Latest Security News
SEE SECURITY STORIES BY CATEGORY
News
Google will review web apps that want access to its users’ data
In response to recent attacks where hackers abused Google's OAuth services to gain access to Gmail accounts, the company will review new web applications that request Google users' data.
News
HP rolls out patch to stop keylogging bug in some laptops
Consumers with HP laptops that have been accidentally recording their keystrokes can easily address the problem with a patch from the PC maker.News
A ‘kill switch’ is slowing the spread of WannaCry ransomware
Friday’s unprecedented ransomware attack may have stopped spreading to new machines — at least briefly — thanks to a "kill switch" that a security researcher has activated.News
A ransomware attack is spreading worldwide, using alleged NSA exploit
A ransomware strain appears to be spreading worldwide, by leveraging a hacking tool that may have come from the U.S. National Security Agency.News
The nasty new Jaff ransomware demands $3,700 payments
Attackers behind the highly successful Locky and Bart ransomware campaigns have returned with a new creation: A malicious file-encrypting program called Jaff that asks victims for payments of around $3,700
Security Measures
Password managers: The good, the bad, and the ugly
Besides antivirus protection, a password manager is the most important security tool you can use—if you know what to look for and what to avoid.
News
Certain HP laptops are found recording users’ keystrokes
Over two dozen HP laptop models may have secretly been recording users’ keystrokes by mistake, according to a Swiss security firm.News
Trump pushes US government to the cloud with cybersecurity order
President Trump has finally signed a long-awaited executive order on cybersecurity, which calls for the U.S. government to move to the cloud and modernize its IT infrastructure.News
Latest firmware updates for Asus routers fix CSRF security flaws
Users of Asus RT-N and RT-AC series routers should install the latest firmware updates released for their models because they address vulnerabilities that could allow attackers to hijack router settings.News
Some HP PCs are recording your keystrokes
Security company Modzero found a program acting as a keylogger in certain HP PCs.
News
Intel concerned about name of John McAfee’s privacy phone
Intel has told a court that MGT Capital Investments has gone ahead with the announcement of the “John McAfee Privacy Phone,” even though the company that proposes to change its name to “John McAfee Global Technologies” has previously said that it did not plan to launch products and services under the McAfee mark.News
Microsoft finally bans SHA-1 certificates in Internet Explorer and Edge
The Tuesday updates for Internet Explorer and Microsoft Edge forces those browsers to flag SSL/TLS certificates signed with the ageing SHA-1 hashing function as insecure.News
Bot-generated comments swamp FCC, urging overturn of net neutrality
An apparent bot-generated campaign has posted more than 83,400 comments on the U.S. Federal Communications Commission's website supporting the agency chairman's plan to gut net neutrality rules.
News
How to protect your Google and Facebook accounts with a security key
Security keys offer a more secure alternative to code-based two-factor authentication.
News
New IoT malware targets 100,000 IP cameras via known flaw
Over 100,000 internet-connected cameras may be falling prey to a new IoT malware that’s spreading through recently disclosed vulnerabilities in the products.News
Microsoft fixes 55 vulnerabilities, 3 exploited by Russian cyberspies
Microsoft released security patches Tuesday for 55 vulnerabilities across the company's products, including three flaws that have already been exploited in targeted attacks by cyberespionage groups.News
Emergency Microsoft patch fixes ‘crazy bad’ Windows malware scanner bug
Microsoft released an update for the malware scanning engine bundled with most of its Windows security products to fix a highly critical vulnerability that could allow attackers to hack computers.
News
How to check for the Intel Active Management exploit that lets hackers take over your PC
Although most consumers PCs are safe from Intel's Active Management vulnerability, some may actually have the hardware that's vulnerable. Here's how to check.News
German firms will streamline online login with a European bent
Several German firms are taking a stab at a single login process for accessing different online services — an approach that could compete with U.S. offerings.News
FCC hit with DDoS attacks after John Oliver takes on net neutrality
The FCC's website slowed to a crawl after comic and political commentator John Oliver urged viewers to flood the agency with comments in support of net neutrality, in what appeared to be a repeat of a 2014 incident. But the cause may have been more sinister than people expressing their support for net neutrality rules.News
How to prevent your data from being searched at the U.S. border
Travelers concerned about their privacy can take steps to protect their data as they cross the U.S. border. They should remember the old Boy Scout motto: Be prepared.News
US device searches at borders ignite resistance
U.S. Customs is on pace to search nearly 30,000 devices for the year. If you're traveling outside the country, here's what you need to know.
News
Trojan malware infests official HandBrake for Mac downloads
Hackers compromised a download server for HandBrake, a popular open-source program for converting video files, and used it to distribute a macOS version of the application that contained malware.News
Email dump hits French candidate Macron ahead of election
Another political campaign has been hit by an email dump. This time, the target is French presidential candidate Emmanuel Macron.
News
Patch to fix Intel-based PCs with enterprise bug rolls out next week
Starting next week, PC makers will roll out a patch that fixes a severe vulnerability found in certain Intel-based business systems making them easier to hack.News
Cyberspies tap free tools to make powerful malware framework
Over the past year, a group of attackers has managed to infect hundreds of computers belonging to government agencies with a malware framework stitched together from JavaScript code and publicly available tools.News
Google Docs phishing attack underscores OAuth security risks
Google has stopped Wednesday’s clever email phishing scheme, but the attack may very well make a comeback.
News
The pitfalls of cybersecurity shopping: hype and shoddy products
Today's cybersecurity market is beset by vaporware, exaggerated marketing claims and shady sales tactics, security managers say.News
Top tips for finding the right cybersecurity products
Having trouble finding the right security products for your business? You’re not the only one. We asked experienced buyers for their tips.
News
Snake cyberespionage malware is ready to bite Mac users
A sophisticated Russian cyberespionage group is readying attacks against Mac users and has recently ported its Windows backdoor program to macOS.
News
BlackBerry KeyOne hands-on: A physical keyboard makes Android more productive
For the first time the iconic BlackBerry hardware keyboard has been married with Android in the BlackBerry KeyOne.
Security Measures
Mac malware: Coming soon to a computer near you
The facts dispute the myth that Macs are immune to malware, and adware is the number one culprit.News
India’s Supreme Court hears challenge to biometric authentication system
Two lawsuits being heard this week before India’s Supreme Court question a requirement imposed by the government that individuals should quote a biometrics-based authentication number when filing their tax returns.
News
Here’s how the sneaky Gmail phishing attack fooled victims with a fake Google Docs app
Google Docs was pulled into a sneaky email phishing attack on Tuesday that was designed to trick users into giving up access to their Gmail accounts.News
Shodan search engine starts unmasking malware command-and-control servers
There's now a new tool that could allow researchers and companies to quickly block communications between some malware families and their constantly changing command-and-control servers.
News
Android gets patches for critical flaws in media handling, hardware drivers
Android has received security fixes for over one hundred vulnerabilities, including 29 critical flaws in the media processing server, hardware-specific drivers and other components.News
Vulnerability hits Intel enterprise PCs going back 10 years
Intel is reporting a firmware vulnerability that could let attackers take over remote management functions on computers built over the past decade.News
Trump seeks to upgrade US government IT services
President Trump is launching a special council to upgrade the U.S. government’s IT services. “Americans deserve better digital services from their government,” the executive order, released on Monday, said.
News
NSA suggests using virtualization to secure smartphones
The U.S. National Security Agency is now suggesting government departments and businesses should buy smartphones secured using virtualization, a technology it currently requires only on tablets and laptops
News
Meet Windows Defender Security Center, your PC’s safety belt in the Creators Update
Microsoft's Windows Defender antivirus has a new job, heading up Windows Defender Security Center and uniting all the OS safety features in one convenient location.News
NSA ends surveillance tactic that pulled in citizens’ emails, texts
The U.S. National Security Agency will no longer sift through emails, texts and other internet communications from U.S. citizens that mention foreign targets under surveillance.News
Google’s Chrome will soon start warning you more about HTTP pages
A Google effort to push websites to implement encryption is expanding. Starting in October, the company will flag even more HTTP connections as insecure in its Chrome browser.
News
Stealthy Mac malware spies on encrypted browser traffic
A new malware program that targets macOS users is capable of spying on encrypted browser traffic and stealing sensitive information.News
Network management vulnerability exposes home cable modems to hacking
Hundreds of thousands of internet gateway devices from around the world, primarily cable modems, are vulnerable to hacking because of a serious weakness in their implementation of the Simple Network Management Protocol.News
Cloudflare launches service to secure IoT devices from external hacks
Web optimization and security firm Cloudflare launched a service that could allow IoT manufacturers to protect devices from attacks and deploy patches much quicker.
News
BlackBerry’s keyboard-equipped KeyOne Android phone will launch in May
The BlackBerry KeyOne, an Android-based smartphone with a hardware keyboard, will be available in the U.S. and Canada from May 31, the phone's maker said Thursday.News
The average ransomware payment has skyrocketed to over $1,000
The hackers spreading ransomware are getting greedier. In 2016, the average fee to free computers hit with the notorious infection rose to $1077, about five times higher than in 2016, Symantec found.News
Russian hackers use OAuth, fake Google apps to phish users
The Russian hacking group blamed for targeting U.S. and European elections has been tricking victims into handing over login credentials with fake Google security applications.News
Old Windows Server machines can still fend off hacks. Here’s how
Keeping a computer up-to-date, with the latest OS and software patch, is one of the best things you can do to stay safe from cyber threats.News