Articles about Security

Until Apple patches this security flaw your VPN traffic might not be secure

Rainbow Apple logo

The recently open sourced ProtonVPN has issued a warning about a bug in iOS that leaves some VPN traffic unencrypted.

Apple is yet to release a fix for the VPN bypass vulnerability which affects iOS 13.3.1 and later. The flaw means that some connections may exist outside of the secure VPN tunnel for several hours, leaving traffic open to interception and potentially exposing users' real IP addresses.

Continue reading

Operation Poisoned News used local news links to hit iPhone users with spyware

iPhone spyware

Research published by security firms Trend Micro and Kaspersky reveals details of a watering-hole campaign targeting iPhone users.

Dubbed Operation Poisoned News, the campaign used malicious links on local news websites to install the LightSpy malware. Hackers have been exploiting vulnerabilities in iOS to install the spyware which can gather huge amounts of information and can also be used to take remote control of a device.

Continue reading

Gift card scam sends out malicious USB drives

Giftwrapped USB

Malware attacks using USB flash drives dropped in offices or public locations like car parks are not uncommon. But researchers at Trustwave Spiderlabs have been investigating a new attack disguised as a gift card.

The attack came in the form of a letter that appears to be from retail chain Best Buy offering a $50 gift to loyal customers. With the letter comes a USB drive supposedly containing a list of items to spend the money on.

Continue reading

All 4G networks are vulnerable to cyberattack and 5G isn’t immune either

smartphone lock

Vulnerabilites in the 'Diameter' signalling protocol used to authenticate and authorize messages and information distribution in 4G networks leave them vulnerable to attack.

Researchers at Positive Technologies replicated the actions of threat actors and their attempts to infiltrate mobile networks were 100 percent successful. They also discovered that the biggest threat was denial of service attacks.

Continue reading

Cybercriminals exploit opportunity to target remote workforces

socially distanced

New research reveals a concentrated drive to target workers now operating remotely as a result of the COVID-19 outbreak.

Phishing detection specialist RedMarlin used artificial intelligence tools and submissions to its CheckPhish.ai site to detect thousands of attacks by cybercriminals with the intent of penetrating networks and stealing corporate data.

Continue reading

Critical infrastructure attacks more worrying than data breaches for most security pros

refinery industry

According to a new survey of 1,000 IT security professionals around the world, 74 percent are more concerned about a cyber attack on critical infrastructure than an enterprise data breach.

The study by Claroty reveals 62 percent of global respondents believe that industrial networks are properly safeguarded against cyber attacks and 60 percent believe their country’s critical infrastructure is adequately protected.

Continue reading

Enterprises struggle to patch endpoints against critical vulnerabilities

update button

Less than half of organizations can patch vulnerable systems swiftly enough to protect against critical threats and zero-day attacks, and 81 percent have suffered at least one data breach in the last two years.

A new report from cyber hygiene platform Automox cites the pace of digital transformation and modern workforce evolution, difficulty in patching systems belonging to mobile employees and remote offices, inefficient patch testing, lack of visibility into endpoints, and insufficient staffing in SecOps and IT operations as inhibitors to patching.

Continue reading

Threat actors turn to automation tools to boost their campaigns

Robot hacker

Automation is having an impact on almost every industry, but it's not just in the world of legitimate commerce that its presence is being felt. A new report from Recorded Future shows criminal enterprises are turning to automation tools too.

Indeed the criminal underground has created an ecosystem of tools and resources allowing threat actors to both operationalize and monetize their campaigns increasingly quickly.

Continue reading

VPNs are tracking and recording their users

VPN

With more people working from home due to the COVID-19 crisis, it's concerning to find that top VPNs are recording their users and potentially leaking their data according to new research.

Comparison site VPNpro analyzed 114 VPNs and found that, of those, 102 have websites with trackers on them and 26 of those websites have 10 or more trackers. Many of these trackers involve third parties with reputations for not respecting user privacy.

Continue reading

Click-fraud malware found lurking in more than 50 Play Store apps

Google Play icon

Researchers at Check Point have identified an auto-clicker malware family operating inside the Google’s Play Store.

Disguised in over 56 applications and downloaded over 1,000,000 times globally, the malware -- dubbed 'Tekya' -- commits mobile ad fraud by imitating the actions of a user, clicking ads and banners from ad agencies like Google's AdMob, AppLovin', Facebook, and Unity.

Continue reading

Law enforcement agencies struggle to get to grips with digital intelligence

Policeman smartphone

Law enforcement agencies have a growing reliance on digital intelligence with some 90 percent of cases now involving some form of digital device or cloud service.

A new report from digital intelligence solutions specialist Cellebrite collected date from over 2,000 law enforcement agency personnel, in over 110 countries to compile a report benchmarking the sector's day-to-day challenges.

Continue reading

There's a simple fix for the Windows Defender bug in Windows 10

Windows Defender on a laptop

Yesterday we wrote about a bug in Windows Defender, seemingly introduced by a recent update. Only affecting Windows 10, the bug causes some virus scans to fail, and in others a somewhat unhelpful message informs users that there were unspecified "items skipped during scan".

The error message goes on to make reference to scanning exclusions as well as network scanning settings, and it is here that a simple solution has been found.

Continue reading

Microsoft warns that hackers are exploiting two unpatched Windows bugs

Angled Microsoft logo

Microsoft has warned that all versions of Windows feature critical unpatched RCE vulnerabilities. The security problems stem from the Windows Adobe Type Manager Library, and relates to the parsing of fonts.

The company is working on a fix which will be released when the next Patch Tuesday rolls around -- but for Windows 7 users, despite the critical nature of the bugs, it is only those who have paid for an ESU licence that will get the security update. There is a bit of good news, however. While the vulnerability is yet to be patched, there is a workaround available that will do the job for the time being.

Continue reading

hide.me quintuples its data limit for users of its free VPN tier

hide.me VPN

There are a lot of VPN services to choose from these days, and a lot of reasons for wanting to use one. But there is the matter of money to consider. Whether you're strapped for cash, or just want to give a VPN a serious test drive before committing to it, the more generous the free data allowance the better.

hide.me is one of many VPNs that offers a free package, and it has just announced that the data allowance for people on this tier has increased fivefold. The increase to 10GB per month is generous, but the way the free tier works means that you actually get an unlimited amount of VPN traffic for free.

Continue reading

Security warning: Microsoft has broken Windows Defender with an update for Windows 10

Broken windows

Microsoft's run of problematic updates for Windows 10 continues. This time an update is causing an issue that could have serious security implications for users -- it has broken Windows Defender.

While the Windows Defender security tool is included in Windows 7 and 8 the problem only affects Windows 10. Many people are finding that when they perform a virus scan, an error message is displayed that reads: "Items skipped during scan. The Windows Defender Antivirus scan skipped an item due to an exclusion or network scanning settings". For others, scans simply fail after a few moments.

Continue reading

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.