Group items tagged

"But Computercop isn't security software -- quite the opposite; it's classic malware. The software, made in New York by a company that markets to law enforcement, is a badly designed keylogger that stores thingstyped into the keyboard -- potentially everything typed on the family PC -- passwords, sensitive communications, banking logins, and more, all stored on the hard drive, either in the clear, or with weak, easily broken encryption. And Computercop users are encouraged to configure the software to email dumps from the keylogger to their accounts (to spy on their children's activity), so that all those keystrokes are vulnerable to interception by anyone between your computer and your email server. "

"Dye told the Wall Street Journal that hackers increasingly use novel methods and bugs in the software of computers to perform attacks, resulting in about 55% cyberattacks going unnoticed by commercial antivirus software."

"These exploits are based on chip engineering flaws, not on software flaws. Apple, Google, Abode, Microsoft, and other software companies didn't write poor software or bad Operating Systems to cause these problems to occur. Rather, the chip manufacturers - Intel, AMD and ARM - designed and then engineered computer chips with flaws built into them. Once discovered, those flaws allow the Meltdown and Spectre exploits to be run. Worse, these chips have been sold with consumer computers, servers and mobile devices since 1995. so the impact is, potentially, both personal and global in scope."

"One of the most widely used tools for monitoring and restricting pupils' internet use in UK schools has a serious security flaw which could leave hundreds of thousands of children's personal information exposed to hackers, a researcher has warned."

"Computer security experts suggested that the crisis could reflect weaknesses in the NHS's cybersecurity. Ross Anderson, of Cambridge University, said the attack appeared to exploit a weakness in Microsoft's software that was fixed by a "critical" software patch earlier this year but which may not have been installed across NHS computers."

"Bitcoin is stored on software known as a digital wallet that is secured through encryption. A password is used as a decryption key to open the wallet and access the bitcoin. When a password is lost the user cannot open the wallet. The fraudster had been sentenced to more than two years in jail for covertly installing software on other computers to harness their power to "mine" or produce bitcoin. When he went behind bars, his bitcoin stash would have been worth a fraction of the current value. The price of bitcoin has surged over the past year, hitting a record high of US$42,000 in January. It was trading at US$37,577 on Friday, according to cryptocurrency and blockchain website Coindesk."

"But it isn't just major retailers deploying facial recognition software. Backlash to private use of facial recognition culminated on Wednesday when Livonia skating rink in Michigan was accused of banning a Black teenager after its facial recognition software mistakenly implicated her in a brawl. Lamya Robinson told Fox2 that after her mom dropped her off at the skating rink last Saturday, security guards refused to let her inside, claiming her face had been scanned and the system indicated she was banned after starting a fight in March."

"Durumeric leads a team of researchers at the University of Michigan that has developed scanning software called ZMap. This tool can probe the whole public Internet in under an hour, revealing information about the roughly four billion devices online. The scan results can show which sites are vulnerable to particular security flaws. In the case of FREAK, a scan was used to measure the scale of the threat before the bug was publicly announced."

""We have only examined a tiny fraction of this code base and found a critical, election-stealing issue," said Lewis, who is currently executive director of the Open Privacy Research Society, a Canadian nonprofit that develops secure and privacy-enhancing software for marginalized communities. "Even if this [backdoor] is closed its mere existence raises serious questions about the integrity of the rest of the code.""

"On Monday China's foreign ministry said it strongly opposed any US actions against Chinese software companies, and it hoped the US could stop its "discriminatory policies". Pompeo told Fox that countless Chinese software companies were "feeding data directly to the Chinese Communist party, their national security apparatus". "Could be their facial recognition patterns. It could be information about their residence, their phone numbers, their friends, who they're connected to. Those are the issues that President Trump has made clear we're going to take care of," he said."

"The problem extends beyond the Pegasus project. Installed in Mexico City is one of the largest urban surveillance systems in the Americas: El Centro de Comando, Control, Cómputo, Comunicaciones y Contacto Ciudadano, better known as El C5. The network, connected to panic buttons and command centers, is spread over 1,485 kilometers with software designed to automatically detect license plates. On top of that, the number of installed cameras grew from 18 million to 65 million between 2018 and 2022, with stated plans to add at least an additional 16 million more. Despite its apparent pre-eminence, issues have arisen with the C5, from false identifications to mishandling of personal data. Technological malfunctions have also been shown to impact the outcomes of criminal cases because of the assumption of objectivity that video surveillance supposedly construes. The sprawling C5 system is dwarfed only by the Titan, an expansive intelligence and security database, both in terms of scale and threat to civil liberties. The software is used by several Mexican state governments to combine location data with other private information, including financial, government, and telecom data, to geolocate individuals across the country in real time. Governmental officials have been criticized for the controversial use of the database to target public figures, but, more problematically, access to Titan-enabled intel can be gained through an underground market, making it a further liability. The extent to which artificial intelligence has been incorporated into the C5 and Titan is still not clear, but the specter of surveillance remains large and is set to cause more worries with the addition of new smart technologies."

"Toyota's Lexus rolled out an update for some of its cars, including RX350, which broke the vehicles' navigation and entertainment systems leaving them stuck in a boot loop. Lexus confirmed that the software updates are routinely pushed out via satellite to cars and that a faulty application may be to blame."

"The flaw, dubbed "Log4Shell", may be the worst computer vulnerability discovered in years. It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across the industry and the government. Unless it is fixed, it grants criminals, spies and programming novices alike, easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more."

"Up to 10 million Android smartphones have been infected by malware that generates fake clicks for adverts, say security researchers. The software is also surreptitiously installing apps and spying on the browsing habits of victims. The malware is currently making about $300,000 (£232,000) a month for its creators, suggests research."

"Excluding mobile operating systems for tablets and smartphones, Windows still owns about 90% of the global computing market, so it's no surprise it remains a prime target for malware. That doesn't mean other operating systems are perfectly safe, however, as they too can prove easy pickings."

"Some are disturbed by the strategy to go "digital by default". Andrew Miller, chair of the Commons science and technology committee, wrote to Cabinet Office minister Francis Maude with concerns that "as public services go online, the government may not keep up with advances in technology and that inadequacies in government software may lead to security vulnerabilities"."

"The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself."

"Security researchers have discovered a vulnerability in the system software used in millions of computers, opening the possibility that attackers could execute arbitrary commands on web servers, other Linux-based machines and even Mac computers."

The free antivirus software AVG is selling your online information for profit and you have no control over your privacy and security.

"TeslaCrypt ransomware with new features that are impossible to crack, according to Cisco's Talos security arm. That means user infected with the latest version (3.01) of the malware can no longer use white hat-engineered software to get their files back. Until someone finds a new solution -- and that seems unlikely -- victims will have to pay."