picture

Facebook Asks New Users for Password to Email Account

Facebook has asked some new users to provide passwords for their email accounts. It's provoked fury among critics who say it goes against basic rules of online security. Often when a user signs up for an online service they provide an email address ... as a form of identification. The service will normally check the address is genuine by sending a code or a link in an email to the address, thus proving the user does indeed "own" that address. However, some people signing up to Facebook have instead been seeing a screen that offers to confirm the email address automatically. The screen includes a ... (view more)

Wed
03
Apr
John Lister's picture

Microsoft adds 'Tamper Protection' to Windows Defender

Microsoft will add a "tamper protection" feature to the built in antivirus tools in an upcoming Windows 10 update. It's designed to stop malware from switching off key security features in Microsoft Defender. Initially the changes will be available ... for Microsoft Defender Advanced Threat Protection, which is a subscription service for businesses. However, Microsoft appears to have revealed it will later become available to home users of Windows 10. (Source: zdnet.com ) The idea is to prevent rogue apps from disabling some of the weapons in the Microsoft Defender arsenal, in turn making it far ... (view more)

Wed
27
Mar
John Lister's picture

Apple Devices Need 51 Important Security Updates

Apple has released a patch for mobile devices which covers 51 security flaws. It's sparked debate over Apple's security levels and the way it issues such updates. The patch is for iOS, taking it up to version 12.2. Apple doesn't issue standalone ... security updates. Instead, it builds it into the main update for the system, which also includes new features or bug fixes. (Source: apple.com ) The most notable fix is a bug in an API (application program interface), which lets third party software interact with Apple services. In this case, the API bug could allow malware to access an iPhone, iPad ... (view more)

Mon
25
Mar
John Lister's picture

ASUS Automatic Updates Compromised by Hackers

PC and laptop manufacturer ASUS unwittingly installed malware on its customers' laptops, according to a cyber security company. The malware went out to around a million people, yet appears to have been a highly targeted attack. The claims come from ... Kaspersky Lab, with rival firm Symantec confirming it has found similar evidence of the attack. At the time of writing, ASUS has yet to comment publicly on the claims. (Source: kaspersky.com ) According to Kaspersky Lab, the hackers took advantage of ASUS Live Update Utility. That's a tool by which ASUS automatically updates software on laptops, ... (view more)

Pages

Subscribe to RSS - Security