Tuesday, March 19, 2019

Google, Microsoft work together for a year to figure out new type of Windows flaw

Enlarge (credit: Marco Verch / Flickr) One of the more notable features of Google Project Zero's (GPZ) security research has been its 90-day disclosure policy. In general, vendors are given 90 days to address issues found by GPZ,...

Epic says its Game Store is not spying on you

Enlarge / Despite what you may have read, Epic says this is not spyware. This week, certain corners of the gaming Internet have been abuzz with a bit of self-described "amateur analysis" suggesting some "pretty sketchy," spyware-like...

An email marketing company left 809 million records exposed online

Enlarge / (GERMANY OUT) Leerstehendes Fabrikgebäude im Bonner Stadtteil Friesdorf. Vernagelte Eingangstüre mit zerschlagenen Scheiben (Photo by JOKER / Karl-Heinz Hick/ullstein bild via Getty Images) (credit: Ullstein Bild | Getty Images) By this point, you've...

The rise of tech-worker activism

Video by Chris Schodt, production by Justin Wolfson. (video link) In this episode of Ars Technica Live, we spoke with Leigh Honeywell, a security engineer who has worked at several large tech companies as well as the ACLU. She's been...

Microsoft’s latest security service uses human intelligence, not artificial

Enlarge / Microsoft security experts monitoring the world, looking for hackers. (credit: Microsoft) Microsoft has announced two new cloud services to help administrators detect and manage threats to their systems. The first, Azure Sentinel, is very much in...

Google: Software is never going to be able to fix Spectre-type bugs

Enlarge (credit: Aurich Lawson / Getty Images) Researchers from Google investigating the scope and impact of the Spectre attack have published a paper asserting that Spectre-like vulnerabilities are likely to be a continued feature of processors and, further,...

Mandatory update coming to Windows 7, 2008 to kill off weak update hashes

Enlarge Windows 7 and Windows Server 2008 users will imminently have to deploy a mandatory patch if they want to continue updating their systems, as spotted by Mary Jo Foley. Currently, Microsoft's Windows updates use two different hashing...

Researchers use Intel SGX to put malware beyond the reach of antivirus software

Intel Skylake die shot. (credit: Intel) Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's...

Windows 7 Extended Security Updates will double in price each year

Windows 7's free support period ends on January 14, 2020. Microsoft is offering three years of support updates for the operating system on a paid basis with a new program called Extended Security Updates (ESU). Unlike previous after-life support...

Windows 10 October 2018 Update is at last being pushed automatically

Enlarge / Who doesn't love some new Windows? (credit: Peter Bright / Flickr) The ill-fated Windows 10 October 2018 Update has hitherto been offered only to those Windows users that manually sought it, either by using the dedicated...

Windows 7 enters its final year of free support

Enlarge / Licensing and support lifecycles are not really the easiest topics to illustrate. (credit: Peter Bright) Windows 7's five years of extended support will expire on January 14, 2020: exactly one year from today. After this date,...

Latest Windows 10 build makes setup quieter, passwords optional

The latest Insider build of Windows 10, 18309, expands the use of a thing that Microsoft has recently introduced: passwordless Microsoft accounts. It's now possible to create a Microsoft account that uses a one-time code delivered over SMS as...

Bay Area: Join us 1/9 to talk about personal data security in 2019

Enlarge / Askhan Soltani has worked with the FTC and as an independent researcher, exploring data privacy issues. Recently, he testified about Facebook's privacy policies before the US and UK governments. (credit: Ashkan Soltani) The Cambridge Analytica scandal....

Cryptography failure leads to easy hacking for PlayStation Classic

Enlarge / The PlayStation Classic's internal USB, removed and picked at as part of the hacking effort. (credit: Yifan Lu / Twitter) In the days since the PlayStation Classic's official release, hackers have already made great progress in...

Marriott breach leaves 500 million exposed with passport, card numbers stolen

Enlarge / Marriott Hotel brands like the W hotel were breached between 2014 and 2018. (credit: Craig Warga/Bloomberg via Getty Images) On Friday, Marriott International announced a system breach that has affected approximately 500 million customers,...
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.