security

Ransomware forced an unplanned shutdown of a US gas pipeline for two days. It's not yet clear if the attackers intended to have that effect. The full details, including the identity of the pipeline and its operators, have been kept under wraps. The ... only official information that's been made public comes from a security alert bulletin by the Department of Homeland Security (DoHS). (Source: us-cert.gov ) The attack started as an all-too-familiar "spear phishing" attack. That's a deliberately targeted email that tries to fool somebody (that typically works for a corporation) into clicking on a ... (view more)

Google says phone and tablet makers who alter Android's code to add security measures may actually be undermining security. It says device manufacturers should stick to Android's own measures. Jann Horn of Google's Project Zero security team ... specifically pointed to an alteration made by Samsung for the Galaxy A50 phone, which he says contained a bug that made the device vulnerable to attack. He says he discovered and reported the bug to Samsung in September 2018 but it wasn't patched until Samsung's security updates released this month. (Source: blogspot.com ) Ironically Horn believes the ... (view more)

Google has removed more than 500 rogue Chrome extensions that were scamming both computer users and advertisers. Some rogue extensions have been operating for more than a year. The rogue extensions were spotted by security researcher Jamila Kaya and ... Jacob Rickerd of Cisco. They used a Cisco security tool called CRXcavator that's specially designed to assess Chrome extensions. (Source: duo.com ) The pair worked on a project to try to spot common patterns of bogus extensions. They started by assessing "a few dozen" extensions they knew to be rogue and were able to use patterns to expose 70 ... (view more)

Researchers have warned of a sneaky trick that uses malware to collect passwords for online banking. The "Metamorfo" malware disables autocomplete to force users to retype passwords that can then be hijacked. Metamorfo is familiar to security ... researchers, but has developed two new characteristics. The first is that it no longer targets only financial institutions in Brazil, but has expanded to other countries. The seconds is a new tactic to make it more effective. The malware works in a familiar fashion. It's distributed through a .ZIP file that's disguised as an invoice attached to ... (view more)

A computer security company claims malware attacks are on the decrease. The difference appears to be that criminals are more closely targeting attacks, which could be good news for the average user. The figures come from Sonicwall, which offers ... firewalls and other cyber security solutions. The data is based on the attacks and attempted attacks it detected among customers covering 1.1 million sites in 215 countries. (Source: sonicwall.com ) Although the actual numbers it gives aren't necessarily meaningful, the year-on-year comparisons between its new report covering 2019 and the one it did ... (view more)

A security company has spotted 17 rogue Android apps that users should immediately delete. All 17 apps were approved by the Google Play store, where they managed to get past Google's security checks. Bitdefender, which published the list of apps, ... says the apps aren't malware as such. However, they use tactics associated with malware creators and could seriously inconvenience users. Bitdefender dubs this as 'riskware'. The List Of Shame The apps to immediately delete are: 4K Wallpaper (Background 4K Full HD) Backgrounds 4K HD Barcode Scanner Car Racing 2019 Clock LED Explorer File ... (view more)

Microsoft has issued one extra fix for Windows 7 after it passed the deadline for security updates to the system. In an all-too-familiar move, the extra update fixed a problem caused by the final scheduled update. January 14, 2020 officially marked ... the end of Windows 7's Extended Support period . During the Extended Support period, Microsoft no longer added new features or offered free support, but did issue security patches, fixed major bugs and offered chargeable support for consumers. That's now over and the official position is that there will be no further updates of any kind for Windows ... (view more)

Ransomware attackers could turn a key Windows security tool against the system, according to new research. The tactic could also evade leading security tools. The research from SafeBreach Labs covered "EFS", otherwise known as Encrypting File ... System. EFS was released as far back as Windows 2000 (in the year 2000), and is somewhat similar to Bitlocker. The main difference between the two is that Bitlocker can encrypt an entire volume, while EFS can encrypt individual files and folders. In either case, the reason for encrypting files / folders or an entire volume is that if an ... (view more)

The National Security Agency (NSA) has told Microsoft about a major Windows 10 bug which also affects Windows Server 2016 and 2019. A patch is already available and is a must install. For the NSA to tell Microsoft about a Windows vulnerability and ... then discuss it publicly is relatively rare. In the past, the NSA has used such security flaws to take advantage of potential suspects, as part of its surveillance program. In this case, the bug was so serious the NSA seems to have concluded any benefits it could gain itself would be more than wiped out by the threat to the general public (and US ... (view more)

Microsoft will officially ditch support for Windows 7 in just a couple of weeks, a decade after the system debuted. It means Microsoft may face a difficult choice over security issues. January 14 will mark the end of Extended Support for Windows 7 - ... the second period of a Windows edition's lifespan. Mainstream support, which is the period when Windows 7 received new features and Microsoft deals with tech queries free of charge, already ended in 2015. (Source: bt.com ) Extended Support is where Microsoft charges for help and where the only updates are to fix security problems and major ... (view more)