security

Wed
22
Dec
John Lister's picture

Biden Signs Exec Order to Overhaul Gov't Sites

US President Joe Biden has ordered the federal government to modernize its online services. It aims to remove a "time tax" on citizens navigating inefficient services. It comes in an executive order, which doesn't require legislation passed by ... Congress. The order says the US government is responsible for "designing and delivering services with a focus on the actual experience of the people whom it is meant to serve." (Source: whitehouse.gov ) The main requirement of the order is to overcome the current problem of limited interoperability between different government sites, which often require ... (view more)

Wed
15
Dec
John Lister's picture

Android Scammers Try New Tactics

Google has cracked down on a key method that scammers used to distribute Android malware through the Play app store. But like a game of whack-a-mole, the scammers are adjusting their tactics for greater success. The Google change is to the way it ... handles accessibility tools on Android devices. These include screen-readers, voice input systems and other modifications for users to interact with the device. Such tools often need access to key components such as the camera, microphone or speakers, access that can be abused by malware. Google relaxes the security and permissions system on such ... (view more)

Wed
20
Oct
John Lister's picture

Google USB Security Keys Free for Many

Google is giving free USB security keys to around 10,000 users whose accounts are at particular risk. They include politicians and human rights activists. The move follows a targeted campaign linked to Russian hackers to try to trick such users into ... revealing their passwords. The attackers could then not only look for sensitive information in email archives but also use the hijacked accounts to spread misinformation. The USB keys use the two-factor authentication approach , adding an extra level of protection, meaning that simply getting somebody's password wasn't necessarily enough to get ... (view more)

Tue
19
Oct
John Lister's picture

Google Enables '2-Step Verification' as Default

Google is switching on two-factor authentication by default for 150 million users. It's also making it mandatory for two million people who upload videos to YouTube. The system means no longer relying on passwords as the only way to control access ... to account. Instead it adds a second method such as getting a security code on a particular phone. Two-Factor versus "Two-Step" Verification Google calls the concept two-step verification, though that doesn't really describe it properly. The more commonly used "two factor" term refers to the idea of combining different types of ... (view more)

Tue
14
Sep
John Lister's picture

MS Office, Internet Explorer Form Zero Day Attack

Security experts have warned users to take extra care opening Microsoft Office files. An unpatched bug in Internet Explorer can affect users regardless of their preferred browser. The bug takes advantage of the way Office files can open links in ... Internet Explorer. It means that attackers can craft Office files that, once opened, automatically load an "attack" page in Internet Explorer that installs malware. Exactly what malware to install is up to the attacker. There is some protection for some users. In many cases, Office will by default open a document in Protected View, which blocks links ... (view more)

Wed
11
Aug
John Lister's picture

Three Random Words 'Best Password Strategy'

A government agency says three "random" words make for a better password than many other approaches. It says other strategies such as adding symbols and numbers can be counterproductive. The advice comes from the National Cyber Security Center ... (NCSC). That's a body in the United Kingdom that deals with major security breaches and gives advice to businesses and other government organizations. According to the NCSC, the advice is aimed at people who try to remember passwords. It says password manager tools are a good solution but remain widely unused. (Source: gov.uk ) Predictable Appr0@ch! The ... (view more)

Thu
08
Jul
John Lister's picture

Nine Rogue Android Apps to Delete Right Now

Nine popular Google Play apps were actually scams to steal Facebook logins according to a security company. Although Google has removed some of them, they may still be on devices. All the apps were promoted as performing a simple task and appear to ... have worked as designed. Although that meant more effort for the developers, the idea was to make users less suspecting that the apps were actually harmful. The affected apps had the following names and functions: App Lock Keep (child safety tool) App Lock Manager (child safety tool) Horoscope Daily (astrology) Horoscope Pi (astrology) Inwell ... (view more)

Tue
30
Mar
John Lister's picture

Major Apple Bug Threatens Browser Security

Apple has warned users to check their portable devices to ensure they are up to date. A bug that affects iPhones, iPads and Apple Watches may already be under attack by hackers. The bug affects WebKit, which is the underlying software for Safari and ... any other web browsers which use Apple's operating system iOS. Specifically, it covers the way web content appears and the way browsers keep track of which sites a user has recently visited, allowing features such as the browser back button to work properly. Apple isn't giving many details of exactly how the bug works or could be exploited, which ... (view more)

Tue
16
Feb
John Lister's picture

Serious Windows Flaw: Hackers Can Remotely Crash PCs

Microsoft has described three Windows security fixes as an "essential" install even among users who normally take their time or pick and choose updates. It's one of 56 fixes in the latest monthly security update sometimes dubbed Patch Tuesday. Two ... of the fixes are rated "Critical" and the other "Important". Those ratings are based on a combination of how likely the flaw is to be exploited and how serious the resulting damage could be. Remote Code Execution Risk The two critical fixes (codenamed CVE-2021-24074 and CVE-2021-24094) both create a risk of remote code execution. That's arguably the ... (view more)

Wed
07
Oct
John Lister's picture

Google Launches App Security Team

Google is creating a dedicated security team to hunt for bugs in "sensitive" Android apps. It will concentrate on the nature of the app rather than how widely its used. The new team will working in a different way to Google's existing program that ... offer bounties to independent security researchers who spot bugs in apps from the Google Play Store. To get the most "bang for its buck," that program only covers apps which have more than 100 million downloads. While it's logical enough to prioritize those apps as the number of people affected by a security breach will be highest, it doesn't take ... (view more)

Pages

Subscribe to RSS - security