security

Fri
11
Nov
John Lister's picture

Study: Microsoft Defender Too Reliant on Internet

A new study suggests Microsoft Defender's effectiveness varies dramatically on the setting. It's one of the best for online-based threats, but among the worst performers for offline-based threats. The study is from AV Comparatives, which runs ... regular tests on more than a dozen leading cyber security tools. (Source: av-comparatives.org ) The results for Microsoft Defender are particular noteworthy for two reasons. First, it's the default, built-in tool for modern versions of Windows, meaning hundreds of millions of people use it. Second, it's often argued that Defender does a good enough job ... (view more)

Thu
29
Sep
John Lister's picture

Microsoft Rethinks Windows 11 Update Schedule

Microsoft has released the first major update to Windows 11. It also says it may issue new features every month, yet another change to its update strategy. One year after Windows 11 first came out, the new update is formally called 22H2, though ... Microsoft has also simply called it the 2022 Update. That reflects an initial theory that updates would be relatively infrequent. Older versions of Windows had new features added as and when they were ready, with a Service Pack bringing everything together every couple of years for users who didn't want to install frequent updates. Windows 10 switched ... (view more)

Thu
22
Sep
John Lister's picture

Data Gathering 'A Security Threat'

A former diplomat says the amount of data shared and sold in the US puts the country at security risk. Karen Kornbluh said businesses gathering data on a large scale created a "national security loophole." She also points to a recent warning that ... China was attempting to gather data, both legally and illegally, about US citizens' health. The country is thought to be looking for blackmail material, for example on people in positions of power who have been treated for mental illness or embarrassing physical complaints. (Source: dni.gov ) Kornbluh previously held senior roles at the Federal ... (view more)

Tue
20
Sep
John Lister's picture

Phone Cleaner and Security Apps Were Scams

Two more applications have been removed from the Google Play Store after turning out to be a front for malware. As always in such cases, users who already have the apps installed need to uninstall them as this won't happen automatically. The apps in ... question are called Mister Phone Cleaner and Kylhavy Mobile Security. They had 50,000 and 10,000 downloads respectively before Google pulled the listings. The scam in these cases has a couple of key differences from the familiar story of scammers disguising malware as legitimate apps and finding a way to bypass Google's security checks. That ... (view more)

Thu
04
Aug
John Lister's picture

New Android Malware Discovered

Some Google Play Store apps with more than a million downloads have turned out to house malware. It's a reminder that however good Google's security vetting process is, it's not perfectly reliable. Two security companies, ThreatLabZ and Evina, say ... they found a total of 60 apps that are or have been in the Play Store and house one of four "families" of malware. One type appears to be new and has been dubbed Autolycos by researcher Maxime Ingrao. Promoted via Facebook and Instagram ads, the apps use a common technique. They are listed as carrying out a specific feature, which they ... (view more)

Wed
03
Aug
John Lister's picture

Windows 11 Update Causing Problems

A recent Windows 11 update has failed to install for some users. Meanwhile, some of those who did install it have reported annoying bugs. It reawakens an age-old dilemma: some users may conclude it's safer to avoid the update altogether and even ... manually uninstall it, but that means missing out on some security fixes for previous vulnerabilities. To make the decision more difficult, Microsoft hasn't provided much detail about these fixes other than to say the update "addresses security issues for your Windows operating system." For some users, there's no choice to make as they ... (view more)

Thu
28
Jul
John Lister's picture

Microsoft Pauses MS Office Macro Overhaul

Microsoft says it still plans to make a key security move with Microsoft Office, despite already having reversed it. It says it has put the changes to macros on hold to "enhance usability." The back-and-forth involves Visual Basic for Applications ... (VBA) macros. In principle, these are shortcuts that automate detailed processes with multiple steps. In some cases, users will share macros as part of their work. While macros can be very useful, they also offer a security risk. That's because a maliciously crafted macro could carry out unwanted tasks without the user knowing exactly what ... (view more)

Wed
20
Jul
John Lister's picture

Software Updates May Bring Back Zero-day Bugs

At least half the zero-day bugs discovered by Google this year were preventable according to one of its security experts. She pointed to sloppiness by software developers. The claims came in a talk and subsequent blog post by Maddie Stone. She's ... part of Google's Project Zero security program. While precise definitions sometimes vary, the general principle of a zero-day bug is that it's where attackers are exploiting the vulnerability before the software developers have a chance to develop a fix - in most cases because they aren't even aware of the bug. The name comes from the way the ... (view more)

Tue
24
May
John Lister's picture

Windows 11 .NET Update Goes Badly

The most recent Windows 11 update has caused bugs so significant that some users may be better off uninstalling it, despite the security implications. It's a situation with some particularly embarrassing elements for Microsoft. The update has the ... code name KB5013943 and was released to the general public on May 10th. It's reported some users in Microsoft's test program who got the update early experienced problems, meaning it's a surprise the same bugs appear to still have been present in the general release. Compatibility Glitches The problem is with the .NET Framework. That's effectively a ... (view more)

Tue
10
May
John Lister's picture

Microsoft Edge Offers VPN, With a Catch

Microsoft Edge is getting what looks suspiciously like a virtual private network (VPN). It comes with a catch and requires some serious trust in Microsoft. The "Secure Network" feature is now mentioned in a support document and has also shown up in ... Edge for some users who've signed up for early access to in-development features. It appears to be a variant of a VPN, which involves routing internet connection through a VPN provider. The data traveling back and forth between the provider and the user is encrypted in a setup likened to a "tunnel" that stops it being accessible ... (view more)

Pages

Subscribe to RSS - security