security

Windows 8.1 users should make sure to install an emergency patch just released by Microsoft. The company rates the risk as critical based more on the potential consequences than the risk of exploitation. The bug is patched with a security update ... that has the reference KB4578013. It affects all versions of Windows 8.1 along with Windows Server 2012. The bug doesn't affect Windows 10. In theory it could affect Windows 7 and earlier, but Microsoft no longer patches those systems as they are no longer supported. (Source: microsoft.com ) The fix comes in an "out of band security update", commonly ... (view more)

An independent test found tools from most leading security software companies failed to detect all threats - though it was one of the best set of overall results ever. The SE Labs test used simulated attacks based on real threats that are particular ... problems right now. The tests ran between April and June this year and involves anti-malware products aimed at the general public from 14 companies. Though SE Labs runs such tests regularly, it changes the simulated threats each time to reflect what's actually happening in the cyber security world. (Source: selabs.uk ) In many cases, the simulated ... (view more)

Security researchers spotted a major flaw in a processor that's in more than a billion Android phones. It's been fixed now, but highlights the importance of a couple of key security measures users should take. Researchers at Check Point say they ... spotted the errors on a processor from Qualcomm that's used on more than 40 percent of cellphones. The processor is known as a "system on a chip" (SoC) because it combines hardware and software in a single unit. The processor controls some key functions on a phone including charging, video and audio. Because it's a system on a chip, it runs partially ... (view more)

Microsoft has revealed it paid more than $13 million in bounties to people who reported security bugs in the past 12 months. It's three times the amount for the previous year, raising questions about Microsoft's attitude to security. Like many tech ... firms, Microsoft has a series of programs that pay rewards for reports of vulnerabilities. It's not so much meant as a way to compete against the potential earnings of would-be cyber criminals. Instead, it's meant as an incentive for legitimate independent security researchers to put their efforts into a particular application, device or platform. ... (view more)

Politicians on both sides of the Atlantic are considering laws to tighten cyber security for the so-called Internet of Things (IoT). The rules would cover devices that aren't traditional computers or phones but still connect to the Internet. The ... United States Congress is considering the Internet of Things Cyber Security Improvement Act. It's been examined by a Senate committee and is currently awaiting a date to be examined by the Senate as a whole. However, there's no guarantee it will be heard before the end of the year and newly elected or re-elected Senators taking their seats. Agency To ... (view more)

Windows 7 computers running the Zoom videoconferencing tool are at risk from a "zero day" vulnerability. It's a reminder of the dangers of an outdated operating system. The problem will be fixed in a patch by Zoom itself rather than from Microsoft. ... Microsoft dropped support for Windows 7 on January 14 this year, meaning it doesn't offer security updates or fix any bugs. A zero day vulnerability is one that is known by somebody other than the developer or manufacturer before a fix is ready. In effect, the developers have "zero days" of head start distributing the fix before people can start ... (view more)

A researcher has found a major bug with Thunderbolt port technology that could undermine major security measures on multiple computer systems. There's a big mitigating factor though: an attacker would need extended physical access to the computer in ... order to carry out the exploit. Thunderbolt is a technology that is similar in concept to USB, but adds fiber optic to the usual copper wires. Compared to USB, Thunderbolt has high speed and capacity. Common uses include super-fast device charging (including laptops), 4K video, and extremely quick data transfers. Originally Thunderbolt was only ... (view more)

The latest Windows 10 update blunder temporarily left some users without full use of the system's in-built antivirus / antimalware protection. Though enthusiasts quickly spotted a workaround, the problem has now been fixed with a Windows 10 update. ... The initial problem wasn't actually a system update to Windows 10 itself that caused the issue, but rather an antivirus definition update file for Windows Defender. Essentially, a "definition update" contains details of the latest known threats that the tool can immediately deal with. For some users, the problem only arose when running a full scan ... (view more)

Microsoft is switching to a "security updates only" model for Windows from May until further notice. The idea is to limit the risk of creating bugs while many people are working from home without IT support staff. The change affects what are known ... internally at Microsoft as C and D updates. Those roll out on the third and fourth week of the month and contain previews and testing of new features that are planned for a main release the following month. Microsoft will continue with the B update on the second Tuesday of each month, unofficially known as Patch Tuesday. However, this will now only ... (view more)

Microsoft has warned users of a significant unpatched security flaw in Windows. It's offered some key steps to take while the problem is being fixed. The problem affects all currently supported versions of Windows, though Windows 7 and 8 machines ... are affected 'critically' according to the Microsoft advisory bulletin. Attacks on Windows 10 machines are considerably more constrained due to its enhanced security features. Microsoft says its currently only aware of targeted attacks on Windows 7 machines, though that could change now the bug has been made public. (Source: microsoft.com ) Adobe ... (view more)