Security

Microsoft is working with PC makers to tackle malware that strikes before Windows is loaded into memory. It's adapting a technology currently used for the Xbox games console. The "Secured-core" initiative is designed to overcome a big limitation ... with most Windows security tools: they only work once Windows is already running. That doesn't tackle malware that targets the computer's firmware. This is software, usually called BIOS or UEFI, than runs immediately when a PC is switched on. Its main role is to check all the hardware is in place and connected, then load up the operating system such ... (view more)

Samsung has issued a security fix after revelations of a major flaw in its fingerprint sensor. It affects users who have added a silicone screen protector. The fix came after a British woman contacted a newspaper to report that not only could she ... unlock her phone with the "wrong" fingerprint, but her husband could also unlock it with his finger. That's a major problem as she was using a Galaxy S10, a high-end Samsung phone that lets users set up fingerprint recognition not only to unlock the phone, but also to login to apps and even authorize mobile payments. (Source: bbc.co.uk ) Scan ... (view more)

Microsoft is adding an extra layer of security to Windows 10: it's blocking malware from tampering with Windows Defender. That's a security tool that's available commercially to businesses but is also built in to Windows 10 without extra cost. ... Tamper Protection tackles a rather cheeky tactic used by some malware creators, namely having the malware access Windows Defender and switch off key features. The idea is to reduce the likelihood of malware being detected in action. The feature has been in testing since April, 2019 and is now ready for a public rollout. Naturally Microsoft is keeping ... (view more)

Malware creators are using new tactics to avoid their malicious Android apps being exposed. The scam involves hiding and even disguising apps as legitimate ones once they've been installed. Fake Apps Receive Fake Praise It's a twist on a ... well-established scam in which malware is distributed through apps that appear to perform a basic function such as reading QR codes, or turning the camera flash into a flashlight. Thanks to a host of bogus rave-reviews in the Google Play store, the only way to spot something is amiss is that the apps will ask for specific access permissions that are clearly ... (view more)

A new piece of malware can intercept Internet traffic to spot people downloading legitimate installation files and replace them with "infected" copies. Security company Kaspersky went as far as calling it "impressive" from a technical, if not moral ... standpoint. Kaspersky has dubbed the malware "Reductor," after a term that appears in some of the code. It discovered the malware in April, 2019, so the fact it's only just going public suggests it took some serious analysis. (Source: securelist.com ) The malware's operation is exceedingly complicated, but one a machine is infected with ... (view more)

Researchers say they discovered eight security flaws in the way Android handles voice calls through the Internet. Unlike most such bugs which involve specific apps, these problems were with Android itself. The good news is that the researchers ... reported all of the bugs to Google while carrying out the project and most have now been fixed. However, it does raise concerns about the development and design of the system itself. (Source: github.io ) The researchers looked at the three latest Android versions (7, 8 and 9), specifically addressing the components that allow Voice Over Internet ... (view more)

The word "hacked" is worth 16 points in Scrabble. It's also what appears to have happened to a database of 218 million users of the popular online game "Words With Friends." A few weeks ago game creators Zynga said it "recently discovered that ... certain player account information may have been illegally accessed by outside hackers." It didn't give any detail on numbers, but went on to say that account login information may have been accessed. (Source: zynga.com ) Now a hacker has come forth and is attempting to sell the details of 620 million Zynga game accounts, of which 218 million ... (view more)

Microsoft has issued an emergency patch for Internet Explorer. In the most extreme circumstances, a user simply visiting a website could give a hacker complete remote control of a computer. Between Chrome's dominance and Edge becoming the default on ... new Windows machines, Internet Explorer is far from popular and is now used on around 8 percent of desktop computers. However, that still means around a hundred million machines could be affected by this bug. (Source: bbc.co.uk ) It's a sign of how serious the problem is that Microsoft has issued an emergency patch, or as it calls it, an out-of- ... (view more)

Password manager LastPass has suffered an embarrassing security glitch that reveals a user's last used password, though some security experts argue that pulling off the exploit would have been difficult at best. The purpose of LastPass is to solve ... the problem of people having too many passwords to remember, but not wanting to reuse passwords across multiple sites. Once somebody signs up to LastPass, they create a single master password which is completely secret. Even LastPass itself doesn't store this password, so if a user forgets it, they are out of luck. The master password then stores ... (view more)

Nearly half a million users have been infected with "The Joker" malware through the Google Play store. The malware is particularly nasty and works by signing users up to premium services without their knowledge. The malware, spotted by researcher ... Aleksejs Kuprins, was found in 24 apps with a combined 472,000 downloads - though more apps may be found later. As of this writing, the 24 known apps have been removed from the Google Play store. (Source: techradar.com ) Infected Apps Need to be Removed If you have any of the following apps installed on your phone, they should be removed ... (view more)