Security

Wed
11
Sep
John Lister's picture

Android to Tackle Data Harvesting Scam Apps

A key change to Android could reduce the risk of scammers stealing personal data or money. The update will mean sensitive apps won't open unless potentially risky apps are closed first. The idea is to tackle rogue apps which are designed to either ... capture personal data from another app, or to take control of the phone unbeknownst to the owner. Developer Choice Google's new tactic aims to find a balance between restricting the activities of such rogue apps and keeping the freedom of users to choose what apps they install, including those from sources other than the official Play Store. The ... (view more)

Wed
28
Aug
John Lister's picture

Ransomware Turns to Triple Threat

A notorious ransomware group has engaged in a "triple threat" attack. As well as locking files and threatening to expose data, the Qilin group has been spotted trying to steal saved passwords from Chrome. The Qilin group appears to have been ... operating for at least two years but came to wider attention in 2022 when it attacked British hospitals. The group's origins and membership aren't known for certain, but it has communicated in Russian. As is becoming more common, Qilin doesn't simply restrict itself to encrypting files and systems and then demanding a ransom payment to restore access. It ... (view more)

Mon
26
Aug
John Lister's picture

Banking Scam Bypasses iOS, Android App Store Vetting

A useful web feature could be a serious phishing risk according to security researchers. They say scammers are using "progressive web apps" to bypass Android and iOS security features. In simple terms, a progressive web app is a mix of a website and ... a standalone application. It's technically a website and uses web technologies, allowing for instant updates. However, it looks and feels more like a standalone app and can often access more of a device's resources than a web browser. Security firm ESET says scammers are using progressive web apps as a way to overcome a major limitation in scams ... (view more)

Fri
23
Aug
John Lister's picture

Google Warns of 2G SMS Scam

Google has warned Android users to disable 2G connectivity. It says scammers are taking advantage of the outdated tech to send phishing messages and other spam that gets past all filters. 2G cellphone service was commonplace in the 1990s before ... being followed by 3G in the 2000s. 2G was the beginning of digital mobile phone connections and allowed for SMS text messaging, though it wasn't fast enough to support reliable mobile Internet services. While most US carriers have disabled their 2G networks, many handsets still support it. It can be useful as a last resort in places with either limited ... (view more)

Thu
22
Aug
John Lister's picture

Chrome Sharing Could Blur Sensitive Info

Chrome on Android may soon automatically blur out sensitive data when screen sharing or recording. It's a potentially useful feature that brings some big questions. The feature was spotted as an optional "flag" in Chrome Canary, which means it's at ... the very earliest stage of public testing. Canary is a version of Chrome for people happy to be the first to try new features or update, the name referring to the literal "canary in the mine" whose death would warn miners of a problem such as a gas leak. Making a flag means it's not enabled by default even in Canary. That means it's very possible ... (view more)

Wed
14
Aug
John Lister's picture

Android Malware Hidden For Years

Five rogue Android apps remained in the Google Play store for more than two years. They hosted notorious malware called Mandrake that was hidden through some creative means. According to SecureList, the apps were titled AirFS, Amber, Astro Explorer, ... Brain Matrix and CryptoPulsing. The good news is that the apps had hardly any downloads, one of the reasons they attracted little attention. The real concern is whether malware distributors are using the same tactics with other apps. (Source: securelist.com ) Mandrake has been known about since 2020, though appears to have been in circulation ... (view more)

Tue
23
Jul
John Lister's picture

10 Billion Password Leak Not What It Seems

Reports that hackers have got their hands on 10 billion passwords have been slightly overblown. The file includes passwords up to 20 years old and many may never have been used at all. The "leak" involves an online post of a text file dubbed ... "RockYou 2024" which is said to contain 9,948,575,739 unique passwords, all stored in plain text. It appears to be an update from a similar file published in 2021, with "only" 1.5 billion of the passwords added since that time. Cybernews estimates it contains passwords compiled from around 4,000 databases over the past 20 years. (Source: cybernews.com ) ... (view more)

Fri
19
Jul
John Lister's picture

Company Promises to Patch Win10 After End of Life

Microsoft has competition in the market for extending Windows 10 after its scheduled end of life. An independent company is promising simple-to-use security updates - with a cost. Officially, Microsoft will stop issuing free security updates for ... Windows 10 after October 14, 2025, just over 10 years after the system was released. That's not got a great reaction given Microsoft heavily implied there would be no new version after 10, and that it has arguably made Windows 11 an unnecessarily difficult upgrade through new hardware security requirements. If all goes to plan, anyone wanting to keep ... (view more)

Thu
18
Jul
John Lister's picture

Microsoft Says Customer Affected By Email Hack

Microsoft says Russian hackers accessed its customers' emails during an attack earlier this year. It had previously only said Microsoft's own staff were victims. The company has not yet said how many customers are affected but says it has contacted ... them with details of the attack. Microsoft was breached by a group called Midnight Blizzard, believed to operate from Russia. The government there has not commented on the claims. The new revelations follow a Microsoft announcement in January that a small proportion of its corporate email accounts had been accessed by Midnight Blizzard. The attacks ... (view more)

Mon
08
Jul
John Lister's picture

Scammers Could Send Emails 'From Microsoft'

A particularly embarrassing bug makes it easy to send emails that appear to be from Microsoft employees. It's bad news for the public as it could make phishing scams appear more credible. The good news is that it only works if the recipient is using ... Outlook, though "good" is a comparative term because there are over 400 million Outlook users worldwide. (Source: cyberdaily.au ) Users Asked to Remain Vigilant Exactly how the bug works and where its found still isn't known, as the security researcher says they do not want to give details that could help potential attackers exploit the bug on a ... (view more)

Pages

Subscribe to RSS - Security