Items tagged with security

For over 13 years, Microsoft has been issuing monthly security updates for Windows on what is known as Patch Tuesday, typically the second Tuesday of every month. This month's update would have fell on Valentine's Day, except that Microsoft did something highly unusual—it delayed the Patch Tuesday rollout following the discovery of a "last minute issue that could impact some customers." Now a week later, Microsoft has issued an emergency patch for a flaw in Adobe Flash Player. The out-of-band release pertains to a critical vulnerability in Adobe Flash Player that could allow an attacker to execute... Read more...
Here we go again. For the second time in a mere three months, Google decided to spill the beans on a Windows bug before the engineers in Redmond could release a patch for it. Microsoft has a Google countdown timer to thank for this latest disclosure; one that shows mercy to absolutely no one, or any company. The latest bug affects a key file in Windows' GDI, or Graphics Device Interface, which is responsible for rendering graphics and fonts in Windows applications. We use "latest" lightly here, as this bug, according to Google, was simply never fixed despite having been previously reported. It... Read more...
Businesses are having to contend with a lot more ransomware attacks than ever before. According to SonicWall's 2017 Annual Threat Report, there has been a meteoric rise in ransomware attacks in recent years, going from nearly 4 million attack attempts in 2015 to 638 million in 2016. That is a staggering 167x year-over-year increase with most of the attacks coming from phishing attempts. The good news for businesses is that security outfits are keeping pace with cybercriminals. SonicWall says it would be inaccurate to say that the threat landscape either diminished or expanded or in 2016, saying... Read more...
Take a look at your printer. Give it a good stare. Do you trust it? Probably not, considering it jammed the last time you had to print an important paper right up against a deadline. However, what if we told you that your printer just has to sit there on your network to be a very serious security problem? HP Inc. recently hosted a tech field day for us, and several other security-focused journalists, at their headquarters in Palo Alto. We will speak to some of the panels we listened in on as we go, but the goal for HP at this event was to raise awareness around security - particularly where printers... Read more...
  Newer versions of Windows, including Windows 10 are vulnerable right now to a new Server Message Block (SMB) zero-day exploit that has been shown as a proof-of-concept. The vulnerability was first demonstrated by @PythonResponder and requires a user to connect to a SMBv3 server for a successful attack. Given the severity of the exploit, the U.S. Computer Emergency Readiness Team (US-CERT) has already published an emergency advisory, officially labeling it VU#867968. US-CERT describes the memory corruption vulnerability in detail, noting: Microsoft Windows fails to properly handle traffic... Read more...
Microsoft has a long and somewhat bumpy road in the antivirus field. Even its latest AV solution, Windows Defender, has not always garnered praise, though that is beginning to change. A recent blog post by a security expert who heaped praise on the default security software in Windows has prompted others to come out and speak in favor of using Windows Defender instead of a third-party solution. "At best, there is negligible evidence that major non-MS AV products give a net improvement in security. More likely, they hurt security significantly; for example, see bugs in AV products listed in Google's... Read more...
When ransomware strikes, its impact could range from mild to severe. Sometimes, ransomware targets regular users, while other times, it targets important mega-corporations (or even police stations). In this latest incident, it affected a hotel, and subsequently ran the risk of affecting all of its guests. Here it is, the downright gorgeous Romantik Seehotel Jägerwirt in Austria. Staying at a place like this is the stuff dreams are made of. It could feel like paradise on Earth; certainly not a place where you'd expect to have to deal with the major hassle of being locked out of your room against... Read more...
For what we're sure are obvious reasons, Google has long blocked certain types of attachments from being sent through its Gmail service. Those include .bat (Windows Batch), .exe (Windows executable), and .msc (Microsoft Management Console). Soon, .js (JavaScript) will be joining the prohibited ranks. This is the kind of feature update that's needed, although it's not one that's going to please those who need to legitimately send JavaScript files, such as developers or IT staff. However, given the kind of damage any sort of scripts can cause, it's hard to disagree with Google's decision here. If... Read more...
President Donald Trump turned in his much-used Android phone for something more secure (likely a modified Blackberry or iPhone handset), but in case it has not been made clear to this point, he has no intention of giving up Twitter. Trump is the first United States president to tap into social media to the extent that he does. Doing so may have helped him win the election, though some feel it also presents a security threat. One hacker in particular has a message for Trump, and that is to lock down his Twitter account with tighter security. The hacker goes by the moniker WauchulaGhost and claims... Read more...
Like a massive army of Storm Troopers willing to follow devious commands, a pair of researchers from the University College London warn that a "large number of Twitter users are bots" that are ready to "contaminate the Twitter API stream." There are more than 350,000 in all, comprising what the researchers have named the Star Wars botnet. It has been dormant and "well hidden" since it was created in 2013. Juan Echeverria, a research student at UC London, and his supervisor and senior lecturer Shi Zhou outlined the threat in a research paper that is awaiting approval in a scientific journal. The... Read more...
Apple has received criticism for not injecting more innovation into its iPhone 7 and iPhone 7 Plus handsets, and the same will probably be true of the inevitable iPhone 7s and iPhone 7s Plus variants. However, Apple will have an opportunity to shake things up when it releases its iPhone 8 and one of the things it might be considering is revising its Touch ID system to combine fingerprint recognition with facial recognition for enhanced security. KGI Securities analyst Ming-Chi Kuo states in a new research report that he expects Apple to go this route, though not only for security purposes. Revising... Read more...
It appears that the first Mac malware discovery of 2017 belongs to "Quimitchin", a strange little find that targets, of all things, scientific research. The "strange" part of the malware comes from the fact that it features system calls that have long been deprecated, or at least haven't been relevant for quite some time. It's also not designed to wreak havoc, but rather act as an effective spy. Quimitchin was discovered by an IT admin who noticed that one particular Mac had more than the usual amount of network activity. Thanks to the help of Malwarebytes, the culprit was found, and its nickname... Read more...
As we've discussed multiple times before here at HotHardware, IoT device makers have largely been unconcerned about security up until this point, which means that way too many devices in use out there in the wild are sitting there unsecured. Samsung's Smartcam is one such device. After Smartcam's launch, hackers discovered a couple of huge vulnerabilities, which Samsung acknowledged immediately. However, instead of actually fixing the issues, Samsung crippled the device, removing the entire Web admin interface that customers would use to configure their camera. Instead, customers were shifted to... Read more...
Microsoft has often said that Windows 10 offers the best security features and malware protection of any Windows OS to date. In case anyone doubts that claim, the Redmond outfit explained how Windows 10 with the Anniversary Update installed was able to thwart a pair of potentially dangerous zero-day exploits months before it had released a patch that dealt with them directly. The Anniversary Update that rolled out in August introduced a bunch of security upgrades to Windows 10, including improvements to Windows Defender. Many of the upgrades are intended to help Windows 10 identify and neutralize... Read more...
1 2 3 4 5 Next ... Last