Google publishes details of Windows bug after Microsoft misses 90-day Project Zero disclosure deadline
Google's Project Zero has proved controversial on several occasions already, with the search giant publicly revealing details of software bugs when companies fail to fix them. Now the project has unearthed a bug in Windows, and as Microsoft failed to patch it within 90 days of being notified, details of the flaw have been made available for everyone to see -- and exploit.
A problem with the Windows Graphics Component GDI library (gdi32.dll) means that a hacker could use EMF metafiles to access memory and wreak all sorts of havoc. While Microsoft has issued Security Bulletin MS16-074, Google's Mateusz Jurczyk says it failed to properly address the problem -- hence the public outing of the bug.
New data released today shows that Americans are increasingly concerned about their online privacy and security, including apprehension about increased government surveillance in the new presidential administration.
The survey by secure access specialist AnchorFree of over 1,000 users of the company's Hotspot Shield personal VPN application reveals 84 percent say they are more concerned about their online privacy and security today than they were a year ago.
According to a new report from the Microsoft Malware Protection Center, the volume of ransomware being encountered is reducing.
Data from Windows Defender Antivirus shows that after peaking in August, when 385,000 encounters were registered, ransomware encounters dropped almost 50 percent in September, and have continued to decline. But this doesn't mean we’re seeing the end of the menace.
Yahoo -- or, rather, its users -- have not been doing very well recently when it comes to security. Having already revealed details of a huge historic attack that led to the theft of details for millions of accounts, Yahoo is now notifying an unknown number of users that their accounts may have been breached by hackers using forged cookies.
At the same time, Bloomberg is suggesting that the impending deal with Verizon has been renegotiated. The latest revelations coupled with the previous security issues could have just cost Yahoo $250 million.
The number of cyber attacks launched against the UK has increased significantly with 188 high-level attacks occurring within just the last three months.
The news of the attacks came from Ciaran Martin, chief executive of the National Cyber Security Centre (NCSC), who told the Sunday Times that a number of the attacks were sophisticated enough to threaten national security.
The UK is getting a national center to combat cyber attacks, and it's the Queen who gets to open it. The National Cyber Security Center (NCSC) will reportedly be opened in central London by the Queen, accompanied by The Duke of Edinburgh and Chancellor Philip Hammond.
The NCSC is part of intelligence agency GCHQ and has already tackled 188 attacks in the last three months. It will look for holes in sites belonging to the public sector, will tackle spoof emails and pull phishing sites down.
A new survey reveals that a large majority of mobile users do not currently pay for malware protection. However, 61 percent say they do want, and are willing to pay for, protection services from their service provider.
The study from security solutions company Allot Communications shows that rather than independently seek out, evaluate and download security apps for each of their mobile devices, consumers would like a one-stop-shop for online protection for themselves and their families. This presents communication service providers (CSPs) with an opportunity to sell an extra service, which many of them are not taking advantage of.
More than half of companies in the UK, US and Germany (53 percent) are not prepared to face a cyber-attack. This is according to a new report by specialist insurer Hiscox, which has polled more than 3,000 companies for the report.
The Hiscox Cyber Readiness Report 2017 looks at four areas -- strategy, resourcing, technology and process -- and ranks companies based on such criteria. Most companies score fairly well for technology, but less than a third (30 percent) reach the "expert" score in their overall cyber-readiness.
Big data analytics specialist Logtrust is using RSA to launch a new solution for delivering real-time, integrated threat analytics.
The program enables companies to build solutions that analyze the historical behavior of systems and attackers in order to detect, understand and eliminate potential threats in real-time -- even those that are coming from multiple sources, across multiple devices.
Veteran security vendor Lavasoft has announced that it is rebranding to adaware.
The flagship adaware antivirus was just updated to version 12, gaining a redesigned interface, enhanced protection and faster scans.
The modern Microsoft places more importance on the cloud than ever before, and this means addressing the security concerns that users might have. As part of this, the company has upgraded and redesigned its Trust Center, home to a wealth of security information.
Designed to provide "support and resources for information professionals, as well as the legal and compliance community," the Trust Center is also of interest to anyone concerned about security in general and those who want to know how Microsoft is complying with laws around the world.
Almost 80 percent of companies are using more than 10 mobile apps for business, according to a new report.
The third edition of the Mobile Security and Risk Review by MobileIron also finds that 18 percent of companies use Apple's Volume Purchase Program (VPP) to streamline their app deployment.
These days, the threats posed to your PC have never been greater. It’s no longer enough to rely on simple basic anti-malware protection and the built-in Windows firewall. If you want to really close the door to hackers, Trojans and other threats, you need to add multiple layers of security to your computer.
That’s the bad news. Here’s the good news: thanks to the Downloadcrew Software Store, there’s never been a better time to beef up your protection, with great deals for the latest software, from Malwarebytes 3 to Emsisoft Anti-Malware 2017.
The technology industry is having to contend with ever more sophisticated cyber security threats. With a growing shortage of security analysts and masses of data to process this throws more emphasis on the use of AI techniques.
This week at RSA Conference, IBM Security will be demonstrating what the "cognitive security operations center" of the future will look like, including new Watson-powered tools for investigating security events, new services for building these SOCs and breakthrough research that allows customers and analysts to interact with Watson through voice and chat.