Items tagged with security

A research firm called Which? has poured through Google data and claims that two out of every five Android users around the world are no longer receiving vital security updates from Google. That means that 40 percent of all Android devices globally are at risk of data theft, ransomware, and other malware attacks that could lead to stolen data or money. Which? has also added warnings to reviews of potentially impacted smartphones on its website, and not all of the devices are "necessarily old," according to the company. Many of the models that are no longer receiving security updates are still available to buy online, leading to the question of do consumers know that there is a security risk.... Read more...
Security researchers are sounding the alarm on a vulnerability present in practically every processor Intel has released in the past five years. According to the researchers, the vulnerability is "impossible to fix" and "jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company's platforms." In other words, it's a bit o a big deal, as far as the researchers are concerned. It's entirely separate from the side-channel exploits that made headlines since the initial Spectre and Meltdown disclosure. Researches at Positive Technologies describe the flaw as an "error in Intel hardware," as well as in the company's Converged Security and Management... Read more...
We fully realize we are preaching to the choir, but never open up unsolicited and/or unexpected email attachments. Remind your friends and remind your family members. Lest anyone need a reminder of why this is a bad idea, security researchers are warning of a group of attackers who have been phishing for victims as part of a TrickBot malware campaign. The hackers are using the remote desktop ActiveX control in Word documents to carry out their malicious deeds. Once initiated on a Windows 10 PC, the ActiveX control automatically executes a malware downloader called Ostap, which was recently adopted by TrickBot for delivering payloads. And it all starts with phishing. Malicious actors send out... Read more...
As with many things in life, when it comes to mobile app security, you win some and you lose some. So it goes for Google and its Play Store. A new 2019 Mobile App Thread Landscape Report put together by RiskIQ pegs the Play Store as being the second most dangerous place to download apps, in terms of the number of malicious apps that were hosted last year. At the same time, the Play Store showed a big decline in malicious apps in 2019. This is somewhat of an important ranking, considering that users downloaded over 200 billion apps in 2019, and spent more than $120 billion in app stores around the world, according the report. Looking ahead, the RiskIQ expects both figures to be even higher for... Read more...
Samsung has announced its new Secure Element solution that offers secure key storage with CC EAL (Common Criteria Evaluation Assurance Level) 5+ certification and dedicated security software for enhanced data protection. The new Secure Element features a security chip and optimized software designed to guard private data on isolated data storage. Samsung says that smart devices continue to offer more applications that enforce strong security requirements and its S3K250AF and associated software is a turnkey solution. Samsung says that it's Secure Element solution enables new mobile applications that will "broaden" user's lives by securely storing confidential and cryptographic data including... Read more...
A new security vulnerability has now been detailed that exposes portions of your device’s Wi-Fi traffic to nefarious individuals. The Kr00k vulnerability was disclosed today by ESET researchers presenting at the RSA Security Conference. The problem lies with Wi-Fi chips that were manufactured by Broadcom and Cypress Semiconductor, and Kr00k would allow anyone with the proper tools within close proximity to your Wi-Fi network to bypass WPA2 encryption. Kr00k takes advantage of a period of a time when a device disconnects from a network either when roaming from access point to access point, or when it is forced off in a suspicious manner. After the targeted device then reconnects to the network,... Read more...
As far as Mozilla is concerned, its Firefox browser is becoming more secure by being the only one to enable encrypted DNS over HTTPS (DoH) by default for users in the United States. The gradual rollout has already begun and will continue over the new few weeks, so long as no major issues rear their ugly heads. "Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives. We do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your... Read more...
A few days ago, some Samsung device owners reported receiving a mysterious "1/1" push notification on their smartphones, from the company's Find my Mobile app. Initially, Samsung explained it as a "message sent unintentionally during internet test[ing]" and said there was "no effect" on user's devices. However, Samsung now admits the notification compromised personal data belonging to a "small number" of users. The notification itself was rather benign, and the result of a "technical error." That should have been the end of it. Unfortunately, some users discovered that when they went into their Samsung accounts to change their passwords (erring on the side of caution), they could see other people's... Read more...
There are many ways for one to monitor their physical surroundings and possessions, but these methods are not always accessible or inconspicuous. Haven: Keep Watch uses an Android device’s sensors to monitor an area and watch out for unwelcome guests; its stable version was released this past December.  Haven was co-developed by Edward Snowden and the Guardian Project with the support of the Freedom of the Press Foundation. It is both an open source project that is available on GitHub and an app that can be downloaded on Google Play. It was originally released in 2017, but has been updated over the past few months. Anyone can download Haven, but it was particularly created with journalists,... Read more...
WhatsApp is popular because its end-to-end encryption gives users warm fuzzies over the privacy and security of their chats. However, the chat messaging application might not be quite as secure or private as you thought (or at least that was the case). That's because Google had been indexing links to group chats, which in turn allowed any Joe or Jane to join and see potentially private information. Apparently this had been going on for several years. As a result, there were hundreds of thousands of indexed chat group links on the web, all of which were a simple Google search away. Your WhatsApp groups may not be as secure as you think they are. The "Invite to Group via Link" feature allows groups... Read more...
Imagine hitting it off with a love (or lust) interest, and then finding out the person who grabbed your attention never existed, at least not in the way you thought. Such a situation recently happened to hundreds of Israeli soldiers who fell prey to a "honey trap" campaign and contracted digital infections on their mobile phones. Hamas cyber militants made a bunch of fake profiles on various social media sites and chat services, including Facebook, Instagram, WhatsApp, and Telegram, and used pictures of teenage girls for the profile photos to lure soldiers into the scam. Through instant messaging exchanges, soldiers were duped into downloading dating apps containing malware. Hamas created fake... Read more...
Nearly every device on the market relies on firmware and many devices include multiple components with their own firmware. Manufacturers and developers have begun to focus on protecting system firmware from potential attackers, but peripheral firmware often receives very little attention. Security researchers at Eclypsium recently uncovered unsigned or unverified firmware in devices by companies such as Lenovo, HP, and Dell and were able to successfully attack a server. Many have been aware for quite some time of the dangers of unsigned firmware, but this recent study emphasizes how frequently manufacturers tend to ignore peripherals. Katie Teitler, Senior Analyst at TAG Cyber, remarked, “Software... Read more...
It's all fun and games until a nasty bit of malware infiltrates your PC and wreaks havoc, right? To quote the late, great Bill Paxton, at that point it's "Game over man! Game over!" Fortunately, common sense computing habits are highly effective. Malware writers can be a clever, however, and security researchers are warning of a particular strain posing as a popular games launcher. The malware in question is called LokiBot. If infected, it can swipe personal data from your PC, including passwords and cryptocurrency information (in case you're still into mining or collecting cryptocurrencies). LokiBot is not new—it's shown up through various means in the past, including a variant that used... Read more...
The contentious relationship between the United States government and Huawei, the second largest smartphone maker in the world behind Apple, is not easing up. Just the opposite, US government officials reportedly claim to have evidence that Huawei is able to spy on users through "backdoors" installed on its mobile devices. In tech parlance, a backdoor is a method of bypassing authentication and encryption schemes. It has been a bit of a hot topic, with the U.S. government urging Apple on numerous occasions to build backdoors into iOS to make it easier for law enforcement to crack iPhone devices that are linked to criminal suspects. Apple has so far resisted, saying that such a backdoor would... Read more...
Prev 1 2 3 4 5 Next ... Last