Security

Microsoft has described three Windows security fixes as an "essential" install even among users who normally take their time or pick and choose updates. It's one of 56 fixes in the latest monthly security update sometimes dubbed Patch Tuesday. Two ... of the fixes are rated "Critical" and the other "Important". Those ratings are based on a combination of how likely the flaw is to be exploited and how serious the resulting damage could be. Remote Code Execution Risk The two critical fixes (codenamed CVE-2021-24074 and CVE-2021-24094) both create a risk of remote code execution. That's arguably the ... (view more)

A hacker tried to poison a city's water supply using software designed to remotely control computers. Officials in Oldsmar, Florida say that even if the attack hadn't been spotted, it would have been unsuccessful. The attacker struck a system that ... treats the water supplied to around 15,000 people. Last Friday, they gained access to a control computer for around three to five minutes through TeamViewer, which appears to have been in place to allow remote work. (Source: independent.co.uk ) 100-Fold Lye Increase The computer controlled the levels of some chemicals in the water including ... (view more)

Apple is to let iPhone owners unlock their phone using Face ID even while wearing a face mask. But the setting is only available to people who also use an Apple watch. Facial recognition is now the primary way to unlock an iPhone rather than use a ... fingerprint or typing in a code. That's proven problematic in a time when people are increasingly wearing face masks in public places as a measure to reduce the risk of transmitting diseases. Unlocked Watch Allows Masked Match It was technically possible for Apple's system, Face ID, to "recognize a face" using a combination of the exposed top half ... (view more)

Ransomware infections used to be about forcing victims to pay to regain access to their files. Now it appears more and more scammers are treating it as an exercise in blackmail. A new cybersecurity report says 18 known ransomware gangs have switched ... their focus to threatening to publish stolen data unless the victim pays up. That's led to some businesses paying the ransom even though they had access to backups in order to restore their files. Traditionally ransomware has been about file encryptions. Scammers get access to a victim's computer or network through malware, then the infection " ... (view more)

A consumer group has warned a time limit on updates could mean phones become a security risk before they wear out. The group wants laws to make it clearer how long devices will receive support. The warning comes from Which?, a British organization ... similar to Consumer Reports in the US. It surveyed 15,000 people about how long they kept their phones. The questions covered how long people had been using their current phone, whether it was newly manufactured when they got it, and how long they had used their previous handset. The calculations only took account of handsets that were replaced ... (view more)

Millennials are much more likely to be scammed out of money online or over the phone than retirees according to FTC figures. However, an elderly victim is likely to lose a much bigger sum. The figures come from analysis of Federal Trade Commission ... (FTC) data by Atlas VPN. They found that in almost every age group, more people have been scammed so far this year than in the same period last year, but the average loss is lower. That could simply be scammers making smaller demands because they know many people have less disposable cash this year. (Source: atlasvpn.com ) Elderly Targeted By Phone ... (view more)

If you use Microsoft Teams, watch out for bogus advertisements offering an "update". It's a scam designed to install malware that tries to steal personal data. The group chat and video conferencing tool has understandably become more popular this ... year with the increase in remote desktop connections to workplaces. That's attracted the attention of scammers who have put together a creative strategy to steal data. It's important to note that the attack doesn't aim to exploit any vulnerability in Teams itself. Instead, it's simply aimed at people using it, particularly those who have only started ... (view more)

Zoom is to completely encrypt video calls at all times for most users. It will mean neither Zoom itself nor law enforcement agents or security services can access the content of calls. At the moment, Zoom encrypts the data that flows between ... individual participants on a call. However, it's Zoom's own servers which generate the encryption key issued to each participant. That means it's technically possible for Zoom to decrypt calls. While Zoom insists it's never had any intention of doing so, it does leave it open to pressure or legal threats from law enforcement officials to get access to ... (view more)

Two ad-blocking Chrome extensions have been removed from distribution after they were altered to collect user data. People who've already installed Nano Adblocker and Nano Defender should now remove the tools. Instructions for removal are near the ... end of the article. Both Nano Adblocker and Nano Defender started out as legitimate extensions which users could integrate into the Chrome browser to block ads. They had a combined total of 250,000 downloads, and ironically that success seems to be what ended up causing the problems. New Owners Manipulate Extension The original developer sold the ... (view more)

Microsoft says it has disrupted "one of the world's most persistent malware operations." The action against "Trickbot" reportedly involved working with the US military. Trickbot is a botnet , created by infecting computers with malware then ... hijacking and combining their resources for further malicious activity. The operators largely built it using bogus emails that tricked users into opening a file attachment or clicking a link that downloaded and installed malware. The uses of Trickbot have included stealing login details such as online banking credentials; accessing sensitive data; and ... (view more)