NOMINATIONS NOW OPEN

Top IT Security Bloggers

  • Microsoft rethinks Windows 10 upgrade push following complaints

    Graham Cluley
    Dave Lee at BBC News reports:
    In recent months, in an apparent bid to accelerate adoption of Windows 10, Microsoft altered the way it asked users if they wanted to upgrade. It gave the Windows 10 update "recommended" status, normally reserved for critical security updates.
    If when prompted to update to Windows 10 users clicked the red "X", the upgrade would not immediately start. However, the update process would automatically be scheduled for a later time.
    From this week, Microsoft said it would change that process, admitting that it was confusing.
    "The new experience has clearer options to upgrade now, choose a time, or decline the free offer," said Terry Myerson, executive vice president, Windows and Devices Group, in an emailed statement.
    "If the red-x is selected on this new dialog, it will dismiss the dialog box and we will notify the device again in a few days."

    I've complained before about the "dirty trick" Microsoft pulled when it changed the behaviour of its update nag screen - duping users into believing that clicking "X" would simply make the pop-up disappear rather than scheduling an unwanted Windows 10 update.
    I understand that Microsoft believes Windows 10 is great, and appreciate that it wants as many users as possible to update to it, but the way it has handled the process has pretty bloody awful.
    News of the rethink comes as news emerges that Microsoft has agreed to pay a Californian woman $10,000 after an unwanted Windows 10 update caused her computer to crash.
  • Unwanted Windows 10 update wins woman $10,000 from Microsoft

    Graham Cluley
    The Seattle Times reports:
    A few days after Microsoft released Windows 10 to the public last year, Teri Goldstein’s computer started trying to download and install the new operating system.
    The update, which she says she didn’t authorize, failed. Instead, the computer she uses to run her Sausalito, Calif., travel-agency business slowed to a crawl. It would crash, she says, and be unusable for days at a time.
    “I had never heard of Windows 10,” Goldstein said. “Nobody ever asked me if I wanted to update.”
    When outreach to Microsoft’s customer support didn’t fix the issue, Goldstein took the software giant to court, seeking compensation for lost wages and the cost of a new computer.
    She won. Last month, Microsoft dropped an appeal and Goldstein collected a $10,000 judgment from the company.

    There is no doubt that Microsoft has taken its aggressive pushing of Windows 10 onto users' computers too far, with many users claiming that it has been installed on their PCs without their explicit consent.
    If a malicious hacker made unauthorised changes to your computer without your permission you would expect the police to take an interest.
    So what makes it any different when it's a company called Microsoft messing around with your computer?
  • Can your computer fan be used to spy on you?

    Sophos - Naked Security
    Researchers in Israel claim that your computer's fan speed can be used to send secret signals. But it's kind of slow... very, very slow.
  • Microsoft pays woman $10K after ‘unauthorized’ Windows 10 update

    Sophos - Naked Security
    A California woman says she never authorized the update, which left her work PC "unusable" for days.
  • Pandora tells some users to reset their passwords

    Graham Cluley
    Online music streaming service Pandora Radio has told some of its users that they should reset their passwords following data breaches on other sites.
  • Malware on Google Play steals Viber photos and videos

    Graham Cluley
    Symantec reports:
    Symantec has discovered an app on Google Play that steals photos and videos from the popular social media app Viber. Beaver Gang Counter masquerades as a score keeping app for a popular card game but secretly searches for media files related to the Viber app and sends them to a remote server.
    It's easy to imagine who the personal photos and videos stolen by this malware could be used by online criminals for the purposes of blackmail, stalking, fraud, identity theft or just good old-fashioned voyeurism.
    Interestingly, it seems that Beaver Gang Counter waited for instructions from a remote command and control (C&C) server before scooping up personal photos and videos. This functionality appears to have helped the malware waltz past the Google Play store's vetting process.
    Malware on the Android platform is a growing problem, but it's even worse when it makes its way into the official Android app store.
    Symantec says that Google has now removed the offending app and developer from Google Play, but one wonders how long it will be before someone else attempts something similar.
  • Malicious app found on Google Play, steals Viber photos and videos

    Symantec Security Response Blogs
    The Beaver Gang Counter app uses a time-delay attack in an attempt to evade security measures.



    Blog Feature Image: 


    hooded_keyboard.jpg






    Twitter Card Style: 
    summary


    Contributor: Tommy Dong
    Symantec has discovered an app on Google Play that steals photos and videos from the popular social media app Viber. Beaver Gang Counter masquerades as a score keeping app for a popular card game but secretly searches for media files related to the Viber app and sends them to a remote server.
    read more
  • Bart ransomware takes files hostage by hiding them in password-protected ZIP files

    Graham Cluley
    A new crypto-ransomware called "Bart" denies victims access to their files without the use of command-and-control (C&C) infrastructure or AES encryption.
    David Bisson reports.
  • Mining Companies Under Attack

    Trend Micro - Security Intelligence
    Cyber espionage campaigns against the mining industry are largely geared towards ensuring interest groups have access to the latest technical knowledge and intelligence so they can maintain competitive advantage and thrive in the global commodities market. In this blog post, we illustrate this pattern with the case of the attacks involving the Potash Corporation. By doing so, we will be able to identify the motivations and goals of attackers targeting a key mining company.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Mining Companies Under Attack
  • Mining Companies Under Attack

    TrendLabs - Malware Blog
    Cyber espionage campaigns against the mining industry are largely geared towards ensuring interest groups have access to the latest technical knowledge and intelligence so they can maintain competitive advantage and thrive in the global commodities market. In this blog post, we illustrate this pattern with the case of the attacks involving the Potash Corporation. By doing so, we will be able to identify the motivations and goals of attackers targeting a key mining company.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Mining Companies Under Attack

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place