Security

Password manager LastPass has suffered an embarrassing security glitch that reveals a user's last used password, though some security experts argue that pulling off the exploit would have been difficult at best. The purpose of LastPass is to solve ... the problem of people having too many passwords to remember, but not wanting to reuse passwords across multiple sites. Once somebody signs up to LastPass, they create a single master password which is completely secret. Even LastPass itself doesn't store this password, so if a user forgets it, they are out of luck. The master password then stores ... (view more)

Nearly half a million users have been infected with "The Joker" malware through the Google Play store. The malware is particularly nasty and works by signing users up to premium services without their knowledge. The malware, spotted by researcher ... Aleksejs Kuprins, was found in 24 apps with a combined 472,000 downloads - though more apps may be found later. As of this writing, the 24 known apps have been removed from the Google Play store. (Source: techradar.com ) Infected Apps Need to be Removed If you have any of the following apps installed on your phone, they should be removed ... (view more)

Mozilla is to make an important change to Firefox browser security. It could reduce risks for users, but has raised concerns among governments and Internet Service Providers (ISPs), as it could limit their tools for filtering and monitoring online ... activity. The change has to do with a feature called DNS-over-HTTPS (DoH), and will first affect users in the US. It's already possible to enable DoH in Chrome, but it takes some technical know-how because the feature currently isn't widely used. DoH is all to do with the DNS (Domain Name System), which is effectively the phone book of the Internet ... (view more)

Google has released a security update fixing a major flaw in the Chrome browser. While Chrome normally updates automatically, it's a serious enough problem that it's worth manually checking for updates to the browser in order to be certain. The bug ... was highlighted by the Center for Internet Security, a non-profit organization that crowd sources security problems and fixes. It says the flaw could be exploited simply by the user visiting a compromised web page. It says that: "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the ... (view more)

Google Calendar users have been hit by a spate of spam "events" that are nothing more than dubious web links. Users have several ways to stop the problem, but with some drawbacks. The problem involves mysterious entries appearing in Google Calendar, ... sometimes seeming to have been added by friends. Speaking from experience, I had several entries appear for an "event" which was supposedly a time-limited offer to pick up a free iPhone, along with a link to confirm I wanted to take advantage. Although I did not click on the link, it's a safe bet it would not have taken me to the Apple store. ... (view more)

Chrome may soon warn users if their passwords have been compromised. It works by checking inputted passwords against those exposed in public data breaches. The feature is already available for Chrome from an official Google extension known as ... Password Checkup, but users need to actively install this extension to use it. Web browser Mozilla Firefox already has a similar feature built-in. Now a similar feature named "password leak detection" has been spotted in the code of Chrome Canary. That's a version of Chrome that includes test features planned for release in the main Chrome edition in a ... (view more)

Users of both Apple devices and the VLC media player should watch out for potentially serious security bugs. The former is a particular embarrassment for Apple. It turns out the company fixed a security bug in iOS 12.3 in April, then accidentally ... removed the fix in iOS 12.4, which it released last month. It now plans to fix it imminently in an emergency update to be titled iOS 12.4.1. The bug is very serious as it potentially allows a rogue app to "execute arbitrary code with system privileges." That effectively means malware could have complete control over an iOS device, something that's ... (view more)

Researchers say there's a risk that microphones and motion sensors in smartphones could make it possible to figure out information being typed on nearby keyboards. But media headlines that "hackers can work out your password" are a significant ... stretch. The research comes from the Darwin Deason Institute for Cyber Security at Southern Methodist University, based in Texas. It stemmed from the thought that smartphones could pick up sound in two ways: not just the sound waves in the air through the microphone, but vibrations such as on a table collected through the motion sensors in the phone. ... (view more)

More than one million fingerprints were exposed online for at least a week, according to security researchers. The company responsible for the data says it will take immediate action if there's a security threat. The data is held by Suprema, which ... operates a biometric lock system called Biostar 2. It lets building owners restrict access by fingerprint or facial recognition, rather than relying on measures such as physical keys or pass codes. The Guardian newspaper reports that Biostar 2 is used in a wider system that has 5,700 customers accessing 1.5 million locations across 83 countries. ... (view more)

Apple is offering a million dollar bounty to anyone who can successfully hack an iPhone and shares the details. But its limited to specific circumstances that will mean the payout is well worth it for the company. Like several tech giants, Apple ... already had a reward scheme for people who find and report bugs. To date the biggest bounty Apple has offered is $200,000 and only to people who have previously been approved to explore Apple bugs. The million dollar bounty is officially open to anyone. The new offer was made at the Black Hat convention in Las Vegas, the leading annual gathering of ... (view more)