Sofia Elizabella Wyciślik-Wilson

Microsoft has started rolling out build 18343 of Windows 10 19H1 to Windows Insiders on the Fast Ring.

This latest build is mainly comprised of bug fixes, and there are also improvements to the Windows Sandbox feature. As we are now so close to the final release of Windows 10 19H1, Microsoft has locked down the apps -- and you may even notice that some features have gone missing.

Continue reading →

Sites based on the CMS Drupal are at risk from a remote code execution flaw which has been classed as "highly critical". Site owners are being urged to install updates to ensure they are protected.

The security flaw -- CVE-2019-6340 or SA-CORE-2019-003 -- affects Drupal 8.5.x and 8.6.x but there are certain conditions that must be met in order for a site to be vulnerable.

Continue reading →

Following the scandal surrounding the collection of user data, Facebook has removed its Onavo VPN app from the Google Play Store -- a full six months after the iOS version of the Facebook Research app was kicked out of the App Store by Apple.

Facebook will also be ending its controversial paid data collection program which saw the company paying people for access to information about their device and internet usage. The app will continue to function as a VPN -- minus the questionable privacy invasion -- for a little while to give users the chance to seek out an alternative, but it will ultimately close down completely.

Continue reading →

If you're a user of WinRAR -- a staple tool for decompressing files whose popularity stems from not only its support for RAR files, but also its never-ending trial period -- it's time to ensure you have the latest security patch installed.

Security experts from Check Point Research have revealed details of a serious bug that has been present in the software for at least 14 years. The archiving tool was found to have a vulnerability in one of its .dll files, which could be exploited by simply opening a compressed file, and allows an attacker to "gain full control over a victim's computer".

Continue reading →

Faced with continued criticism about privacy, Facebook is rolling out an update to Android users that gives a greater degree of control over the sharing of location data with the social network.

Specifically, the update makes it possible to stop Facebook from using tracking your location in the background when you are not using the app. The change brings parity to the iOS and Android Facebook apps.

Continue reading →

Now in its fifth year, the GitHub Security Bug Bounty has been updated to offer larger rewards to those who find bugs. At the same time, the scope of the program is being expanded and protections for researchers have been added through new Legal Safe Harbor terms.

As well as expanding the program to cover any of its "first-party services", GitHub has effectively removed any upper limit on the size of reward pay-outs for critical bugs.

Continue reading →

Microsoft has revealed that it detected various attacks by Russian hackers targeting democratic groups in Europe. The company says that numerous attacks carried out between September and December 2018 can be linked to a group known as Strontium.

Also known as Fancy Bear, the group is a cyber espionage outfit with ties to Russian intelligence agencies. At the same time as revealing some details of the attacks, Microsoft also announced the expansion of its AccountGuard security program to more European countries ahead of European Parliament elections.

Continue reading →

The first release for 2019 of the Debian-based Linux distro Kali Linux is now available for download. Kali Linux 2019.1 sees the kernel moving up to version 4.19.13, and it also includes Metasploit 5.0.

Offensive Security's penetration testing distro is much-loved by the infosec community, and this latest release includes ARM improvements, a range of bug fixes and package updates.

Continue reading →

Seeking to give a home to those who have helped to build the web, Google has launched a new top-level domain.

The new .dev TLD comes after the company launched .app and .page, all are protected by HTTPS. Google has already used the TLD for a few of its own projects, such as web.dev and opensource.dev, but now it is being opened up to a wider audience.

Continue reading →

Following criticism of how its strike system was implemented, YouTube has announced an update to its Community Guidelines that helps to make things clearer.

In the past it was often the case that strikes were handed inconsistently, and it was not always clear what misdemeanour had occurred. The updated system comes into force in the next few days, and it is slightly more lenient on first-time offenders.

Continue reading →

Microsoft has announced that from the middle of July, Windows 7 and Windows Server 2008 users who want to continue to receive updates will need SHA-2 code signing support.

The change is being introduced because "the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing".

Continue reading →

The Timeline feature of Windows 10 makes it easier to work on multiple computers by synchronizing activity so you can move between machines and pick up from where you left off -- although it can also prove useful on a single computer. Having made this available in its Edge browser, Microsoft has now released an extension that brings it to Google Chrome.

This move is understandable as Chrome has a much larger userbase than Edge, and Microsoft admits that it is a much-requested feature.

Continue reading →

The founder of Huawei, Ren Zhengfei, has hit back against Trump's ban on the use of his company's hardware because of concerns about Chinese espionage, saying "there's no way the US can crush us". The US has been trying to encourage other countries to follow its lead in shunning Huawei, but the UK has said it will not stop the company -- which is due to launch its P30 range of smartphones next month -- from getting involved in the rollout of 5G networks.

Ren also lashed out at the US, saying that the arrest of his daughter and Huawei CFO, Meng Wanzhou, was politically motivated.

Continue reading →

Australia's three main political parties -- Liberals, Labor and Nationals -- as well as the country's parliament have all been hit by a security breach which Prime Minister Scott Morrison says was carried out by a "sophisticated state actor".

Although the country is due to hold elections in the coming months, Morrison says there is "no evidence of any electoral interference". While it is not currently known who is responsible for the attack, various potential culprits have been suggested, including China, the US, Israel and Russia.

Continue reading →

A detailed report about fake news by a parliamentary committee in the UK has accused Facebook of being a "digital gangster" that has deliberately broken privacy and competition laws. The report by the Digital, Culture, Media and Sport select committee calls for the social network to be subject to statutory regulation.

The report comes after an 18-month investigation, and it is damning of Facebook and its executives in general, and Mark Zuckerberg in particular. Criticism is levelled at the lack of action taken against fake news and misinformation on the social network, and there is concern that current election laws were not enough to prevent sites such as Facebook being used by hostile foreign agents to interfere with the democratic process.

Continue reading →