Notebookcheck

Security

     restrict settings
additional restrictions: Security
All this considered, this is about par for cyber information control in most parts of the world. (Source: The Verge)

Your private data isn't so private after all, Wechat confirms

It's been a good week for privacy intrusions, with GO Keyboard being reported to siphon user data. This time out, it's the Wechat app on all the headlines, as the app's new privacy policy sheds light on how public, private user data actually is.
The main weakness of pattern and PIN is the ability for those around you to obverve entry. (Source: Msporch/Pixabay)

Android pattern unlock is the easiest authentication method to snoop

A study by researchers from the University of Maryland and the US Naval Academy has been published showing that a six-spot pattern unlock is six times easier for snoopers to repeat after seeing once than a six-digit PIN.
Image: Twitter user Nick Sweeting

Equi-fail: Equifax directs customers affected by hack to fake phishing website

In another major misstep for Equifax, an employee of the credit services company responded to customer tweets with a link to a fake phishing website. The site, which was styled to look like the official Equifax site dedicated to the hack, was a fake used to demonstrate how easily malicious parties could further exploit Equifax's customers.
...
CCleaner's binary was modified by hackers to insert a backdoor. (Source: Piriform)

CCleaner hijacked by hackers to open a backdoor for remote code execution

Piriform, makers of the popular PC cleaning software CCleaner, said that a few versions of the program's 32-bit binary were hijacked by hackers who could insert a two-stage backdoor capable of remote code execution. Investigation is on to understand what exactly caused the hijack that resulted in about 2.27 million users getting affected.
...
Google Tez aims to make payments hassle-free. (Source: Google)

Google Tez aims to revolutionize the digital payment landscape in India

Google has launched a new payment service, Tez, which enables fast payments without the need to share information such as bank account numbers, fund transfer codes, or even pair up mobiles by NFC. The new service is compatible with any Indian bank that supports the Unified Payments Interface (UPI).
Image: Equifax

Equifax security breach blamed on known web vulnerability in Apache Struts

One week after announcing a major data breach affecting over 143 million consumers, Equifax is pointing blame at a security vulnerability in the Apache Struts web framework. However, the vulnerability was publicly announced in March and a patch was available months before the attack.
The QNAP TS-x77 features upto an 8-core 16-thread AMD Ryzen 7 CPU and 64 GB of RAM. (Source: QNAP)

QNAP briefs about QTS 4.3.4 OS and the TS-x77 NAS powered by AMD Ryzen

QNAP offered a glimpse into some of the advancements coming to the QTS 4.3.4 operating system that includes new features such as snapshot support for ARM-based QNAP NAS. It also offered a closer look into the TS-x77 NAS powered by AMD Ryzen CPUs.
Windows 10 Fall Creators Update is due on October 17th. (Source: Microsoft)

Android and iOS-like app permissions coming to Windows 10 apps

Microsoft is bringing app permissions for improved privacy and security with UWP (Windows Store) applications. Admins of the Enterprise Edition have an option to reduce the diagnostic data collected to be reduced to the minimum needed for administration by company IT departments.
Armis Labs warns that current security solutions will not detect BlueBorn, beacuse these are focused on IP attacks, not on airborne attacks. (Source: Armis Labs)

BlueBorne vulnerability could target billions of unpatched Bluetooth devices

Armis Labs discovered a Bluetooth vulnerability codenamed BlueBorne that could affect billions of devices including smartphones like Google Pixel and Samsung Galaxy, tablets like Samsung Galaxy Tab, smartwatches like LG Watch Sport, or audio systems like the Pumpkin Car Audio System. BlueBorne can also attack unpatched Windows and Linux PCs, and a variety of...
...
Graph of the increase in cryptocurrency mining trojans as measured by Kaspersky Labs. (Source: Bleeping Computer)

Cryptocurrency mining malware has infected over 1.65 million computers this year

Data from Kaspersky Labs shows that the number of cryptocurrency mining trojan infections in 2017 has passed 1.65 million to date. Criminals use infected PCs to crunch transactions and route the success fee to their own digital wallets.
Google Chrome. (Source: Google)

Google Chrome to include protection from man-in-the-middle attacks

Google Chrome 63 will come with a feature designed to protect users from third parties who are attempting to intercept their encrypted SSL transmissions.
Swelling batteries in the XPS 15 9550 have caused displacement of trackpads rendering them useless. (Source: User Crashnorun on the Dell Support Forum)

PSA | Dell offers to replace swelling XPS 15 9550 batteries for free, even if out-of-warranty

There were problems with batches of 84Wh batteries in the XPS 15 9550 that led to the battery bulging and pushing against the trackpad. Once the swelling was bad enough, it not only hindered the trackpad function but also posed a safety hazard. Users are now reporting that Dell is now finally accepting out-of-warranty battery replacements for the XPS 15 9550...
...
ASRock's X10 IoT router can remotely control various smart appliances around the house. (Source: ASRock)

ASRock's X10 IoT Router remotely controls home appliances over radio and IR

The X10 comes with the usual dual band Wi-Fi and Gigabit Ethernet connections, but also offers remote control capabilities for smart home appliances through the integrated ZigBee radio controller and IR blaster.
Equifax announces major security breach affecting 143 million customers in the U.S.

Equifax announces major security breach affecting 143 million customers in the U.S.

Equifax announced today that the personal information of over 143 million American consumers was compromised in late July. Items such as birth dates, social security numbers, and even drivers licenses were stolen by hackers, in addition to over 200,000 credit card numbers.
Apple's Siri is vulnerable to ultrasonic voice hacks.

Siri and Alexa are vulnerable to ultrasonic voice commands

Chinese researchers have been able to launch malicious voice command attacks on every major voice assistant including Siri and Alexa. Using ultrasonics, the researchers were able to hack devices with any victim completely unaware that their device had been compromised.
Lenovo has been fined US$3.5 million and had restrictions placed on pre-installed software on their systems in the United States. (Source: Geralt/Pixabay)

Lenovo fined US$3.5 million for pre-installing adware on some laptops in 2015

The saga about some Lenovo laptops coming pre-installed with adware in 2015 has now come to an end with the results of their court case being announced a few hours ago. Lenovo must pay a fine of US$3.5 million and has had some restrictions placed on how they handle pre-installed software in the United States.
...
The Windows 10 Fall Creators Update is all set to roll out starting October 17

IFA 2017 | Windows 10 Fall Creators Update will officially roll out starting October 17 along with a slew of Windows Mixed Reality headsets

At its IFA 2017 keynote in Berlin, Microsoft announced that the Windows 10 Fall Creators Update will start officially rolling out starting October 17. Microsoft's partners will also start shipping affordable Windows Mixed Reality headsets alongside the new OS update.
Insiders can now test drive full Office 365 apps directly from the Windows Store. (Source: Windows Central)

Microsoft invites Insiders to test drive Office 365 from the Windows Store

Microsoft is inviting Insiders to test out Office 365 programs from Windows Store. These are the original Win32-based programs converted using the Project Centennial desktop bridge that can now call UWP-specific APIs and services.
Image: Essential

Andy Rubin issues apology for Essential customer privacy debacle

After a massive privacy foul-up, Essential's Andy Rubin has issued a formal apology to customers that had their personal information emailed to other customers. Essential will provide affected individuals with a one-year subscription to LifeLock and, possibly, a free Essential Phone.
Acer Holo360 (left) and Acer Vision360 (right) LTE enabled 360-degree cameras. (Source: Acer)

IFA 2017 | Acer showcases 360-degree cameras with LTE connectivity

Acer has showcased two LTE enabled 360-degree cameras, the Holo360 and Vision360, at its IFA press conference. The Holo360 is a one-stop device for all things concerned with video recording, editing and sharing while the Vision360 is an in-car camera designed to augment driving safety.
Toshiba Tecra X40-D (i7-7600U, FHD) Laptop Review

87% Toshiba Tecra X40-D (i7-7600U, FHD) Laptop Review

Carbon Copy. Toshiba's new Tecra X40-D is the Japanese manufacturer's latest entry in the thin-and-light business market and carries over several features from its smaller brother, the Portégé X30. Is the X40 able to differentiate itself enough, or is it more of the same in a larger package?
Intel Core i7-7600U | Intel HD Graphics 620 | 14" | 1.3 kg
Deep digging into the Intel ME firmware has finally enabled security researchers to disable its functioning. (Source: Positive Technologies)

Eureka! The Intel Management Engine can finally be disabled, thanks to the NSA

Researchers have found a way to disable a much hated component of Intel CPUs — the Intel Management Engine, thanks in part to the NSA's High Assurance Platform (HPA) program.
WhatsApp will soon enable verified business numbers as a medium for customer interaction. (Source: WhatsApp)

WhatsApp will soon allow you to chat with verified businesses

Facebook-owned WhatsApp has started a pilot program to verify business numbers. This allows customers to directly chat with businesses for quicker updates and problem resolution.
Verizon is one the first US carriers to roll out the new Android Oreo OTA update. (Source: Verizon)

Verizon starts rolling out Android Oreo to Google Pixel handsets

Contrary to popular notion, Verizon has started to seed the Android Oreo update to Google Pixel phones on its network much before any other major US carrier has initiated the process.
Google's Certified Android devices program is a continuation of its security efforts. (Source: Google)

Google launches Certified Android device program

Google has announced its new Certified Android devices program. Designed to give customers the guarantee of a malware-free device out of the box, it is the company's latest effort to clamp down on Android security.
NY Mayor Bill de Blasio with NYPD deputy commissioner for IT, Jessica Tisch. (Source: NY Post)

NYPD contemplating on replacing 36,000 odd Windows Phones with iPhones

In the continuing habitual setback for Microsoft in its mobile endeavors, the NYPD will soon be scrapping its 36,000 odd smartphones running Windows Phone 8.1 for iPhones. The department is taking the decision in the wake of Microsoft halting updates for the ill-fated mobile OS.
The Librem 5 will feature hardware kill switches for the camera, microphone, and wireless radios. (Image: Purism)

Purism turns to crowdfunding to develop their Linux-based smartphone

The Librem 5, currently up for preorder through a crowdfunding campaign, is Purism's attempt to create a privacy-focused smartphone. The phone will run a mobile variant of PureOS, which is Purism's own custom GNU/Linux-based operating system.
Windows 95 is still used in various machines around the world, including critical systems inside the Pentagon. (Source: Brian Miller)

Windows 95 turns 22 - still lurks inside Pentagon's critical systems

22 years after its release, Microsoft Windows 95 is still running on machines around the world, including critical systems inside the Pentagon. The US Department of Defense is collaborating with Microsoft to migrate all Pentagon systems to Windows 10.
Not all apps using the Igexin SDK were found to be collecting data, but they all had the potential to do it. (Source: Pixabay)

Igexin use their advertising SDK to siphon user data back to their servers in China

Igexin, the developer of an advertising software kit, has been caught collecting user data and sending it back to servers in China. Their kit was used in 500 legitimate applications and used the permissions granted to those apps to collect data such as call logs. Google has disabled the compromised applications while the developers replace the advertising AP...
...
Latest XPS 13 9360 1.0.7 BIOS update purportedly bricking systems

Latest XPS 13 9360 1.0.7 BIOS update purportedly bricking systems

In what could be another potential PR headache for Dell, the latest 1.0.7 BIOS update for the XPS 13 may be accidentally rolling back systems. It's recommended that XPS 13 owners do not install this latest update until Dell either reuploads a replacement or directly addresses users' complaints.
Hacking your phone through the touchscreen? Yes, it can be done. (Image: Shattered Trust)

New research paper demonstrates smartphone security hole in replacement hardware

A research team has successfully compromised a smartphone by injecting malicious code into the drivers for the touchscreen. The code allows full access to the device, including the ability to alter files, use the phone's camera, download malicious apps, and grant root access without unlocking the bootloader.
...
BlackBerry KEYone

83% BlackBerry KEYone Smartphone Review

Press me! TLC has presented a new BlackBerry smartphone with a physical keyboard: the KEYone. The new smartphone combines a 4.5-inch touchscreen with a touch-sensitive keyboard that can also be used as a Trackpad.
Update: Build AAN358 is rolled out.
Qualcomm Snapdragon 625 | Qualcomm Adreno 506 | 4.5" | 180 g
Ransomware Locky and Mamba have started rearing their ugly heads again. (Source: 2-Spyware)

Beware! Ransomware Locky and Mamba on the prowl again

Variants of ransomware Locky and Mamba have resurfaced and are more lethal than ever. Those unfortunate to be infected, risk encryption of the entire HDD and need to cough up a huge sum of money for decryption and recovery of their data.
Microsoft buys Cycle Computing to accelerate Big Computing in the cloud

Microsoft acquires Cycle Computing

Thanks to the addition of the cloud computing orchestration market leader Cycle Computing to its long list of assets, Microsoft hopes to ease the process of using High-Performance Computing and other Big Computing capabilities in the cloud.
Source: Amazon

BLU R2 budget smartphone now available for preorder

The latest budget-tier smartphone from BLU is now available for $80, although buyers will have to eschew some modern comforts like LTE connectivity at that price. For an extra $30, the R2 LTE offers a slight spec bump and 4G LTE speeds.
Infographic showing how the blockchain works with cryptocurrencies. (Source: Oxfam/Financial Times)

Microsoft is making it easier for enterprise to integrate block chain technology

Microsoft has announced their 'Coco Framework' which will officially be released as an open-source project on GitHub in 2018. The Coco Framework is intended to help make blockchain technology a viable and secure option for industries to use to share and verify records and transactions.
MIUI is compromising device security according to eScan. (Source: Xiaomi)

MIUI security flaws allow uninstallation of security apps and easy copying of data

eScan, a software security company, has reported on a number of vulnerabilities in Xiaomi's MIUI. The two principal ones allow the uninstallation of security apps and the transferring of phone data without prompting for the user password. Xiaomi disputes the findings of the report, claiming that using a PIN, password, pattern, or fingerprint will avoid these...
...
The solution with the best result used sodium sulfate (Na2SO4), a compound found in detergents. (Source: Wikimedia Commons)

Researchers create flexible salt-based batteries

A team of researchers have been experimenting with various sodium-based solutions to replace lithium-ion batteries with significant success. Sodium-ion batteries (SIBs) would be advantageous as they would not require as many safeguards due to the more benign nature of sodium versus lithium.
suhide-lite can bypass Google's SafetyNet, allowing rooted phones to run apps that would otherwise be restricted. (Source: XDA-Developers)

It's now easier to hide root on your Android phone with suhide-lite

A new SuperSU package by developer Chainfire allows users to hide root status from specific apps, which can enable the use of certain apps on rooted devices that would otherwise be blocked via Google's SafetyNet API.
The malicious software is activated whrn the DNA sequencer analyzes the data. (Source: Shutterstock)

Biohackers splice malware directly into DNA strands

Scientists came up with a plan to infect computers using altered human DNA. The malicious code is activated when the altered human genetic code is analyzed by a DNA sequencer that is hooked to a computer network.
Friends with benefits — Kaspersky and Microsoft seem to have reconciled their differences with respect to security in Windows 10. (Source: Kaspersky)

Kaspersky withdraws antitrust claim after Microsoft offers to make Windows 10 more AV vendor friendly

It appears that Microsoft and Kaspersky have come to terms with respect to the latter's demands of a more antivirus vendor friendly approach in Windows 10 resulting in withdrawal of all antitrust allegations against Microsoft by Kaspersky.
Sony developed the educational blockchain using he IBM Cloud and the Hyperledger Fabric 1.0 framework. (Source: Sony)

Sony wants to provide increased cybersecurity for educational institutions through blockchain tech

Recognizing the potential of the blockchain tech, Sony is looking to provide an educational system based on the highly acclaimed Hyperledger Fabric 1.0 framework. The blockchain-based system records information in a difficult to falsify way and controls access to recorded information, making it possible to reliably disclose information to authorized third pa...
...
Disney Princess: Charmed Adventures is one of 42 titles the suit alleges to collect personal information of children without parental consent. (Source: Disney)

Disney sued for allegedly illegally collecting data on children with smartphone apps

Disney is being sued along with three software companies for creating software targeted at young children that collect personal information and send it to advertisers without the consent of parents. Disney has signaled it aims to face the suit in court.
Verizon releases security update for Samsung's flagship phones... from 2015

Verizon releases security update for Samsung's flagship phones... from 2015

A new update for the Verizon Galaxy S5, Note 4, and Note Edge will roll out over the next few weeks, patching a few security holes and fixing some call-related bugs.
BLU's tweet announcing their product are back online. (Source: Twitter)

BLU phones back on Amazon following privacy fears

After privacy concerns caused Amazon to delist some phones by budget smartphone manufacturer BLU, the products are once again available through the online retailer. Although BLU has denied allegations of any wrongdoing, privacy issues with budget Android phones may remain a concern.
The WannaCry hackers are taking a risk emptying their bitcoin wallets. (Source: HypnoArt/Pixabay)

WannaCry hackers empty their wallets

The three ransom wallets associated with the WannaCry ransomware have been monitored by law-enforcement for the last three months. A few days ago the total Bitcoin balances were transferred from each of those wallets into a number of smaller ones as the hackers start the process of trying to make any cash withdrawals untraceable.
...
Fujitsu LifeBook U937 (Core i5, Full-HD) Laptop Review

88% Fujitsu LifeBook U937 (Core i5, Full-HD) Laptop Review

Security Business Smaller, slimmer, more secure – this could be the new motto of the top-range ultra-mobile business sector. The U937 is hoping to overtake its competition with a weight of 950 grams (~2.1 lb), a lot of security features and LTE support. Find out if it has succeeded in our detailed review.
Intel Core i5-7200U | Intel HD Graphics 620 | 13.3" | 950 g
Mozilla is trialing a single-download encrypted file sharing website. (Source: Mozilla)

Mozilla tests file sharing service that deletes files after one download

Mozilla has added three new experiments to their Test Pilot program. The most interesting is a website available to users of any browser that allows single-download encrypted sharing of files. The other new experiments are a note taking app and voice search.
This is the second time this year that a broadcom WiFi chip has caused security issues. (Source: Business Insider)

Broadcomm WiFi can be hacked on iPhone and several modern Android phones

A Black Hat researcher has found a vulnerability with Broadcom wireless chips used in various phones including iPhone, Nexus, and Galaxy S phones. This bug allows a hacker to overflow the memory in the wireless chip and execute code in the device memory. Apple and Google have patched the flaw, but will third party manufacturers push the update to their devic...
...
Apple is not the only company forced to either cooperate with the Chinese government or face losing access to the market, but they are the largest. (Source: Shutterstock)

Apple pulls VPNs from Chinese App Store

Apple has pulled a number of censorship-defeating tools from their App Store in China, citing Chinese law. The move to accommodate the Chinese government deprives many in the country of access to information.

Working For Notebookcheck

Are you a loyal reader of notebookcheck? Are you a techie who knows how to write? Then join our Team!

Especially wanted: 
English-Swedish-Translator - 
Details here
Review Editor - 
Details here
News Editor - Details here

 

 

 

 

 

 

Business

Business

Tags

Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > Topics
Redaktion, 2013-05- 8 (Update: 2013-09-27)