Security Alerts & News
by Tymoteusz A. Góral

History
#897 Microsoft's Bing now gives you more detailed warnings about malware, phishing sites
Microsoft's search engine Bing will display more detailed warnings when users encounter potential phishing and malware sites.

The company has announced it's refining how it communicates potential threats in Bing results and to website operators using the Bing webmaster dashboard.

Rather than provide only a generic malware warning, Bing's new approach will be more specific about different types of threats and their potential impact.

For end users, it will now highlight whether the page ahead is a phishing site. In such cases, Bing will offer an explanation about how the site might trick the user into disclosing financial, personal, or other sensitive information.

Webmasters are notified through the Bing dashboard and from there can ask for a review of the status after the issue is addressed.
#896 Mitsubishi Outlander hybrid car alarm 'hacked' (VIDEO)
The alarm on Mitsubishi's Outlander hybrid car can be turned off via security bugs in its on-board wi-fi, researchers have found.

The loophole could mean thieves who exploit the bugs gain time to break into and steal a vehicle.

The vulnerability can also be used to fiddle with some of the car's settings and drain its battery.

Mitsubishi recommended that users turn off the wi-fi while it investigates the issues with the system.
#895 How to delete your smartphone data securely before selling your device
Some people change their smartphone or tablet almost as casually as they change their clothes. They buy and later sell mobile devices without the slightest concern about the information that, one device after another, they keep putting in the hands of total strangers. This article is aimed at all those people, and in it you will be able to learn what measures you can take to protect your privacy.
When you delete a file, is the data really deleted?

Unfortunately, no. With most IT equipment, deleting a file means telling the system that the next time it needs to write data, it can overwrite the space used by the file in question.

However, until the new write operation takes place, the information remains physically stored in the form of bits on the corresponding storage drive and can be recovered. This kind of deletion is known as logical deletion and is the procedure that almost all operating systems use.

In contrast, there is another kind of deletion called physical deletion which modifies the data bit by bit, by creating junk content on the storage medium. This procedure ensures that the data cannot be recovered, but it takes much longer and therefore usually is considered undesirable for tasks where the user experience is central.
#894 171 million VK.com accounts stolen by hackers
A hacker has obtained 171 million user accounts associated with social networking giant, VK.com.

The stolen database contains full names, email addresses and plain-text passwords, and in many cases locations and phone numbers.

The St. Petersburg, Russia-headquartered social network -- formerly known as VKontakte -- is said to be the largest in Europe, with over 350 million users at the last count. The hack is thought to have been carried out in late-2012 or early 2013, but the hacker who is selling the data could not be more precise.

Given the timing, the entire store of VK's data -- which at the time had just under 190 million users -- is likely to have been taken in the hack.
#893 TeamViewer confirms number of hacked user accounts is “significant”
It was a tough week for TeamViewer, a service that allows computer professionals and consumers to log into their computers from remote locations. For a little more than a month, a growing number of users have reported their accounts were accessed by criminals who used their highly privileged position to drain PayPal and bank accounts. Critics have speculated TeamViewer itself has fell victim to a breach that's making the mass hacks possible.

On Sunday, TeamViewer spokesman Axel Schmidt acknowledged to Ars that the number of takeovers was "significant," but he continued to maintain that the compromises are the result of user passwords that were compromised through a cluster of recently exposed megabreaches involving more than 642 million passwords belonging to users of LinkedIn, MySpace, and other services.
#892 Keepass app developer overlooks security hole to preserve ads
Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.

The impact is potentially quite severe, too. An attacker could hijack the update process and deliver malware that would compromise your PC.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12