Security

A data leak has exposed the phone numbers of an estimated 500 million Facebook users. The data comes from a breach in 2019, but has just been made public. According to Facebook, the breach was "found and fixed" in 2019, which has raised some ... eyebrows given the company never warned users their details may have been compromised. It argues the data wasn't hacked but rather "scraped" from publicly accessible information through a bug in its feature that lets users find the Facebook accounts of people in their phone contacts. That may not be enough to satisfy data protection officials in several ... (view more)

Apple has warned users to check their portable devices to ensure they are up to date. A bug that affects iPhones, iPads and Apple Watches may already be under attack by hackers. The bug affects WebKit, which is the underlying software for Safari and ... any other web browsers which use Apple's operating system iOS. Specifically, it covers the way web content appears and the way browsers keep track of which sites a user has recently visited, allowing features such as the browser back button to work properly. Apple isn't giving many details of exactly how the bug works or could be exploited, which ... (view more)

A single character from ancient English could crash a Windows 10 PC, thanks to an odd security glitch. It's been patched in the most recent Windows updates, making it an important fix for those who download updates manually. The bug appears to work ... in most major browsers and involves the Æ symbol. If that isn't clear on your device, it's the symbol that looks like a capital A in italics squashed into a capital E. The symbol, sometimes called "ash" in English, has been used to designate specific sounds in several language over the past few thousand years. In old English it was a sound ...<a href="/news/10902/single-character-could-crash-windows-pc" class="more-link">view more

If you use Chrome, you need to make sure it's up to date. The browser has been hit by a dreaded zero-day flaw . In this case, hackers are aware of the bug and are actively exploiting it before Google has a chance to issue a security patch. The name ... comes from the fact that Google has "zero days" head start in getting the patches out. Google confirmed that it "is aware of reports that an exploit for CVE-2021-21166 [the bug in question] exists in the wild." (Source: googleblog.com ) High Severity Flaw The security flaw is rated as "high severity" on Google's rankings of how much ... (view more)

Apple says it has dealt with the risk from a newly-discovered piece of malware affecting macOS. It's a reminder that macOS isn't completely immune from malware - which may have been the point of the attack. Security company Red Canary discovered the ... malware and dubbed it Silver Sparrow. It says data from Malwarebytes showed it was present on 29,139 computers. (Source: redcanary.com ) It appeared to target computers which have the M1 chip. That's an Apple produced processor designed specifically for Macs. It's combines multiple functions on a single chip, the idea being to increase efficiency ... (view more)

Microsoft has described three Windows security fixes as an "essential" install even among users who normally take their time or pick and choose updates. It's one of 56 fixes in the latest monthly security update sometimes dubbed Patch Tuesday. Two ... of the fixes are rated "Critical" and the other "Important". Those ratings are based on a combination of how likely the flaw is to be exploited and how serious the resulting damage could be. Remote Code Execution Risk The two critical fixes (codenamed CVE-2021-24074 and CVE-2021-24094) both create a risk of remote code execution. That's arguably the ... (view more)

A hacker tried to poison a city's water supply using software designed to remotely control computers. Officials in Oldsmar, Florida say that even if the attack hadn't been spotted, it would have been unsuccessful. The attacker struck a system that ... treats the water supplied to around 15,000 people. Last Friday, they gained access to a control computer for around three to five minutes through TeamViewer, which appears to have been in place to allow remote work. (Source: independent.co.uk ) 100-Fold Lye Increase The computer controlled the levels of some chemicals in the water including ... (view more)

Apple is to let iPhone owners unlock their phone using Face ID even while wearing a face mask. But the setting is only available to people who also use an Apple watch. Facial recognition is now the primary way to unlock an iPhone rather than use a ... fingerprint or typing in a code. That's proven problematic in a time when people are increasingly wearing face masks in public places as a measure to reduce the risk of transmitting diseases. Unlocked Watch Allows Masked Match It was technically possible for Apple's system, Face ID, to "recognize a face" using a combination of the exposed top half ... (view more)

Ransomware infections used to be about forcing victims to pay to regain access to their files. Now it appears more and more scammers are treating it as an exercise in blackmail. A new cybersecurity report says 18 known ransomware gangs have switched ... their focus to threatening to publish stolen data unless the victim pays up. That's led to some businesses paying the ransom even though they had access to backups in order to restore their files. Traditionally ransomware has been about file encryptions. Scammers get access to a victim's computer or network through malware, then the infection " ... (view more)

A consumer group has warned a time limit on updates could mean phones become a security risk before they wear out. The group wants laws to make it clearer how long devices will receive support. The warning comes from Which?, a British organization ... similar to Consumer Reports in the US. It surveyed 15,000 people about how long they kept their phones. The questions covered how long people had been using their current phone, whether it was newly manufactured when they got it, and how long they had used their previous handset. The calculations only took account of handsets that were replaced ... (view more)