Security

Fri
24
Nov
John Lister's picture

Windows Bugs Could Be Much More Serious

A key security feature in Windows doesn't work as planned. It's not a vulnerability in itself, but means that hackers who find bugs in software are much more likely to be able to do damage. The problem is with Address Space Layout Randomization ... (ASLR). It deals with the way a computer organizes different programs in memory. As an analogy, it's like organizing vehicles of different sizes and makes in a parking lot. Most operating systems support ASLR, which means that when a program starts up and needs to use the computer's memory, it's assigned a random location. In the analogy, think of cars ... (view more)

Wed
22
Nov
John Lister's picture

Website User Tracking 'A Major Security Risk'

More than 400 leading websites could be compromising user security by collecting everything the user types - whether or not the user is aware. A Princeton University study also found the collected information was not always adequately protected and ... anonymized. The problem highlighted by the study was the use of third-party tools that website owners can use to find out more about how people navigate their site. These tools often track precisely where the user moves a mouse cursor along with information they type in, even if they then delete it. In principle these "session replay" tools can be ... (view more)

Tue
07
Nov
John Lister's picture

Bogus 'WhatsApp' Chat Client Downloaded 1 Million Times

Scammers used a computer code loophole to trick more than a million people into downloading a rogue Android app. The fake variant of WhatsApp appears to have been designed to distribute ads. The bogus app took advantage of the popularity of the ... genuine WhatsApp Messenger, which has been downloaded more than 60 million times on Google Play alone. It's a tool for exchanging messages with friends or groups over the Internet rather than eating into SMS text message allowances. Extra Space Went Unseen "Update What's App Messenger" was one of numerous bogus apps that tried to mislead users with ... (view more)

Tue
17
Oct
John Lister's picture

New Wi-Fi Crack can Intercept Your Data: What You Need to Know

One of the key security protections in WiFi has a serious vulnerability, a researcher has revealed. The exploit has to do with the protocol "WPA2" - currently considered the most secure protocol commonly used on WiFi routers and hotspots. Here's ... what you need to know about the WPA2 exploit. What's the problem and what does it affect? Security researcher Mathy Vanhoef has published a demonstration for what he's called "KRACKs," short for key reinstallation attacks. That's a way of exploiting a weakness in WPA2 (WiFi Protected Access II), the security system that is most ... (view more)

Thu
12
Oct
John Lister's picture

T-Mobile Bug Revealed Email Address, Name, and More

T-Mobile has fixed a bug that let hackers get sensitive personal data just by using a phone number. In theory, it could have been possible to collect details on all the company's customers, though T-Mobile denies this. The problem was discovered by ... Karan Saini, a security researcher who discussed the problem with the Motherboard Vice website. The site then approached T-Mobile about the problem. It said "we were alerted to an issue that we investigated and fully resolved in less than 24 hours. There is no indication that it was shared more broadly." (Source: vice.com ) The bug had to do with T ... (view more)

Wed
11
Oct
John Lister's picture

Bogus 'Adblock Plus' Opens More Ads

Users of a popular ad-blocking tool have been warned to watch out for a bogus version of the tool. One copy of the fake Adblock Plus was downloaded 37,000 times before being removed from the Google Chrome store. The legitimate version of Adblock ... Plus is one of the most popular tools available as a Chrome extension: a third-party tool that can be added directly to the browser itself. The makers claim that more than a hundred million devices are actively using the tool. The bogus version is particularly ironic, though not in a way that victims would appreciate: rather than block ads, it ... (view more)

Thu
05
Oct
John Lister's picture

Yahoo Admits: All 3 Billion Email Addresses Hacked

Yahoo has admitted that a hacking incident in 2013 affected three billion user accounts. That's three times more than it originally disclosed and means every account was affected. The incident was one of two Yahoo hacks revealed last year. The ... first, announced in September, involved 500,000 accounts being hacked in 2014 . The second, announced in December, was said to have involved a hack of a billion accounts in 2013 . It's the 2013 attack that Yahoo now says it believes "all Yahoo user accounts were affected." It's keen to stress that it only recently discovered that the number was bigger ... (view more)

Thu
28
Sep
John Lister's picture

New Internet Explorer Security Bug Exposes Search

A newly discovered Internet Explorer bug means rogue websites can track the next site a user visits, or even the next search the user makes. While it's not necessarily devastating in itself, the researcher who found the bug says it is a sign ... Microsoft isn't paying enough attention to its old browser. The bug means that a 'rogue' web page could access the content of whatever the user types in to the Internet Explorer address bar as soon as they press the Enter key. This would normally be another website address, but the way Internet Explorer works means it could also be a search term. Security ... (view more)

Tue
19
Sep
John Lister's picture

CCleaner Compromised by Hackers - Update Immediately

Users of the popular CCleaner optimization software have been urged to immediately update the program. The software was recently compromised by hackers for almost a month, though it does not yet appear they did any damage. The warning to update is ... particularly important because CCleaner doesn't automatically update - though it does tell users when a new version is ready. The compromised versions were the 32-bit editions of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 . User who currently have these versions should uninstall them immediately, then get the latest copy from the website of ... (view more)

Wed
13
Sep
John Lister's picture

Billions of Bluetooth Devices at Risk of Malware Infection

The majority of Bluetooth devices could be vulnerable to a malware attack. The attack, dubbed BlueBorne, can reportedly spread to devices without needing any action from the victim. The attack takes advantage of a bug in the Bluetooth technology ... itself rather than a specific operating system. At one point this summer an estimated 5.3 billion devices were at risk, running Windows, Android or Linux, as well as Apple devices running systems before the current iOS 10. Fixing the problem will require patches for specific devices and operating systems. Microsoft has patched the issue already, ... (view more)

Pages

Subscribe to RSS - Security