Security

Apple has released a patch for mobile devices which covers 51 security flaws. It's sparked debate over Apple's security levels and the way it issues such updates. The patch is for iOS, taking it up to version 12.2. Apple doesn't issue standalone ... security updates. Instead, it builds it into the main update for the system, which also includes new features or bug fixes. (Source: apple.com ) The most notable fix is a bug in an API (application program interface), which lets third party software interact with Apple services. In this case, the API bug could allow malware to access an iPhone, iPad ... (view more)

PC and laptop manufacturer ASUS unwittingly installed malware on its customers' laptops, according to a cyber security company. The malware went out to around a million people, yet appears to have been a highly targeted attack. The claims come from ... Kaspersky Lab, with rival firm Symantec confirming it has found similar evidence of the attack. At the time of writing, ASUS has yet to comment publicly on the claims. (Source: kaspersky.com ) According to Kaspersky Lab, the hackers took advantage of ASUS Live Update Utility. That's a tool by which ASUS automatically updates software on laptops, ... (view more)

According to a recent report, Microsoft products made up eight of the ten most exploited software bugs last year according to a security company. That's higher than in recent years, largely because Adobe Flash is becoming a less rewarding target for ... hackers as it loses popularity. As recently as 2015, most of the top ten involved bugs with Flash. Microsoft took the unwanted lead in 2017 with seven entries on the list. (Source: bleepingcomputer.com ) Internet Explorer Tops The List The top spot for 2018 went to a bug in the Windows VBScript engine . That's a tool that handles code designed for ... (view more)

A new report claims most Android "antivirus" apps don't provide enough protection to justify that term. It says two-thirds of the antivirus programs were so ineffective, they were practically useless. The report comes from AV-Comparatives, a website ... that tests antivirus and other security software. It says it was inspired to look at Android apps after spotting one that literally did nothing but show a fake progress bar before saying no malicious apps were present (without actually carrying out a scan). The test involved putting 250 different Android antivirus apps to work on Samsung Galaxy S9 ... (view more)

Google has issued an urgent warning for Chrome users to update their browser if needed. That's because a security flaw is being actively exploited. The flaw in question is referred to as a "zero-day exploit." In an ideal world, software developers ... discover a bug and get some time before hackers find out about it and start taking advantage. In this case, the hackers did so before Google could develop a fix and get it out to users. Google is keeping the full details of the flaw secret for now to avoid giving even more criminals clues on how to exploit it. It says it won't say any more ... (view more)

The demise of the password has come a step closer this week with the adoption of a new standard for physical "keys" for logging in to websites. "WebAuthn," as it's called, makes it easier for sites to let users log in through a physical method - ... rather than relying on users having to remember a password. These methods range from USB devices that act like a physical key to biometric devices such as fingerprint or eye scanners. The big hope is that such devices reduce the need to rely on passwords which can be guessed or stolen in data breaches. Browsers Already On Board Having a ... (view more)

At least eight apps in the official Microsoft Store were secretly designed to use a computer's resources without permission. It undermines Microsoft's efforts to promote the store as a "safe source of software." In the past few years, Microsoft has ... heavily pushed the idea of Windows users getting software from an app store - similar to the way mobile devices work - rather than the more traditional method of getting programs from a third-party sources and installing them directly to the PC or smartphone / tablet. There's even a special 'S' mode for Windows 10 that only allows the ... (view more)

Security researchers say some major password manager tools could be flawed. But they also say it's still sensible to use them, just with a degree of caution. It's a fact that using the same password for multiple sites is a massive security risk. ... That's because if one site gets hacked, it could mean that hackers can use the same password on another website to gain access to potentially sensitive information, resulting in identity theft or financial loss. Password manager tools (such as Roboform and Dashlane ) aim to overcome two big dilemmas with online passwords - which is keeping passwords ... (view more)

Microsoft has warned an update coming next month is absolutely critical for users running Windows 7. Without it, computers won't be able to use any future Windows security and feature updates, leaving users extremely vulnerable to malware infections ... (or worse). It's all to do with a change in the way Microsoft delivers security updates in a secure manner. Whenever Microsoft releases an update, it comes with a digital signature to prove that it came from Microsoft's servers and that the code it contains has not been tampered with. You can think of these security measures much the same way when ... (view more)

Security researchers have warned a notorious piece of malware has returned to Android. It's in disguise, posing as a legitimate and popular VPN application. Researchers at the security firm Bitdefender have dubbed the malware as "Triout," which was ... first spotted last August. It's a particularly nasty piece of malware as it carries out multiple hostile acts. (Source: bitdefender.com ) These include recording phone calls, reading incoming SMS messages, taking pictures and videos, and collecting location data such as GPS coordinates. Triout is designed to operate without being detected ... (view more)