Security

Tue
10
May
John Lister's picture

Phone Manufacturers, Carriers Under Security Probe

Two government agencies are investigating the way smartphone manufacturers and wireless carriers issue security updates for devices. They say they are particularly worried about older devices being left unpatched. It's a rare joint probe by both the ... Federal Communications Commission (FCC) and the Federal Trade Commission (FTC). While the FCC usually handles issues relating to the Internet and smartphones, the FTC usually only gets involved in cases of misleading advertising or unfair contracts. That may suggest officials are exploring whether companies have overstated the security their ... (view more)

Thu
05
May
John Lister's picture

Hacker Gives Away 272 Million Stolen Accounts for $1

Stolen usernames and passwords from Yahoo, Google and Microsoft's webmail services are reportedly being traded by Russian criminals. They are said to be among a batch of 272.3 million accounts, though most are from a popular Russian service. The ... trade has been revealed by Hold Security in a discussion with Reuters. Hold's founder says his staff uncovered the batch when trawling an online forum used by hackers. The person who provided the information claimed he had a total of 1.17 billion records, but agreed to hand over a portion of them. It seems that while many criminals buy and ... (view more)

Thu
28
Apr
John Lister's picture

Hackers Weaponize Obscure Windows Feature

Microsoft has detailed the intricate and carefully crafted attack techniques of a longstanding group of online spies. They include taking advantage of a now-retired Windows feature for easier updates. Thankfully for home users, the attacks from the ... group Microsoft dubs "Platinum" have been highly targeted at government, defense, communications and intelligence agencies and organizations. That's promoted speculation a government may be behind the attacks. The details come in a report by Microsoft's Windows Defender Advanced Threat Hunting. It notes that while some attacks are ... (view more)

Tue
12
Apr
John Lister's picture

Researchers Claim to Unlock Ransomware Encryption

One of the nastiest ransomware variants may have been defeated. Two security researchers have reportedly figured out a way to recover access to an encrypted computer without paying an extortion fee. Most forms of ransomware involve infecting a ... victim's computer and then individually encrypts files. That leaves the victim able to run Windows, but unable to access any of their data. The Petya variant is more dangerous as it encrypts the hard drive's master file table. That's a database which has the details of every files on a computer, including those for Windows itself. If the master ... (view more)

Thu
07
Apr
John Lister's picture

New Bogus Invoice Emails Could Lead to Ransomware Attack

The people behind phishing emails appear to be getting more sophisticated. Reports from both sides of the Atlantic say such emails are including more personal details, something that was previously used only for high value target. Phishing emails ... are a way to try to trick people into either providing confidential information such as bank details or online passwords, or by clicking on links that install malware, usually through security weaknesses in web browsers or office software. More and more phishing attacks now involve trying to install ransomware that locks up a computer until the ... (view more)

Wed
30
Mar
John Lister's picture

Ransomware Takes Nasty New Twist

The FBI has asked businesses for urgent help dealing with a new form of ransomware. The attack is designed to compromise an entire network, rather than just a single computer. Ransomware is a form of malware that damages a computer in a way that's ... usually reversible - but only by the malware creators. Commonly it involves encrypting files or even an entire hard drive so that they can't be accessed without a key, which is only provided when the victim hands over a fee. Last month the FBI put out a warning of a form of ransomware dubbed MSIL/Samas.A. It targets a security vulnerability ... (view more)

Thu
24
Mar
John Lister's picture

FBI May Unlock iPhone Without Apple's Help

The FBI says it may be able to unlock the San Bernadino shooter's phone without Apple's help. But it's refusing to reveal details of its apparent solution. Apple recently refused to comply with an order to assist law enforcement officials with ... unlocking the phone, leading to a planned courtroom hearing this week. The FBI then asked for the case to be put on hold until next month, saying it wanted to investigate a method it discovered this past weekend that may make Apple's help irrelevant. The argument isn't about decrypting the data on the phone, something that's ... (view more)

Wed
23
Mar
John Lister's picture

Email Security Likely to Get Boost

Some of the biggest tech firms have joined together to call for new standards that could make emails more secure. The proposals have gone to the Internet Engineering Task Force, which develops voluntary but widely used technical standards for the ... Internet. These days around 30 percent of Internet traffic from North American users is encrypted, meaning that if somebody intercepts it on route, they'll struggle to be able to read it. That figure is expected to jump to 60 percent this year, though that's largely a quirk caused by a change in policy by Netflix. In any case, it's now ... (view more)

Thu
03
Mar
John Lister's picture

New 'Drown' Bug: Millions of Secure Sites Could be at Risk

An estimated 11 million secure websites could be vulnerable to hackers exploiting a security bug. Amazingly, the bug has to do with technology that is over 20 years old. There's little, if anything website visitors can do as the bug needs fixing by ... site operators. However, it is possible to check if a site appears to be vulnerable. The bug has been dubbed Drown, a name rather tenuously derived from "Decrypting the RSA algorithm with Obsolete and Weakened eNcryption." Researchers who uncovered the bug aren't publishing the precise details. At the moment it's not known if ... (view more)

Thu
25
Feb
John Lister's picture

FTC Cracks Down on Poor Router Security

ASUS has agreed to government supervision for 20 years after exaggerating the security of its routers. Officials say the company put hundreds of thousands of computers at risk. The company has agreed to a settlement in response to Federal Trade ... Commission (FTC) charges. The alleged breach of rules wasn't in the security flaws themselves, but rather that ASUS continuing to market the routers as "safe" was misleading to customers. Among ASUS's bold claims was that its routers could "protect computers from any unauthorized access, hacking, and virus attacks." This ... (view more)

Pages

Subscribe to RSS - Security