Security

A leak of around 26 billion user records has been labeled "the mother of all breaches." It's a major reminder of the downsides of reusing the same passwords on multiple sites. The collection of records is not a single stolen database. Instead, it ... appears to be a massive compilation of databases that have either been leaked before or sold on the black market. The database was spotted online by security researchers, likely a sign that whoever compiled it screwed up somewhere by mistakenly making it accessible. The researchers noted the database was extremely well indexed and organized. The ... (view more)

DNA and ancestry site 23andMe has told victims of a major hack that it's their fault for not using unique passwords. The claim came in a letter aimed deterring victims from proceeding with a class action case. The site admitted last month that ... almost 7 million customers have been affected by a data breach. Hackers directly accessed personal data including DNA information of about 14,000 people. However, they were able to get some personal data of another 6.9 million people that enabled a feature to share information with potential relatives. Unsurprisingly, this led to legal action from ... (view more)

Apple is beefing up security measures to reduce the damage caused by iPhone thefts. The new "Stolen Device Protection" feature is opt-in, possibly because it comes at the expense of convenience. The feature is designed for cases when somebody steals ... a device and successfully enters the passcode. That could happen when a thief spots somebody typing in the passcode before they steal the handset. It could also happen if the thief knows some details about the victim and they have a predictable passcode such as a birth date. Anyone who unlocks a phone will still be able to use it and access apps ... (view more)

Tougher rules mean digital device and software manufacturers will have to report security breaches more quickly. They'll also have to offer security patches for at least five years. The rules come from the European Union. They technically only cover ... products sold in EU member countries, though in many such cases manufacturers change their behavior worldwide to comply with the rules. The financial penalties for breaking the rules take into account global turnover. The rules, which will become the Cyber Resilience Act, cover "products with digital elements." These include smart and connected ... (view more)

Mac users have been warned to watch out for bogus updates to the Safari and Chrome browsers. It's a scam to spread data-stealing malware. The AMOS malware, also called Atomic Stealer, is particularly nasty as it targets data stored or transmitted by ... web browsers. This includes login details, passwords, and credit card numbers. It also looks for cryptocurrency wallets, which give access to Bitcoin and other cryptocurrencies that can be stolen and turned into cash. (Source: malwarebytes.com ) The malware has been around since the spring when the scammers targeted people searching for popular ... (view more)

Around one in a million computer encryption keys are faulty and could be compromised according to researchers. While it sounds like an obscure issue, it could be exploited by security agencies at both friendly and hostile governments. The problem is ... with the RSA encryption that's widely used for online security. It works by users having two security keys (lengthy codes), one public and one private. The public key is used for encrypting data, while the private key is needed to decrypt it. The system also allows users to "sign" encrypted messages so that recipients know the supposed sender is ... (view more)

One of the world's largest libraries has been hit by a major ransomware attack. It's an example of an increasingly common "double-dip" attack. The attackers have not simply encrypted the British Library's files until they receive a payment, which is ... the usual core ransomware goal. Instead, they are threatening to auction off sensitive employee data seized in the attack. The library has an estimated collection of up to 200 million items, including a copy of every book published in the United Kingdom. It's also a key research facility for historians. Among other systems, the library has an ... (view more)

It's no secret that advertisers and other groups buy and sell data about people's Internet use. But a new report says the information is far more detailed and specific than realized. The Irish Council for Civil Liberties (ICCL) says it's much easier ... than people realized to identify specific individuals, in some cases threatening national security. The data isn't hacked or stolen, but rather made available to people bidding for online advertising slots and trying to reach a particular auction. The basics of how this work are well known. Legitimate online businesses track users online but don't ... (view more)

Most popular mobile apps request system permissions that aren't necessary for their stated functions, according to a new study. In some cases, an app requested more unnecessary functions than necessary ones. The figures come from NordVPN, which ... examined the five most popular apps in 18 common categories. They repeated the exercise for both Android and iOS, making a combined total of 103 different apps. (Source: nordvpn.com ) Both mobile operating systems now use a permissions system that means apps must request specific permission for different types of access to a phone's data and components ... (view more)

The average ransomware attack now takes less than a day from first breaching a system. It's the first time average attacks can be measured in hours, though ironically it may be a sign of better defenses. The figures comes from researchers at ... Secureworks, who analyze ransomware attacks. They measure dwell time, which is the period between an attacker first gaining access to a system and deploying the ransomware. That's malware which encrypts files, letting the attackers demand a fee to restore access. The average dwell time being under a day is a dramatic development as last year the average ... (view more)