Link list

Not using Adobe’s PDF reader doesn’t mean you’re avoiding PDF malware

Something like 400 million people use Foxit’s PDF reader. And as a dozen vulnerabilities have been found in the software, one hopes that 400 million people are checking they have updated their copy. ThreatPost has the details about the vulnerabilities found in builds 7.3.4.311 and earlier of Foxit Reader and Foxit PhantomPDF: To exploit the


48 sec read

Microsoft rethinks Windows 10 upgrade push following complaints

Dave Lee at BBC News reports: In recent months, in an apparent bid to accelerate adoption of Windows 10, Microsoft altered the way it asked users if they wanted to upgrade. It gave the Windows 10 update “recommended” status, normally reserved for critical security updates. If when prompted to update to Windows 10 users clicked


52 sec read

Unwanted Windows 10 update wins woman $10,000 from Microsoft

The Seattle Times reports: A few days after Microsoft released Windows 10 to the public last year, Teri Goldstein’s computer started trying to download and install the new operating system. The update, which she says she didn’t authorize, failed. Instead, the computer she uses to run her Sausalito, Calif., travel-agency business slowed to a crawl.


44 sec read

Automated bots bombard EU referendum petition with fake signatures

BBC News reports: An online petition calling for a second EU referendum has been hijacked by automated bots adding false signatures. Posts on the 4chan message board indicated that some users had scripted programs to automatically sign the petition. Thousands of signatures appeared to have come from people in Vatican City and Antarctica. The House


46 sec read

Comodo stands down from trademark tussle with Let’s Encrypt

Looks like Comodo has had second thoughts about entering a trademark dispute over the term “Let’s Encrypt”, as Steve Ragan at CSO Online reports: A Comodo staffer, Robin Alden, said that the company had abandoned their let’s encrypt trademarks. “Comodo has filed for express abandonment of the trademark applications at this time instead of waiting


21 sec read

Intel to quit the security business (again), and jettison McAfee?

A long time ago, Intel used to have its own anti-virus product. They called it Intel LanDesk Virus Protect. Intel LanDesk Virus Protect got gobbled up by Symantec in 1998, and most of us thought that the chip giant had quit the security business. Fast forward 12 years to 2010 and Intel surprised us all


54 sec read

Privacy, risk and trolls: Dealing with the security challenges of YouTube fame

Interesting exploration by Joan Goodchild of CSO Online about the privacy issues facing YouTube vloggers: Unlike television and movie stars, these online celebrities face a different kind of privacy challenge because, by nature of the work they do, they are expected to be accessible and to interact with fans. Keeping things private and running a


38 sec read

Let’s Encrypt and Comodo in trademark tussle

The non-profit Let’s Encrypt project, set up to help more websites switch on HTTPS for free, has found itself in a kerfuffle with Comodo, one of the largest commercial vendors of website certificates. Let’s Encrypt writes: Some months ago, it came to our attention that Comodo Group, Inc., is attempting to register at least three


48 sec read

154 million voter records exposed, revealing gun ownership, Facebook profiles, and more

Security researcher Chris Vickery came across an online database, hosted on a Google Cloud server, containing 154 million US voter records. It emerged that the poorly-secured database belonged to an unnamed client of data brokerage firm L2. The client has blamed hackers for leaving the database accessible from the outside world, without even the simplest


46 sec read

Yes, even coders make the mistake of reusing passwords

GitHub has issued a security advisory: On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of GitHub.com accounts. This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past, and trying them on


35 sec read

Apple will require HTTPS connections for iOS apps by the end of 2016

Kate Conger at TechCrunch reports: “Today, I’m proud to say that at the end of 2016, App Transport Security is becoming a requirement for App Store apps,” Apple’s head of security engineering and architecture, Ivan Krstic, said during a WWDC presentation. “This is going to provide a great deal of real security for our users


48 sec read

Telegram calls claims of bug in messaging service bogus

The most interesting part of this ThreatPost report is where they share some background on Sadegh Ahmadzadegan and Omid Ghaffarinia, the researchers who claim to have uncovered the flaw in Telegram: Regarding claims by the Iranian researchers, Telegram’s Markus Ra told Threatpost that the allegations were “click bait fear mongering” on the part of the


31 sec read

Computer crash wipes out years of Air Force investigation records

Defense One: The U.S. Air Force has lost records concerning 100,000 investigations into everything from workplace disputes to fraud. A database that hosts files from the Air Force’s inspector general and legislative liaison divisions became corrupted last month, destroying data created between 2004 and now, service officials said. Neither the Air Force nor Lockheed Martin,


33 sec read

Critical Adobe Flash bug under active attack currently has no patch

Adobe is working on a patch for a newly-discovered vulnerability in Adobe Flash that is being actively exploited by hackers in targeted attacks. Ars Technica has the details: The active zero-day exploit works against the most recent Flash version 21.0.0.242 and was detected earlier this month by researchers from antivirus provider Kaspersky Lab, according to


33 sec read