Articles about Security

Enter the wrong passcode into an iPhone and you'll not only be denied access to it, but also run the risk of wiping its contents if you enter an incorrect code too many times. This is a problem faced by law enforcement agencies when they encounter iPhones in the cases they're working on -- as well as people trying to hack into phones for nefarious purposes -- so it's little wonder that hackers are constantly trying to find a way to earn unlimited guesses at passcodes.

One hacker thought he had cracked it. Security researcher Matthew Hickey proudly boasted at having discovered a delightfully simple method for brute-forcing entry into an iPhone -- he even posted a video of his hack in action. But there's no need to panic. Apple explains that "incorrect testing" renders Hickey's method worthless.

Continue reading →

Google has unveiled a new look for users' accounts, making information clearer, improving transparency and adding new options.

To make it easy to find information, Google has added a search function and there's also a cleaner look to aid navigation. Building on the previous update to Security Checkup, your Google account now also highlights settings you can change to improve your security.

Continue reading →

Researchers at RiskIQ have uncovered a scam app that seeks to steal information and launches advert clicking to make money for the scammers.

The app is advertised as a battery saver. The twist here is that though it will actually do what it says and cut battery use, it does a lot of nasty stuff too.

Continue reading →

Office 365's dominant share of the online business tools market has made it a popular target for cybercriminals launching phishing and malware attacks.

To offer users extra protection, email security specialist Vade Secure is launching a new solution that's fully integrated into Office 365 and offers filtering powered by artificial intelligence.

Continue reading →

Global financial services organizations are targeted by sophisticated cyber attackers in an attempt to steal critical data, according to a new report.

The study from threat hunting company Vectra says attackers build 'hidden tunnels' masquerading as other web traffic to break into networks and access critical data and personal information. These tunnels are used to remotely control an attack and steal data while remaining largely undetected.

Continue reading →

A new survey of IT professionals finds that automating endpoint detection and response processes is a top priority.

The study from cyber security training company, the SANS Institute, shows 42 percent of the IT professionals surveyed say their endpoints had been breached, and 82 percent of that group say their breaches involved desktops, while 69 percent cited corporate laptops and 42 percent claimed involvement of employee-owned laptops (42 percent).

Continue reading →

Website attacks increased 14 percent in the first quarter of 2018 compared to the final quarter of 2017 as cybercriminals set their sights on independent websites and small businesses.

Figures from website security specialist SiteLock show that one percent of sampled sites are infected at any one time. This may not sound much, but it means 18.7 million sites are infected.

Continue reading →

As the FIFA World Cup tournament enters its second week, cybercriminals are using a phishing campaign to trick fans into opening an infected attachment.

Emails identified by Check Point attempt to lure would-be victims into downloading a schedule of fixtures and a result tracker, but doing so will prove to be an own goal.

Continue reading →

Cryptocurrency mining malware has become a serious problem recently, and it seems the latest people to fall victim to the threat are users of the Android emulator Andy OS -- also referred to as AndY and Andyroid.

The emulator makes it possible to run Android software within Windows or macOS, but it appears that the installation harbors a dark secret -- a GPU miner trojan that secretly mines for Bitcoin. Over on Reddit there are large numbers of upset users trying to find out what's going on.

Continue reading →

A new survey of 2,000 UK adults reveals that almost three quarters worry that their details will be stolen every time they hand over bank details and email addresses to companies.

What’s more around one in five have already had their data stolen according to the study commissioned by BullGuard, and almost a third of these had been out of pocket as a result.

Continue reading →

Computer scientists from the University of California, the College of William and Mary, and Binghamton University have published a paper detailing a new "design principle" that avoids speculative execution vulnerabilities.

Researchers says that the SafeSpec model supports "speculation in a way that is immune to the sidechannel leakage necessary for attacks such as Meltdown and Spectre". Importantly, the design also avoids the problems associated with other Meltdown/Spectre fixes.

Continue reading →

Kaspersky Lab has published a report in which it reveals that a Chinese hacking group has attacked the national data center of an unnamed Central Asian country.

The cyberattacks are said to have been carried out by a group known as LuckyMouse -- but also goes by the names Iron Tiger, Threat Group-3390, EmissaryPanda and APT27. The attacks started in 2017, and Kaspersky says that malicious scrips were injected into official website to conduct country-level waterholing campaign.

Continue reading →

Apple says that it is planning to release an iOS update that will block a loophole used by police to access iPhones.

Law enforcement agencies and hackers have been able to exploit a handset's Lightning port to get around passcode limits and brute force their way into a phone. But with the upcoming update, Apple will shut down data access via the Lightning port after an hour if the correct passcode is not entered.

Continue reading →

There has been something of a spate of chip vulnerability discoveries recently, and now another one has emerged. Known as Floating Point Lazy State Save/Restore, the security flaw (CVE-2018-3665) is found in Intel Core and Xeon processors and it is another speculative execution vulnerability in a similar vein to Spectre.

The security flaw takes advantage of one of the ways the Linux kernel saves and restores the state of the Floating Point Unit (FPU) when switching tasks -- specifically the Lazy FPU Restore scheme. Malware or malicious users can take advantage of the vulnerability to grab encryption keys. Linux kernel from version 4.9 and upwards, as well as modern versions of Windows and Windows Server are not affected.

Continue reading →

The rise of fake news has affected many people's faith in the internet as a reliable source. In order to help with the problem, Adblock Plus maker eyeo is launching a new browser extension called Trusted News.

Available free for Chrome browsers, the extension works by checking domains, websites, and news sources against the world's largest network of fact-checking databases.

Continue reading →