Items tagged with security

Malware on Windows devices has become a real problem in the last few years, specifically with a recent uptick in ransomware. It appears that Microsoft has been trying to combat this issue, though, with updates to Microsoft Defender, so it has more teeth than ever before. However, what if Microsoft is part of the problem too? On Friday, cybersecurity researcher TheAnalyst explained on Twitter how BazarLoader malware leads to ransomware that can severely affect healthcare, among other industries. He then called out Microsoft, asking if the company has “any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this,” alongside an image of what appears to... Read more...
Everyone who uses an Android phone has probably had some security-conscious acquaintance ask, "don't you know how much data your phone is harvesting?" Most of us shrug it off as one of the unavoidable circumstances of modern life: you want a smartphone, you deal with data harvesting. Still, some folks aren't so willing to make that sacrifice. A new collaborative study from the University of Edinburgh in Scotland and Trinity College Dublin in Ireland tested Android-based phones from Samsung, Xiaomi, Huawei, and Realme as well as handsets running LineageOS and the open-source, privacy-focused /e/OS. The study found that "even when minimally configured and the handset is idle, the vendor-customized... Read more...
Attempting to upgrade a PC to Windows 11 when the system doesn't meet the minimum system requirements for any reasons elicits an ominous warning message foreboding potential doom and destruction. That's only a slight exaggeration. Part of the warning message states unsupported PCs are not entitled to receive updates. However, at least in the early going, users report seeing updates pushed out to their unsupported PCs anyway. There is a fair amount of confusion surrounding the release of Windows 11. A big reason why is that the system requirements call for PCs to support and enable Secure Boot and Trusted Platform Module (TPM) 2.0. The latter is a feature baked into most modern CPUs, but typically... Read more...
For at least the second time in 2021, hackers have breached Acer's servers, this time plundering more than 60 gigabytes of data. Acer has confirmed that names, addresses, and phone numbers belonging to several million clients have been compromised in the breach, as well as sensitive corporate financial and audit details. If nothing else, this is certainly bad optics for Acer, which earlier this year was on the receiving end of a massive $50 million ransomware campaign. As proof of the data theft, the ransomware gang posted a bunch of stolen files on the REvil website, including financial spreadsheets, bank balances, and bank communications. It was never made clear if this was partially the result... Read more...
Hey, guess what? Apple has finally decided to allow sideloading on iOS devices! Just kidding—anyone fooled has not been paying attention to the almighty institution that is Apple, the guardian of consumers and overseer of mobile security. Or something like that. It is, however, being pressured to follow in Google's footsteps and allow sideloading, which prompted the company to issue a report on the many reasons why it feels that is a recipe for disaster. The biggest one? Citing a pair of Nokia threat intelligence reports from 2020 and 2019, Apple says Android devices over the past four years fell prey to 15-47 times more malware than iPhone handsets. The insinuation is that following in... Read more...
A couple weeks ago, we wrote about a potentially frustrating iOS 15 messaging bug that could permanently delete precious photos saved to your iPhone, in certain circumstances. This was even present on the iOS 15.1 beta 2 build, which made us nervous that a fix might still be a bit off in the distance. Fortunately, that didn't end up being the case. Apple said it has addressed the issue in its latest iOS 15.0.1 update. If you own an iPhone device, you can download the update right now—just head to Settings > General > Software Update and it should appear. We checked on an iPhone XS Max and, on that device, it showed up as a 500.1MB download. So depending on how fast or slow your internet... Read more...
You might have read a story earlier in the week about a US Navy destroyer's internet connection being "hacked" and taken over to stream Age of Empires to Facebook. A tale like that is comical until you consider the national security implications of such a thing. Fortunately, this particular story remains comical in the face of the US Navy's latest admission. The USS Kidd (DDG 100) is an Arleigh Burke-class destroyer, and for whatever reason, it has a Facebook page full of pictures of the ship and its crew. Starting on the evening of October 3rd, said Facebook page was also hosting a livestream of the classic PC game Age of Empires. The stream was titled "Hahahahaha," which certainly resembles... Read more...
Passwords have become part of our everyday life. It seems everything requires one and we are often left scratching our head trying to remember if it was “password123” or “123password”. Having a strong password, however, is the first line of defense for our digital lives. Google is sharing how it is making your sign-ins safer during Cybersecurity Awareness Month. Google checks 1 billion passwords daily to protect accounts from being hacked. Chrome, Android and the Google App have Google’s Password Manager built directly into them with the latest technology to keep your passwords safe. Password Manager also helps to keep us from having to scratch our heads as it makes... Read more...
Most people probably don't know this, but the big service providers like T-Mobile, AT&T, and Verizon contract out to third-party services to help with transmitting SMS text messages, both between carriers and abroad. One of the largest of those companies is called Syniverse, and it handles text messages sent using the above-mentioned services, as well as international companies like Vodafone, China Mobile, Telefonica, and America Movil. A week ago, Syniverse filed a statement with the US Securities & Exchange Commission (SEC) that reveals that "an unknown individual or organization gained unauthorized access to databases within its network on several occasions, and that login information... Read more...
Hide your chickens, Facebook is pouring egg on its face like nobody's business this week, and may not be finished. It started when 60 Minutes aired an interview with a former Facebook product manager who secretly copied tens of thousands of seemingly damning documents, alleging the social media giant has a culture of putting profits over user safety (let's all feign surprise). Then the next morning, Facebook went dark, along with several of its entities, including WhatsApp, Messenger, and Instagram, among others. Was Facebook hacked? Did someone trip over a power cord? Could it be aliens? While Facebook users were scrambling to figure out an alternative place to upload pictures of their meals,... Read more...
When Microsoft first announced Windows 11 back in late June, many of its design changes and features were welcomed by enthusiasts. However, a lot of controversy brewed over the system requirements for the operating system, particularly with the mandatory support for Ryzen 2000/8th generation Core processors and TPM 2.0. With the launch of Window 11 taking place today, Microsoft is providing some background on why it has taken such a hardline stance on TPM 2.0 and Virtualization-Based Security (VBS), the latter of which we recently discussed regarding its negative effect on PC gaming performance. David Weston, Microsoft director of OS and enterprise security, spoke with CRN about the company's... Read more...
In mid-September, Google patched some actively exploited zero-day vulnerabilities discovered in Google Chrome. Now, the web search giant has done it again with several new security fixes in the 11th hour of September, and you should patch right now. Published on Thursday, the stable channel update for Google Chrome, denoted by version number 94.0.4606.71, has quite a few fixes or changes. However, the four security fixes are front and center, the first of which being CVE-2021-37974 reported by Weipeng Jiang from the Codesafe Team of Legendsec at Qi'anxin Group. This vulnerability is a "use after free" issue, meaning problems stem from using dynamic memory allocation and deallocation that does... Read more...
Are you a PC gamer frustrated with the lack of graphics cards? Maybe you're looking forward to buying a brand-new pre-built PC with Windows 11 soon (it launches this Tuesday, after all). Well, this news may give you pause. The new operating system brings an apparently intense focus on system security, and as is common for technologies that center on security, it could have an adverse effect on performance. For pre-built systems, Windows 11 will ship with Virtualization-Based Security (VBS) enabled by default, and according to a new report from PC Gamer, that security feature can absolutely tank gaming performance. The publication was first alerted to the issue by the organization formerly known... Read more...
Practically everyone owns a mobile device these days, and the majority of them run on Android, the most popular smartphone OS in the world. Don't think that malicious hackers aren't paying attention. Just the opposite, a security firm says it recently discovered an "aggressive mobile premium services campaign" that has infected upwards of 10 million Android devices around the world. This is an active Trojan attack that has been dubbed GriftHorse, and the campaign is believed to have been running since November 2020. The culprit(s) infected over 200 Android apps with the malicious code, which sprawls over 70 countries. And they weren't just distributed through third-party app stores, they also... Read more...
If you're a regular HotHardware reader, you probably make contactless payments now and again. You might even do it using Apple Pay, and if you live in a big city with mass transit, there's a decent likelihood that you have Express Transit enabled. If you use a Visa card for it, you may want to reconsider that based on the latest iPhone exploit. Express Transit is a feature of Apple Pay where users can set up a specific card to which transit payments can be charged without unlocking the phone. There are a number of requirements before this can happen, but the foremost one is that it can only be used for contactless payments at transit terminals, like the London Underground. The BBC reports that... Read more...
Attention fellow iPhone users, if you have any precious photos nestled inside text messaging threads, be careful not to delete those threads, even if you have saved those photos to your camera roll. Otherwise, you risk losing those pictures forever. The culprit is a weird bug in iOS 15 and/or iCloud, and as of the latest incremental beta update, it appears to still be present. Normally, if you save a photo from an text messaging conversation to your camera roll, it won't go anywhere until when and if you decided to manually delete it. And that is how it should be, as that is the whole point of saving a photo (well, that and the convenience of not having to hunt around message threads for a particular... Read more...
A security researcher has discovered an Apple AirTags vulnerability that can effectively turn an affordable tracker into a cheap phishing lure. This is made possible through the tracker's "Lost Mode," where the intention is that if a user loses their AirTag, they can mark it as missing. Supposing an honest individual comes across the lost tracker, a custom link will send them to a website with the owner's phone number and whatever message they might want to leave. Good intentions can lead to bad deeds, however, and this same feature can be used against people who are trying to do the right thing. In what seems like a glaring oversight on Apple's part, it is entirely possible for an unscrupulous... Read more...
Like many big tech companies including Microsoft and Google, Apple has a bug bounty program that pays big bucks for newly-discovered security vulnerabilities. The fees for confirmed reports of issues range from $25,000 for "limited" unauthorized control of an iCloud account, to a cool million bucks for a zero-click remote chain with full kernel access without requiring user interaction. Of course companies build good will by following through on their promises of payment in these programs. When a researcher feels ignored, however, that can break trust in the program and leave vulnerabilities unpatched and exposed.  In a recent Washington Post article, several security researchers shared... Read more...
Back in June of this year, Hyundai Motor Group acquired a controlling interest in Boston Dynamics, the robotics experts who have put out several entertaining videos highlighting some remarkable robot capabilities (laugh now, cry later when the robot overlords flip the script). One of their more popular creations is Spot, the goodest-of-boys in the robot realm. What is Spot up to these days? Patrolling a Kia plant in South Korea. Hyundai has kicked off a pilot program called "Factory Safety Service Robot," which is based on Spot, the quadruped robot that has seen plenty of action (even in French military exercises). It's basically Spot with a new role and some new tricks, and a special task—patrol... Read more...
Heads up for anyone running an AMD build, there is a new chipset driver update available, and you're going to want to install it. The update patches a vulnerability that could allow a user with low privileges to access uninitialized physical memory pages that potential contain sensitive information, including passwords. The vulnerability is tracked as CVE-2021-26333. In a security advisory, AMD explained that the flaw resides in the Platform Security Processor (PSP) chipset driver, and recommends either updating through Windows Update (which bumps the PSP driver to 5.17.0.0) or applying a newer chipset driver (version 3.08.17.735 or later). Security researcher Kyriakos Economou discovered the... Read more...
For some, Microsoft's insistence that PCs be equipped with Trusted Platform Module (TPM) 2.0 support is irritating, especially since the company has done a poor job explaining why it is suddenly such a big deal. Installing a virtual machine (VM) won't necessarily escape the requirement, either. As users in the Windows Insider program have discovered, the latest preview build in the beta channel—version 22000.194—enforces the TPM 2.0 requirement. Applying the latest cumulative update in Windows 11 bumps the OS up to the latest preview build. Up to this point, VMs have been able to test Insider builds without issue related to the TPM 2.0 requirement. But hey, today is a new day, and... Read more...
Tired of juggling and trying to remember multiple passwords for different sites and services? Microsoft feels your pain, and more than that, it believes the time has come to leave traditional password input in the past. This is something Microsoft has talked at length about numerous times before, and putting action to words, it announced today that "anyone with a consumer Microsoft account can go completely passwordless!" No, Microsoft is not leaving users exposed to hackers and online miscreants by leaving accounts wide open. Instead, it is nudging account holders to what it says are "more secure and convenient authentication methods," which include Windows Hello, using the Microsoft Authenticator... Read more...
1 2 3 4 5 Next ... Last