Security

You've probably been hearing the hype about lightning-fast 5G for years now. And while the new wireless networks still aren't ubiquitous in the United States, 5G is slowly cropping up in cities from Boston and Seattle to Dallas and Kansas City. With the faster connection speeds will come increased security and privacy protections for users, as the wireless industry attempts to improve on the defenses of 3G and 4G. But while 5G researchers say that the new network will bring major improvements, it still has some shortcomings of its own.

Google's password checking feature has slowly been spreading across the Google ecosystem this past year. It started as the "Password Checkup" extension for desktop versions of Chrome, which would audit individual passwords when you entered them, and several months later it was integrated into every Google account as an on-demand audit you can run on all your saved passwords. Now, instead of a Chrome extension, Password Checkup is being integrated into the desktop and mobile versions of Chrome 79.

Social engineering hacking preys on the vulnerabilities inherent in human psychology, so it’s vital for organizations to test employee cyber competence.

Take the Nigerian 419 scam as an example – the scammer tries to convince the victim to help get supposedly ill-gotten cash out of their own country into a safe bank, offering a percentage of the money for their participation. While “Nigerian prince” emails have been scamming people for decades, it’s still an effective social engineering technique that people fall for.

To counter the growing sophistication of computer attacks, Intel and other chip makers have built digital vaults into CPUs to segregate sensitive computations and secrets from the main engine computers use. Now, scientists have devised an attack that causes the Software Guard Extensions—Intel's implementation of this secure CPU environment to divulge cryptographic keys and induce potentially dangerous memory errors.

As has become a custom, Apple has simultaneously released software updates for nearly its entire suite of consumer products today—including iOS 13.3, iPadOS 13.3, macOS Catalina 10.15.2, watchOS 6.1.1, tvOS 13.3—and an update for HomePods. All updates should be available to all users by the end of the day.

Hackers believed to be working for the North Korean government have upped their game with a recently discovered Mac trojan that uses in-memory execution to remain stealthy.

In-memory execution, also known as fileless infection, never writes anything to a computer hard drive. Instead, it loads malicious code directly into memory and executes it from there. The technique is an effective way to evade antivirus protection because there’s no file to be analyzed or flagged as suspicious.

Payment card skimmers have hit four online merchants with help from Heroku, a cloud provider owned by Salesforce, a researcher has found.

IBM X-Force, the company's security unit, has published a report of a new form of "wiper" malware connected to threat groups in Iran and used in a destructive attack against companies in the Middle East. The sample was discovered in a response to an attack on what an IBM spokesperson described as "a new environment in the [Middle East]—not in Saudi Arabia, but another regional rival of Iran."

What kind of cyberattack would trigger a response from NATO?

That question, on so called Article 5 intrusions, has intrigued cybersecurity experts since the organization declared cyberspace a domain of warfare in 2016. But a more immediate question may be how NATO and its member nations confront the daily cyber events that never rise to the threshold of armed attacks.

A vulnerability in millions of fully patched Android phones is being actively exploited by malware that's designed to drain the bank accounts of infected users, researchers said on Monday.