Security

Lenovo computer users have been warned to immediately check that they have installed a security patch to plug a significant risk of malware. Ironically, the risk is related to the way that Lenovo's automated software update system is updated. ... Independent security researchers discovered a flaw in the protection that is meant to ensure that Lenovo computers only automatically download and install genuine updates. The flaw means that a hacker can remotely install malicious software on a Lenovo computer simply by being on the same unsecured wireless network. Within the security community, ... (view more)

Tech giant Cisco has warned that a new strain of malware is designed to render a Windows computer virtually useless if it's discovered by security software - effectively executing a boobytrap payload that eventually destroys all user data on the ... hard drive. Cisco says that Rombertik has "multiple layers of obfuscation and anti-analysis functionality" meaning that it is hard to discover and hard to examine. It's able to hide itself from both static and dynamic analysis, which respectively scan a computer's files and its currently active applications. (Source: cisco.com ) ... (view more)

Four police departments in Maine have paid $300 to cybercriminals after being hit by so-called " ransomware ". Officials say they weighed up their response and decided they had no real choice but to pay up. Ransomware is a form of malicious software ... which restricts access to certain parts of a computer it infects. Victims then see on-screen messages stating that a ransom must be paid to regain access . In most cases, cybersecurity experts warn against paying such ransoms for three reasons. Firstly, it may mean getting added to a "suckers list" that can be sold on to other ... (view more)

AT&T will pay a $25 million fine after regulators held it responsible for thieves taking personal details of 280,000 customers. The breaches were said to have occurred around November 2013 and April 2014, with the FCC beginning its investigation ... around May of 2014. It's the biggest ever such fine in the communications industry. The stolen information included the customers' names, part or all of their social security numbers, and some details about their account. On its own, the data wouldn't be enough for criminals to immediately steal money from customer's bank accounts, but could ... (view more)

A security research firm says more than a thousand people accessed a dummy database of personal details that it released as an experiment, though that number is much likely higher. It says the would-be criminals acted far faster than most security ... breaches take to fix. The experiment was the work of BitGlass, a company that offers security services for cloud computing firms. The firm wanted to test how quickly a 'leaked' set of personal data would spread around the world; to do so, BitGlass made an Excel file that contained 1,568 sets of names, phone numbers, addresses, credit card ... (view more)

Yahoo has introduced an option to log in without needing to remember a password. It requires a cellphone and may trade security for convenience. Under the new system, which is optional, users can choose not to use a standard passwords for future ... log-ins. Once activated, the system will mean a button appears on Yahoo's site when the user is ready to log in to the account. When the user clicks this button, Yahoo sends a one-time only, four character password to the user's cellphone. Once the user logs in, the password field becomes inactive. The process is then repeated the next time ... (view more)

Microsoft has joined Apple and Google in releasing browser security updates to patch a bug dubbed FREAK. The bug could make it easier for hackers to decrypt data that intercept from website users. The vulnerability of FREAK doesn't allow hackers to ... see data in plain sight. Instead, it allows them to remotely change what's meant to be a secure website connection into an unsecure one, meaning that previously encrypted data would then travel without any encryption. To be of any use, a hacker would need to combine the FREAK exploit with another vulnerability that let them intercept data, ... (view more)

Google has added a new measure to protect users from visiting risky websites. It's now going to warn users about bogus downloads, even before they go to the website concerned. The changes will affect Google Search, users of the Chrome browser, and ... advertisements provided by Google to third-party websites. Safe Browsing Warnings Extended to Chrome Google's Chrome browser will now contain special warning messages built into the web browser. The warnings are part of Google's Safe Browsing Service , which is also available as a third party API (application program interface). Parts of the ... (view more)

PC manufacturer Lenovo may have to defend a class action lawsuit after it reportedly sold notebook computers that contained unwanted adware. The lawsuit follows the revelation that the adware had the potential to spy on users. The case involves a ... piece of software called Superfish. It was designed to look at images users were viewing online, identify items, find websites selling the item at a cheap price, and display an offer in a pop-up window. The software came pre-installed on some Lenovo notebook PCs and integrated with multiple browsers. Superfish came under several different categories ... (view more)

Windows 10 will support a key standard for security measures designed as an alternative to the traditional password. It could make it easier to use methods such as fingerprint recognition or a "key-like" USB stick. Microsoft has confirmed the ... operating system will support the Fast Identity Online (Fido) standards. That's an industry-wide specification supported by tech firms such as BlackBerry and Google and financial firms such as PayPal, Discover and Visa. (Source: windows.com ) Fido isn't specific to any one device, but rather is a specification about the way computers ... (view more)