bug

Wed
15
Jan
John Lister's picture

Critical Windows 10 Bug Needs Immediate Fix

The National Security Agency (NSA) has told Microsoft about a major Windows 10 bug which also affects Windows Server 2016 and 2019. A patch is already available and is a must install. For the NSA to tell Microsoft about a Windows vulnerability and ... then discuss it publicly is relatively rare. In the past, the NSA has used such security flaws to take advantage of potential suspects, as part of its surveillance program. In this case, the bug was so serious the NSA seems to have concluded any benefits it could gain itself would be more than wiped out by the threat to the general public (and US ... (view more)

Thu
12
Dec
John Lister's picture

Critical: Font Bug Affects All Versions of Windows

A bug in the way Windows handles fonts could leave computers open to a "drive-by attack" - as long as the machine is connected to the Internet. It's among the vulnerabilities fixed in the latest Windows security update. All versions of Windows are ... affected . The bug involves the way Windows deals with embedded fonts. An embedded font means that the document includes the code for the font itself. It's generally used where a document or web page designer wants users to see a specific font that's not widely installed on computers. The bug means an embedded font could be coded in a way ... (view more)

Thu
05
Dec
John Lister's picture

Android Malware Extracts Passwords from Any Legit App

Security researchers say a serious Android bug could let malware pose as a legitimate app and gain unwanted access to a phone's data and functions. The concept of the 'StrandHogg' bug has been known for several years, but now it's being actively ... exploited to target online banking. In simple terms, the bug has two unwanted effects: it can trick users into giving malware sensitive 'permissions' to access the phone, and it can hijack legitimate apps to trick users into handing over login details and sensitive information. Researchers at Promon explain the bug is with a security setting called ... (view more)

Wed
20
Nov
John Lister's picture

Android Malware Records Calls, Tracks Location

Google is fixing an Android bug that let hackers remotely capture videos and images without permission. The bug could also have revealed the user's precise location, making it particularly dangerous if exploited by stalkers. Security researchers at ... Checkmarx discovered the bug in several default camera apps on a variety of Android phones, including the Google and Samsung apps. (Source: arstechnica.com ) The bug could only be exploited once malware was on the phone, but even then it still shouldn't have allowed such an attack. That's because it involved using a rogue app on the phone to access ... (view more)

Thu
26
Sep
John Lister's picture

Latest Internet Explorer Bug a Massive Risk

Microsoft has issued an emergency patch for Internet Explorer. In the most extreme circumstances, a user simply visiting a website could give a hacker complete remote control of a computer. Between Chrome's dominance and Edge becoming the default on ... new Windows machines, Internet Explorer is far from popular and is now used on around 8 percent of desktop computers. However, that still means around a hundred million machines could be affected by this bug. (Source: bbc.co.uk ) It's a sign of how serious the problem is that Microsoft has issued an emergency patch, or as it calls it, an out-of- ... (view more)

Mon
16
Sep
John Lister's picture

Password Manager Bug Exposes Last Used Password

Password manager LastPass has suffered an embarrassing security glitch that reveals a user's last used password, though some security experts argue that pulling off the exploit would have been difficult at best. The purpose of LastPass is to solve ... the problem of people having too many passwords to remember, but not wanting to reuse passwords across multiple sites. Once somebody signs up to LastPass, they create a single master password which is completely secret. Even LastPass itself doesn't store this password, so if a user forgets it, they are out of luck. The master password then stores ... (view more)

Wed
04
Sep
John Lister's picture

Use Chrome? Update Now to Fix Major Security Bug

Google has released a security update fixing a major flaw in the Chrome browser. While Chrome normally updates automatically, it's a serious enough problem that it's worth manually checking for updates to the browser in order to be certain. The bug ... was highlighted by the Center for Internet Security, a non-profit organization that crowd sources security problems and fixes. It says the flaw could be exploited simply by the user visiting a compromised web page. It says that: "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the ... (view more)

Wed
31
Jul
John Lister's picture

iPhone/iPad Users: Update Immediately

Google says it has found half a dozen major security flaws in Apple's iPhone messaging system. A new iOS update fixes five of the problems, but Google says one remains unpatched. The flaws were discovered by Google's Project Zero, a department that ... takes its name from the idea of "zero day" bugs . That's where would-be hackers become aware of a security issue before the relevant software developers are able to patch the bug. The zero day bugs are then exploited which often results in elevated privileged access levels given to a rogue program. The problems are with iMessage, the instant ... (view more)

Tue
04
Jun
John Lister's picture

How to Fix: Patch BlueKeep Worm (XP, Vista, 7, Server 2008)

If you're still on Windows 7 or earlier, you need to make sure you have a recent security patch installed as soon as possible. It fixes a very serious operating system exploit, dubbed "BlueKeep". Note that a firewall and antivirus will not block ... operating system exploits , which is why using an unsupported operating system is incredibly dangerous . The bug is in the way that Remote Desktop Protocol (RDP) works. Remote Desktop Protocol lets somebody on one computer see and control another computer in another location. It has some extremely useful applications such as working away ... (view more)

Tue
28
May
John Lister's picture

Ransomware Attack Linked to NSA Breach

The National Security Agency (NSA) is refusing to comment on claims a tool it developed has been used in a ransomware attack on the Baltimore city government. The New York Times says the attackers used a tool called "EternalBlue." The attackers have ... encrypted Baltimore government systems and demanded between $76,000 and $114,440 (depending on the account) to restore access. Officials have refused to pay and used workarounds including some manual processing of files and switching to Gmail for internal communications. It seems the attack was carried out using EternalBlue, which is ... (view more)

Pages

Subscribe to RSS - bug