security

Wed
24
Apr
John Lister's picture

Microsoft Issues Mega-Security Patch

Microsoft has released one of the biggest Patch Tuesday updates ever. It includes 149 security fixes, including two "zero day bugs". Some reports suggest this is the most fixes in any monthly Microsoft update while others suggest it is "merely" the ... biggest in the past seven years. Either way, this is not a month for anyone who chooses to install Windows security fixes manually to hang about. Three of the fixes are for bugs Microsoft classes as "critical", meaning attackers could exploit them without requiring any action by the user. Almost all the rest are "important," meaning the attacker ... (view more)

Tue
26
Mar
John Lister's picture

Google Pays $10 Million In Bug Bounties

Google has revealed it paid $10 million in bounties to people who spotted security bugs in its products last year. More people earned rewards than in an equivalent Microsoft program, though Google paid out less per person. Such programs are designed ... not only to boost security but to encourage security researchers to work for good, rather than exploit bugs. However, critics say tech companies should put more of their resources into making software as bug-free as possible to start with. Google paid out a total of $10 million in 2023, split between 632 researchers in 68 countries. The highest ... (view more)

Fri
23
Feb
John Lister's picture

Patch Tuesday a Must Install This Month

Microsoft has fixed two bugs which bypassed Windows security measures. Both were actively exploited before the fix, making it vital to install the updates. The fixes come in this month's "Patch Tuesday" update, the main monthly security update that ... Microsoft officially calls the "B update". It should download and install without further action for anyone with automatic updates switched on, but may need a reboot to complete. Both bugs affect most supported versions of Windows, including 10, 11 and Windows Server. Microsoft rates the two bugs as "important" and "moderate" respectively, though ... (view more)

Mon
18
Dec
John Lister's picture

iPhones Get Extra Security Measure

Apple is beefing up security measures to reduce the damage caused by iPhone thefts. The new "Stolen Device Protection" feature is opt-in, possibly because it comes at the expense of convenience. The feature is designed for cases when somebody steals ... a device and successfully enters the passcode. That could happen when a thief spots somebody typing in the passcode before they steal the handset. It could also happen if the thief knows some details about the victim and they have a predictable passcode such as a birth date. Anyone who unlocks a phone will still be able to use it and access apps ... (view more)

Mon
11
Dec
John Lister's picture

New Law Demands Five Years Of Security Patches

Tougher rules mean digital device and software manufacturers will have to report security breaches more quickly. They'll also have to offer security patches for at least five years. The rules come from the European Union. They technically only cover ... products sold in EU member countries, though in many such cases manufacturers change their behavior worldwide to comply with the rules. The financial penalties for breaking the rules take into account global turnover. The rules, which will become the Cyber Resilience Act, cover "products with digital elements." These include smart and connected ... (view more)

Mon
14
Aug
John Lister's picture

Google Admits Play Store Security Loophole

Google says malware creators are using a simple workaround to bypass security on the official Play Store for Android apps. The problem is that the simplest fix would undermine one of the key differences between Android and closed systems such as ... Apple. In theory, all apps in the Play Store are vetted for security, including malware checks. That's one of the reasons Google recommends only using the Play Store, while still giving users the choice to get and install Android software from other sources. The problem is that scammers are using an extremely simply workaround called "versioning". ... (view more)

Thu
03
Aug
John Lister's picture

Google: 0-Day Bugs Down, But Risk Still High

The number of 0-day bugs, which give hackers a dangerous advantage, fell in 2022 according to Google. However, the company warns this may risk misleading complacency that forgets other factors. The figures come from Google's Threat Analysis Group, ... which aims to track, identify and report security bugs, regardless of the software or hardware concerned. The logic is that the better Internet security is overall, the better it is for an Internet-dependent business such as Google. For the past nine years, it's put together an annual tally of 0-day bugs. While definitions vary, Google classes them ... (view more)

Tue
25
Jul
John Lister's picture

Google to Block Internet for Some Employees

Google will stop some of its employees accessing the Internet. It's a bold experiment to see if it can reduce security threats without affecting performance. The idea is reduce the risk of hackers getting access to employee machines, either to get ... hold of data on those machines or to use them as an entry point into Google's network. Perhaps unsurprisingly, Google's internal data is particularly attractive to attackers, whether they are seeking financial gain, political or commercial advantage, or plain old mischief making. For example, attackers being able to find out how Google ranks ... (view more)

Tue
11
Jul
John Lister's picture

Windows 95 and 98 Get Updates Again

Users of Windows versions dating right back to Windows 95 can now get updates for their system. It's thanks to an enthusiast project and is absolutely not meant to be a sensible alternative to using modern version of Windows. The Windows Update ... Restored site aims to recreate the official Microsoft web pages for getting feature and security updates for older versions of Windows. Those pages were used by people who chose to manually download and install updates rather than use automatic updates. Understandably, Microsoft has long since taken down the pages for updating many Windows versions ... (view more)

Thu
01
Jun
John Lister's picture

Amazon Hit By $30 Million Privacy Penalty

Amazon has agreed to pay a total of $30 million in penalties for privacy violations related to its Ring and Alexa devices, according to an announcement by the Federal Trade Commission (FTC). The penalties consist of $25 million for allegedly ... retaining children's data without deletion and $5.8 million for failing to limit employee and contractor access to Ring security videos. (Source: cnet.com ) The settlements do not require Amazon to make any admission of legal wrongdoing. (Source: theguardian.com ) Amazon Accused of Retaining Kid's Data The FTC accused Amazon of preventing parents from ... (view more)

Pages

Subscribe to RSS - security