Security

Microsoft has stepped back from what some saw as a threat of legal action against a researcher who published details of several security flaws. The researcher claimed Microsoft had humiliated him when he previously reported bugs. The dispute is the latest example of tensions over what Microsoft used to call responsible disclosure: the idea that researchers should not make bugs public until it has had a chance to prepare and distribute a fix. Microsoft had dropped that term many years ago in favor of "coordinated vulnerability disclosure." The change in wording was designed to remove the ...view more

A Chrome update should make it harder for hackers to bypass two-factor authentication. It only works on machines with a hardware security feature that will be familiar to anyone who has struggled with a Windows 11 upgrade. Two-factor authentication is the idea that a user needs two different types of identification to log in to a device or account. Commonly this involves a password and then either biometric identification (such as a fingerprint or face scan) using a specific device such as a smartphone, or being in a particular location. It's often a way to limit the risk posed if somebody ...view more

Experts are divided about whether selfie photographs could threaten fingerprint security. The most plausible explanation is that it's theoretically possible but doesn't pose a meaningful threat to the average user. The theory is simple: today's phone cameras have a high enough resolution that an image which has a close enough view of fingerprints could give enough detail for an "AI-assisted" tool to reconstruct the full biometric details. In turn, that could mean attackers overcoming fingerprint security. It appears the idea took hold on a Chinese social media post which noted that the trend ...view more

Microsoft Defender is supposed to protect Windows users from malware, but two newly patched zero-day flaws show how security software itself can become part of the attack surface. The warning affects Windows users and administrators who rely on Microsoft Defender as their first line of defense against viruses, spyware, ransomware, and other malware. Defender is built into Windows and usually updates automatically, which makes it easy to assume that it is always protecting the system in the background. Microsoft has now patched two Defender vulnerabilities that were reportedly being exploited ...view more

Microsoft is removing SMS codes because they are increasingly abused by scammers, but the change could create new problems for users who rely on text messages as their only recovery option. The move to phase out SMS text message codes for personal Microsoft accounts affects anyone who uses SMS for sign-in verification and account recovery, not just ordinary two-factor prompts. Instead, Microsoft is pushing users toward passkeys, authenticator apps, and verified email. Microsoft says SMS authentication has become a major fraud source, which is not surprising. Phone numbers can be hijacked ...view more

Microsoft says it disrupted a cybercrime operation known as Fox Tempest, a financially motivated group accused of running a malware-signing-as-a-service operation. In plain English, Fox Tempest allegedly helped cybercriminals make malicious programs look like trusted software by abusing Microsoft's code-signing infrastructure. The service reportedly generated short-lived, fraudulent security certificates that were used to sign otherwise legitimate looking software turned into malware, including ransomware and information stealers. Microsoft says it revoked more than 1,000 certificates ...view more

The Federal Communications Commission (FCC) has effectively banned imports of WiFi routers made outside of the United States. The move may eventually severely restrict the options for US buyers looking for an upgrade. The ban involves adding all routers manufactured outside the US (including those designed by US companies) to a list of restricted items. It says the move was necessary because such devices are an "unacceptable risk to the national security of the United States or the security and safety of United States persons." (Source: lifehacker.com ) That follows a series of cyber-attacks ...view more

Google says it blocked more than 1.75 million apps from being added to the Play Store last year over policy violations. It also says 80,000 developer accounts were banned from using the service. It didn't say whether this represented an increase either in the number of rogue apps submitted to the store, or in the proportion of all apps which failed the checks. That means it's not clear if it's a case of doing a better job of spotting rogue apps, or simply having more malicious submissions to deal with. Another piece of key info missing from its report was how many apps were removed from the ...view more

Microsoft has announced a significant security update for Windows 11, introducing new controls that mirror the permission systems on modern smartphones. The changes are designed to make the operating system "secure by default" by giving users more direct control over how applications access data and system resources. This change aims to address long-standing issues where applications can override system settings or install unwanted software without clear user approval. The new framework is built on two core components: "Windows Baseline Security Mode" and "User Transparency and Consent." A ' ...view more

If you use Notepad++ on your PC - especially on a work machine - this is one of those updates you should not postpone. Notepad++ is a free, open source text editor for Windows that is widely used for both basic text work and software / IT tasks. People rely on it for features like tabs, syntax highlighting, search and replace across files, and editing configuration files or logs, among other things. Its footprint in technical environments makes it a high value target for attackers who want a quiet foothold. Why You need to Update Notepad++ If you use the standard installer version of Notepad ...view more