Security

Fri
29
Nov
John Lister's picture

Windows Security Patches Won't Need Reboot

Windows 11 users may soon be able to install updates without needing to reboot their computers. The "hotpatch" system will initially debut for business users. The idea of a Windows update without a reboot isn't new but has previously only been ... available for Windows Server and Datacenter versions, where even a brief period offline during a reboot can be problematic. (Source: techradar.com ) The new hotpatch system will initially be available for Enterprise users of Windows 11 (if already updated to the 24H2 version), covering both the outright purchase and 365 subscription models. Users will ... (view more)

Mon
21
Oct
John Lister's picture

Google Facing Breakup in US Court Case

The Department of Justice says it may ask a judge to forcibly break up Google's business over its alleged monopoly abuses. Google called it an overreach and says such a move could kill Android or Chrome. Google lost a court case in August for ... breaking antitrust laws in the way it built up and maintained a 90 percent market share in online searches. The DOJ must now put proposals before a court on how to remedy this breach. In a preliminary filing, the DOJ says it is considering the most serious option of "structural remedies". That could mean Google would no longer be able to maintain its ... (view more)

Fri
11
Oct
John Lister's picture

Facebook Fined for Password Failure

Facebook's parent company has been fined the equivalent of $100 million for storing user passwords in plain text. Failing to encrypt the passwords breached Europe's General Data Protection Regulation (GDPR). Meta, which runs Facebook and Instagram, ... broke the rules despite there being no evidence that anyone accessed the passwords without authorization or that anyone was then able to access accounts. Delay In Coming Clean The company was found to have breached the GDPR on four counts. Two involved failing to adequately secure personal data, one involved not properly documenting these failures ... (view more)

Wed
02
Oct
John Lister's picture

Necro Malware Infects 'Modified' Spotify, WhatsApp

"Modified" versions of popular apps have helped distribute a nasty piece of Android malware. The tactic expanded the reach of the Necro Trojan despite Google's security checks. Necro was able to survive for some time before discovery, largely ... because the infection wasn't obvious to users. Its main purpose was to hijack phones and use them to make money for the people behind the malware. This included displaying paid ads in the background so that users didn't see them, but the scammers were able to claim revenue from advertisers. The malware would also install apps on the phone to earn ... (view more)

Mon
30
Sep
John Lister's picture

Chrome Offers New Options on Browser Notifications

Chrome is getting more proactive on browser safety. The changes are coming to both desktops and Android devices. It's part of the browser's "Safety Check" feature which already warns users if a password has been compromised or if a website appears ... unsafe. The feature is expanding to cover permissions and notifications. The former involves the way Chrome controls whether or not a specific website has access to computer resources and data such as a microphone, webcam or precise location. Chrome will now start automatically revoking permissions from websites the user rarely visits. Google has ... (view more)

Fri
20
Sep
John Lister's picture

Scammers Frustrate Users into Giving Up their Gmail

Scammers are using a creative way to trick people into handing over their Google account passwords. The tactic works by annoying the victim until they stop thinking rationally. Most scams to get hold of account passwords, particularly sensitive ones ... like a Google account, work in one of two ways. Some scammers will try to intercept the password, for example by using keylogging software that records everything a user types. Others prefer phishing, where the user is tricked into typing in details into a bogus, lookalike website. The new scam, using malware named StealC, is much simpler. It ... (view more)

Wed
11
Sep
John Lister's picture

Android to Tackle Data Harvesting Scam Apps

A key change to Android could reduce the risk of scammers stealing personal data or money. The update will mean sensitive apps won't open unless potentially risky apps are closed first. The idea is to tackle rogue apps which are designed to either ... capture personal data from another app, or to take control of the phone unbeknownst to the owner. Developer Choice Google's new tactic aims to find a balance between restricting the activities of such rogue apps and keeping the freedom of users to choose what apps they install, including those from sources other than the official Play Store. The ... (view more)

Wed
28
Aug
John Lister's picture

Ransomware Turns to Triple Threat

A notorious ransomware group has engaged in a "triple threat" attack. As well as locking files and threatening to expose data, the Qilin group has been spotted trying to steal saved passwords from Chrome. The Qilin group appears to have been ... operating for at least two years but came to wider attention in 2022 when it attacked British hospitals. The group's origins and membership aren't known for certain, but it has communicated in Russian. As is becoming more common, Qilin doesn't simply restrict itself to encrypting files and systems and then demanding a ransom payment to restore access. It ... (view more)

Mon
26
Aug
John Lister's picture

Banking Scam Bypasses iOS, Android App Store Vetting

A useful web feature could be a serious phishing risk according to security researchers. They say scammers are using "progressive web apps" to bypass Android and iOS security features. In simple terms, a progressive web app is a mix of a website and ... a standalone application. It's technically a website and uses web technologies, allowing for instant updates. However, it looks and feels more like a standalone app and can often access more of a device's resources than a web browser. Security firm ESET says scammers are using progressive web apps as a way to overcome a major limitation in scams ... (view more)

Fri
23
Aug
John Lister's picture

Google Warns of 2G SMS Scam

Google has warned Android users to disable 2G connectivity. It says scammers are taking advantage of the outdated tech to send phishing messages and other spam that gets past all filters. 2G cellphone service was commonplace in the 1990s before ... being followed by 3G in the 2000s. 2G was the beginning of digital mobile phone connections and allowed for SMS text messaging, though it wasn't fast enough to support reliable mobile Internet services. While most US carriers have disabled their 2G networks, many handsets still support it. It can be useful as a last resort in places with either limited ... (view more)

Pages

Subscribe to RSS - Security