security

A theory involving donuts has helped crack a proposed government security algorithm. It's nothing to do with distracting security guards, Better Call Saul-style, but rather advanced mathematics. Government agencies and others involved in security ... are constantly looking for new ways to encrypt data, with quantum computing seen as a potentially major threat. Most encryption methods used at the moment rely on length and complexity to deter brute force cracking techniques that simply try every possible decryption key. The idea is that it should take so many tries (on average) to get the right ... (view more)

Android users have been urged to check their phone has the latest security patches. It follows a researcher accidentally uncovering a significant flaw in the screen lock. The researcher discovered the problem on a Google Pixel 6 and replicated it on ... a Pixel 5. The problem appears to affect phones running Android 10 or later that use a SIM card, not just those made by Google. However, some reports suggest it doesn't affect Samsung handsets. The problem is with the personal unblocking key (PUK). That's a way to regain access to a handset that's been locked after forgetting the phone's passcode ... (view more)

A government plans to scan every Internet-connected device in the country for vulnerabilities. The agency concerned insists it won't compromise privacy. The scan is the work of the United Kingdom's National Cyber Security Centre (NCSC). It says its ... looking for zero-day vulnerabilities, meaning security holes that hackers are actively exploiting before a fix is available. The NCSC says it will regularly scan all Internet connected devices based in the UK. It doesn't intend to access any data on devices but instead simply make a connection request. The scanning software will then log any ... (view more)

A new study suggests Microsoft Defender's effectiveness varies dramatically on the setting. It's one of the best for online-based threats, but among the worst performers for offline-based threats. The study is from AV Comparatives, which runs ... regular tests on more than a dozen leading cyber security tools. (Source: av-comparatives.org ) The results for Microsoft Defender are particular noteworthy for two reasons. First, it's the default, built-in tool for modern versions of Windows, meaning hundreds of millions of people use it. Second, it's often argued that Defender does a good enough job ... (view more)

Microsoft has released the first major update to Windows 11. It also says it may issue new features every month, yet another change to its update strategy. One year after Windows 11 first came out, the new update is formally called 22H2, though ... Microsoft has also simply called it the 2022 Update. That reflects an initial theory that updates would be relatively infrequent. Older versions of Windows had new features added as and when they were ready, with a Service Pack bringing everything together every couple of years for users who didn't want to install frequent updates. Windows 10 switched ... (view more)

A former diplomat says the amount of data shared and sold in the US puts the country at security risk. Karen Kornbluh said businesses gathering data on a large scale created a "national security loophole." She also points to a recent warning that ... China was attempting to gather data, both legally and illegally, about US citizens' health. The country is thought to be looking for blackmail material, for example on people in positions of power who have been treated for mental illness or embarrassing physical complaints. (Source: dni.gov ) Kornbluh previously held senior roles at the Federal ... (view more)

Two more applications have been removed from the Google Play Store after turning out to be a front for malware. As always in such cases, users who already have the apps installed need to uninstall them as this won't happen automatically. The apps in ... question are called Mister Phone Cleaner and Kylhavy Mobile Security. They had 50,000 and 10,000 downloads respectively before Google pulled the listings. The scam in these cases has a couple of key differences from the familiar story of scammers disguising malware as legitimate apps and finding a way to bypass Google's security checks. That ... (view more)

Some Google Play Store apps with more than a million downloads have turned out to house malware. It's a reminder that however good Google's security vetting process is, it's not perfectly reliable. Two security companies, ThreatLabZ and Evina, say ... they found a total of 60 apps that are or have been in the Play Store and house one of four "families" of malware. One type appears to be new and has been dubbed Autolycos by researcher Maxime Ingrao. Promoted via Facebook and Instagram ads, the apps use a common technique. They are listed as carrying out a specific feature, which they ... (view more)

A recent Windows 11 update has failed to install for some users. Meanwhile, some of those who did install it have reported annoying bugs. It reawakens an age-old dilemma: some users may conclude it's safer to avoid the update altogether and even ... manually uninstall it, but that means missing out on some security fixes for previous vulnerabilities. To make the decision more difficult, Microsoft hasn't provided much detail about these fixes other than to say the update "addresses security issues for your Windows operating system." For some users, there's no choice to make as they ... (view more)

Microsoft says it still plans to make a key security move with Microsoft Office, despite already having reversed it. It says it has put the changes to macros on hold to "enhance usability." The back-and-forth involves Visual Basic for Applications ... (VBA) macros. In principle, these are shortcuts that automate detailed processes with multiple steps. In some cases, users will share macros as part of their work. While macros can be very useful, they also offer a security risk. That's because a maliciously crafted macro could carry out unwanted tasks without the user knowing exactly what ... (view more)