Security

Microsoft says a group that has been linked to Russian state-sponsored hacking and the theft of Democratic National Committee emails was behind a new round of cyberattacks targeting Windows users.

The Redmond company on Tuesday said a hacking campaign disclosed this week had exploited previously unknown vulnerabilities Microsoft’s Windows operating system and Adobe’s Flash in an attempt to gain control of computers. The group behind the attacks, which Microsoft calls Stronium, targeted a “specific set of customers,” Microsoft said without identifying the victims.

There's a new, more powerful Internet-of-things botnet in town, and it has managed to infect almost 3,500 devices in just five days, according to a recently published report.

Security experts claim to have found that a server belonging to Donald Trump was secretly passing messages to a Russian bank with close ties to Putin.

In a rather long winded article the Slate spoke to a security expert who stumbled across  a bank in Moscow that kept irregularly pinging a server registered to the Trump Organisation on Fifth Avenue.

Microsoft said Tuesday that it will issue a fix next week for a Windows vulnerability it says is being exploited by hackers linked to Russia's government.

The company said in a blog post that it would release the fix November 8 as part of its normal patch cycle, adding that a well-known hacking group was already using the newly discovered flaw in a spearphishing campaign. The bug, which was publicly revealed by Google on Monday, can be used to bypass the security in the Windows32K system.

Quick! Open your Android device, go to the App Drawer, and count the number of apps you no longer use that are still installed. Now go back through that list of apps you no longer use and find out which ones are no longer maintained or which suffer from long-standing malware vulnerabilities.

Done? Didn't think so.

Imagine a major attack against the Internet on Election Day with a singular goal: disrupt voter turnout.

It sounds like pure paranoia, but that's the gist of a debate that started on Twitter this weekend and quickly drew in some big names in Silicon Valley.

The UK will "strike back" if it comes under cyber-attack, Chancellor Philip Hammond said as he announced cyber-defence funding will get a boost from a £1.9bn government security strategy.

The package of measures are aimed at protecting the Government, businesses and citizens from online threats including state-sponsored hackers.

Recently, Google’s Threat Analysis Group discovered a set of zero-day vulnerabilities in Adobe Flash and the Microsoft Windows kernel that were already being actively used by malware attacks against the Chrome browser. Google alerted both Adobe and Microsoft of the discovery on October 21, and Adobe issued a critical fix to patch its vulnerability last Friday. But Microsoft has yet to patch a critical bug in the Windows kernel that allows these attacks to work—which prompted Google to publicly announce the vulnerabilities today.

Shadow Brokers—the name used by a person or group that created seismic waves in August when it published some of the National Security Agency's most elite hacking tools—is back with a new leak that the group says reveals hundreds of organizations targeted by the NSA over more than a decade.

"TheShadowBrokers is having special trick or treat for Amerikanskis tonight," said the Monday morning post, which was signed by the same encryption key used in the August posts. "Many missions into your networks is/was coming from these ip addresses."

All the hype around the new MacBook Pro has been about what its flashy new Touch Bar can do, but there’s good reason to be excited about its Touch ID sensor, too.

One early example: the maker of 1Password, AgileBits, is already showing off its planned support for the laptop’s fingerprint sensor. It plans to allow users to log into 1Password without typing in their (quite possibly complicated) master password.