security

Fri
28
Jun
John Lister's picture

Outlook Users Warned Of Major Bug

This month's Microsoft "Patch Tuesday" update includes a fix for a major threat in Outlook. The bug means simply opening an email can trigger the attack. The update should have been applied to most systems by now, but some users may have shut off ... Windows Update, in which case it is recommended to re-enable and patch immediately. The threat, discovered by security company Morphisec, is a remote code execution vulnerability. That's particularly nasty as it gives an attacker the ability to remotely operate on the victim's computer. They could then spread malware, install ransomware or attempt to ... (view more)

Wed
15
May
John Lister's picture

2.28 Million Rogue Apps Blocked By Google

Google says it blocked 2.28 million potentially malicious apps from getting into the official Play store last year. It stopped or paused a further 200,000 which didn't correctly use the permissions system. The figure for malicious app blocks is up ... almost half compared with 2022. Google didn't say conclusively whether that means more scammers are trying their luck or if it simply did a better job of detecting them. However, it did note the 2023 figure was "in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review ... (view more)

Wed
24
Apr
John Lister's picture

Microsoft Issues Mega-Security Patch

Microsoft has released one of the biggest Patch Tuesday updates ever. It includes 149 security fixes, including two "zero day bugs". Some reports suggest this is the most fixes in any monthly Microsoft update while others suggest it is "merely" the ... biggest in the past seven years. Either way, this is not a month for anyone who chooses to install Windows security fixes manually to hang about. Three of the fixes are for bugs Microsoft classes as "critical", meaning attackers could exploit them without requiring any action by the user. Almost all the rest are "important," meaning the attacker ... (view more)

Tue
26
Mar
John Lister's picture

Google Pays $10 Million In Bug Bounties

Google has revealed it paid $10 million in bounties to people who spotted security bugs in its products last year. More people earned rewards than in an equivalent Microsoft program, though Google paid out less per person. Such programs are designed ... not only to boost security but to encourage security researchers to work for good, rather than exploit bugs. However, critics say tech companies should put more of their resources into making software as bug-free as possible to start with. Google paid out a total of $10 million in 2023, split between 632 researchers in 68 countries. The highest ... (view more)

Fri
23
Feb
John Lister's picture

Patch Tuesday a Must Install This Month

Microsoft has fixed two bugs which bypassed Windows security measures. Both were actively exploited before the fix, making it vital to install the updates. The fixes come in this month's "Patch Tuesday" update, the main monthly security update that ... Microsoft officially calls the "B update". It should download and install without further action for anyone with automatic updates switched on, but may need a reboot to complete. Both bugs affect most supported versions of Windows, including 10, 11 and Windows Server. Microsoft rates the two bugs as "important" and "moderate" respectively, though ... (view more)

Mon
18
Dec
John Lister's picture

iPhones Get Extra Security Measure

Apple is beefing up security measures to reduce the damage caused by iPhone thefts. The new "Stolen Device Protection" feature is opt-in, possibly because it comes at the expense of convenience. The feature is designed for cases when somebody steals ... a device and successfully enters the passcode. That could happen when a thief spots somebody typing in the passcode before they steal the handset. It could also happen if the thief knows some details about the victim and they have a predictable passcode such as a birth date. Anyone who unlocks a phone will still be able to use it and access apps ... (view more)

Mon
11
Dec
John Lister's picture

New Law Demands Five Years Of Security Patches

Tougher rules mean digital device and software manufacturers will have to report security breaches more quickly. They'll also have to offer security patches for at least five years. The rules come from the European Union. They technically only cover ... products sold in EU member countries, though in many such cases manufacturers change their behavior worldwide to comply with the rules. The financial penalties for breaking the rules take into account global turnover. The rules, which will become the Cyber Resilience Act, cover "products with digital elements." These include smart and connected ... (view more)

Mon
14
Aug
John Lister's picture

Google Admits Play Store Security Loophole

Google says malware creators are using a simple workaround to bypass security on the official Play Store for Android apps. The problem is that the simplest fix would undermine one of the key differences between Android and closed systems such as ... Apple. In theory, all apps in the Play Store are vetted for security, including malware checks. That's one of the reasons Google recommends only using the Play Store, while still giving users the choice to get and install Android software from other sources. The problem is that scammers are using an extremely simply workaround called "versioning". ... (view more)

Thu
03
Aug
John Lister's picture

Google: 0-Day Bugs Down, But Risk Still High

The number of 0-day bugs, which give hackers a dangerous advantage, fell in 2022 according to Google. However, the company warns this may risk misleading complacency that forgets other factors. The figures come from Google's Threat Analysis Group, ... which aims to track, identify and report security bugs, regardless of the software or hardware concerned. The logic is that the better Internet security is overall, the better it is for an Internet-dependent business such as Google. For the past nine years, it's put together an annual tally of 0-day bugs. While definitions vary, Google classes them ... (view more)

Tue
25
Jul
John Lister's picture

Google to Block Internet for Some Employees

Google will stop some of its employees accessing the Internet. It's a bold experiment to see if it can reduce security threats without affecting performance. The idea is reduce the risk of hackers getting access to employee machines, either to get ... hold of data on those machines or to use them as an entry point into Google's network. Perhaps unsurprisingly, Google's internal data is particularly attractive to attackers, whether they are seeking financial gain, political or commercial advantage, or plain old mischief making. For example, attackers being able to find out how Google ranks ... (view more)

Pages

Subscribe to RSS - security