Microsoft to offer paid Windows 7 Extended Security Updates after January 14, 2020

Microsoft said last Fall that it would offer paid Windows 7 Extended Security Updates on a per-device basis for big customers willing to pay for them after the company ends Windows 7 support on January 14, 2020. Microsoft officials wouldn’t talk about how much those updates would cost, beyond saying they’d get more expensive over time.  Windows 7 Extended Security Updates for three years, meaning through January 2023. These will be security patches/fixes like the ones Microsoft is currently providing for free for Windows 7 users, as Windows 7 is still in “Extended”…

Read More

17 Canadian federal depts. and agencies failed basic tests for credit card data security

Facebook

The Canada Revenue Agency, the RCMP, Statistics Canada and more than a dozen other federal departments and agencies have failed an international test of the security of their credit card payment systems. Altogether, half of the 34 federal institutions authorized by the banking system to accept credit-card payments from citizens and others have flunked the test — risking fines and even the revocation of their ability to accept credit and debit payments. Those 17 departments and agencies continue to process payments on Visa, MasterCard, Amex, the Tokyo-based JCB and China…

Read More

Rogue Move? Facebook to start flooding WhatsApp with Ads in 2019

WhatsApp launches end-to-end encryption on messages for all its users

WhatsApp has been free, but soon users can expect a significant change in their experience of WhatsApp. The Android and iOS chat app, originally released in 2009, will start to embed paid-for content in the app’s Status feature from 2019. The Status feature is similar to Stories on Instagram and Facebook, letting users upload Snapchat-style pics and videos that can be viewed for 24 hours. Facebook wants to interrupt some of these Statuses with short ads, although details are light. WhatsApp’s co-founders were famously against ads, and supportive of encrypted…

Read More

Apple cracking down on apps store, requires all to define a privacy policy

Apple is taking an unprecedented step on its store in the fight for privacy. The tech company is cracking down on apps that don’t communicate to users how their personal data is used, secured or shared. In an announcement posted to developers through the App Store Connect portal, Apple says that all apps, including those still in testing, will be required to have a privacy policy as of October 3, 2018. The rules go into effect on October 3rd. Apple says that current software without a policy won’t be removed…

Read More

South Africa’s Second biggest database leak exposes almost 1 million personal records

Barely a year after South Africa’s largest data leak was revealed in 2017, the country has suffered yet another data leak as 934,000 personal records of South Africans have been leaked publicly online. The data includes, among others, national identity numbers (ID numbers), e-mail addresses, full names, as well as plain text passwords to what appears to be a traffic fines related online system. Working together with Troy Hunt, an Australian Security consultant and founder of haveibeenpwned, along with an anonymous source that has been communicating with iAfrikan and Hunt, we’ve managed to establish that the…

Read More

Researchers have found a vulnerability in two popular email encryption protocols

European security researchers have found an alarming new vulnerability in the most common forms of email encryption. The attack, described in a report published Monday morning, lets bad actors inject malicious code into intercepted emails, despite encryption protocols designed to protect against code injection. Implemented correctly, the malicious code could be used to steal the entire contents of a target’s inbox. The vulnerability affects two of the most common email encryption protocols, PGP and S/MIME, although the degree of vulnerability depends heavily on the client’s implementation of the protocol. A…

Read More

Laundered Bitcoin Billions Linked to UK Company

A UK company has been linked to the laundering of 650,000 stolen bitcoins worth £4.5bn.The coins were taken by hackers from Tokyo-based Bitcoin exchange Mt Gox, leaving tens of thousands of customers out of pocket. It’s not clear who is in control of the London-based firm Always Efficient LLP. Mt Gox operator Mark Karpeles apologised to investors and said he was co-operating with the investigation. The FBI has charged a Russian national with laundering the stolen bitcoins. Mt Gox matched up those who wanted to buy the crypto-currency with dollars,…

Read More

Winter Olympics hit by cyber-attack

The official Winter Olympics website was taken offline after being hit by a cyber-attack, officials have confirmed. The site was affected just before the beginning of the opening ceremony in Pyeongchang, South Korea. TV and internet systems at the Games were also disrupted, though operations were restored about 12 hours later. However, a spokesman said that the International Olympic Committee would not be commenting on who might have been behind the incident. “Maintaining secure operations is our purpose,” said Mark Adams. He added that the issue was being dealt with…

Read More

Dutch DDoS mystery: Who’s behind the sudden massive wave of attacks on banks?

There is as yet no indication of who is behind the massive distributed denial of service (DDoS) attacks on Netherlands banks and government websites that ran from last weekend to Tuesday. Initial reports suggesting a Russian connection appear baseless. The attacks began just a couple of days after media reports stated that Dutch intelligence tipped off their American counterparts about state-sponsored Russian spies hacking the apparatus of the Democratic Party and stealing the infamous “leaked emails” that may have swayed the 2016 election. “This weekend’s DDoS attacks were heavier than…

Read More

Microsoft issues emergency Windows update in a move to disable Intel’s buggy Spectre fixes

Microsoft has issued another out-of-band security update this month, to deal with the issues around Intel’s Spectre firmware updates. Intel warned last week that its own security updates have been buggy, causing some systems to spontaneously reboot. Intel then buried a warning in its latest financial results that its buggy firmware updates could lead to “data loss or corruption.” Intel has been advising PC makers and customers to simply stop updating their firmware right now, until properly tested updates are available. Microsoft has gone a step further, and is issuing…

Read More