bug

Thu
05
Dec
John Lister's picture

Android Malware Extracts Passwords from Any Legit App

Security researchers say a serious Android bug could let malware pose as a legitimate app and gain unwanted access to a phone's data and functions. The concept of the 'StrandHogg' bug has been known for several years, but now it's being actively ... exploited to target online banking. In simple terms, the bug has two unwanted effects: it can trick users into giving malware sensitive 'permissions' to access the phone, and it can hijack legitimate apps to trick users into handing over login details and sensitive information. Researchers at Promon explain the bug is with a security setting called ... (view more)

Wed
20
Nov
John Lister's picture

Android Malware Records Calls, Tracks Location

Google is fixing an Android bug that let hackers remotely capture videos and images without permission. The bug could also have revealed the user's precise location, making it particularly dangerous if exploited by stalkers. Security researchers at ... Checkmarx discovered the bug in several default camera apps on a variety of Android phones, including the Google and Samsung apps. (Source: arstechnica.com ) The bug could only be exploited once malware was on the phone, but even then it still shouldn't have allowed such an attack. That's because it involved using a rogue app on the phone to access ... (view more)

Thu
26
Sep
John Lister's picture

Latest Internet Explorer Bug a Massive Risk

Microsoft has issued an emergency patch for Internet Explorer. In the most extreme circumstances, a user simply visiting a website could give a hacker complete remote control of a computer. Between Chrome's dominance and Edge becoming the default on ... new Windows machines, Internet Explorer is far from popular and is now used on around 8 percent of desktop computers. However, that still means around a hundred million machines could be affected by this bug. (Source: bbc.co.uk ) It's a sign of how serious the problem is that Microsoft has issued an emergency patch, or as it calls it, an out-of- ... (view more)

Mon
16
Sep
John Lister's picture

Password Manager Bug Exposes Last Used Password

Password manager LastPass has suffered an embarrassing security glitch that reveals a user's last used password, though some security experts argue that pulling off the exploit would have been difficult at best. The purpose of LastPass is to solve ... the problem of people having too many passwords to remember, but not wanting to reuse passwords across multiple sites. Once somebody signs up to LastPass, they create a single master password which is completely secret. Even LastPass itself doesn't store this password, so if a user forgets it, they are out of luck. The master password then stores ... (view more)

Wed
04
Sep
John Lister's picture

Use Chrome? Update Now to Fix Major Security Bug

Google has released a security update fixing a major flaw in the Chrome browser. While Chrome normally updates automatically, it's a serious enough problem that it's worth manually checking for updates to the browser in order to be certain. The bug ... was highlighted by the Center for Internet Security, a non-profit organization that crowd sources security problems and fixes. It says the flaw could be exploited simply by the user visiting a compromised web page. It says that: "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the ... (view more)

Wed
31
Jul
John Lister's picture

iPhone/iPad Users: Update Immediately

Google says it has found half a dozen major security flaws in Apple's iPhone messaging system. A new iOS update fixes five of the problems, but Google says one remains unpatched. The flaws were discovered by Google's Project Zero, a department that ... takes its name from the idea of "zero day" bugs . That's where would-be hackers become aware of a security issue before the relevant software developers are able to patch the bug. The zero day bugs are then exploited which often results in elevated privileged access levels given to a rogue program. The problems are with iMessage, the instant ... (view more)

Tue
04
Jun
John Lister's picture

How to Fix: Patch BlueKeep Worm (XP, Vista, 7, Server 2008)

If you're still on Windows 7 or earlier, you need to make sure you have a recent security patch installed as soon as possible. It fixes a very serious operating system exploit, dubbed "BlueKeep". Note that a firewall and antivirus will not block ... operating system exploits , which is why using an unsupported operating system is incredibly dangerous . The bug is in the way that Remote Desktop Protocol (RDP) works. Remote Desktop Protocol lets somebody on one computer see and control another computer in another location. It has some extremely useful applications such as working away ... (view more)

Tue
28
May
John Lister's picture

Ransomware Attack Linked to NSA Breach

The National Security Agency (NSA) is refusing to comment on claims a tool it developed has been used in a ransomware attack on the Baltimore city government. The New York Times says the attackers used a tool called "EternalBlue." The attackers have ... encrypted Baltimore government systems and demanded between $76,000 and $114,440 (depending on the account) to restore access. Officials have refused to pay and used workarounds including some manual processing of files and switching to Gmail for internal communications. It seems the attack was carried out using EternalBlue, which is ... (view more)

Wed
27
Mar
John Lister's picture

Apple Devices Need 51 Important Security Updates

Apple has released a patch for mobile devices which covers 51 security flaws. It's sparked debate over Apple's security levels and the way it issues such updates. The patch is for iOS, taking it up to version 12.2. Apple doesn't issue standalone ... security updates. Instead, it builds it into the main update for the system, which also includes new features or bug fixes. (Source: apple.com ) The most notable fix is a bug in an API (application program interface), which lets third party software interact with Apple services. In this case, the API bug could allow malware to access an iPhone, iPad ... (view more)

Wed
20
Mar
John Lister's picture

Report: Microsoft Bugs 'Most Exploited' by Hackers

According to a recent report, Microsoft products made up eight of the ten most exploited software bugs last year according to a security company. That's higher than in recent years, largely because Adobe Flash is becoming a less rewarding target for ... hackers as it loses popularity. As recently as 2015, most of the top ten involved bugs with Flash. Microsoft took the unwanted lead in 2017 with seven entries on the list. (Source: bleepingcomputer.com ) Internet Explorer Tops The List The top spot for 2018 went to a bug in the Windows VBScript engine . That's a tool that handles code designed for ... (view more)

Pages

Subscribe to RSS - bug