Security News

On this page you will find links to selected IT-security related news articles from various sources, including news from conferences and some test results. Posts in this category might be written by externals and students. If you find some interesting news, please let us know!

Malware in the media: Bad Rabbit ransomware and Wifi-Krack vulnerability

At AV-Comparatives we follow around 50 security related news sources for the selection of the malware of the month. Often the blog post headers of the news feeds show a variety of security issues and news items addressed. To Determine which malware(s) got substantial media attention normally requires further reading of the blog posts. This month it was an easy choice. Bad Rabbit and the Wifi-Krack dominated the media.

Continue reading…

Spotlight on security: New Windows 10 security features

On Tuesday the 17th October, Microsoft started to rollout the ‘Fall Creators Update’ of Windows 10. This second major update in 2017 has some interesting new security features. Microsoft was so generous to give Windows 10 Home users also the added protection of the new Exploit Guard and Controlled folder access. The only catch is that they are built into Windows Defender.

Continue reading…

Malware in the media: anti-malware tests are our legacy and future

The DerbyCon security conference reminded us of an important AV-Comparatives advantage. In his keynote speech John Strand stated that “researchers are terrified that they are going to get sued”.  At AV-Comparatives we have some experience with security firms threatening to go to court to prevent publish our (independent) test report. One vendor for example tried to prevent us publishing our Next Gen endpoint protection test results by publicly announcing to sue one of our partners. 

Continue reading…

Spotlight on security: iPhone X introduction – job well done?

Did you watch the Apple event? The first ever announcement in the Steve Jobs Theater showed that they miss Steve Jobs. I remember Steve Jobs introducing the NeXTcube. That was a jaw dropping event. The NeXTcube had display depth while the rest of the world used monochrome. It marked the birth of the dock. Combining an application launcher, desktop explorer, and task manager into one single application. So simple straightforward, yet so brilliant and beautiful.

Continue reading…

Malware in the media – Augusts’ eclipse and Android 8

On August the 21st people in the USA could witness a total solar eclipse. People from Oregon to South Carolina could see the moon totally covering the sun. A total eclipse is a unique event. The last total eclipse of the sun happened 38 years ago and the next one will be in 2024. Google smartly used this event to introduce the next Android OS version. Version 8 is named Oreo, a popular chocolate cookie filled with butter milk cream.

Continue reading…

Spotlight on security: Does Google lives up to its promise?

In 2007 Google promised to change the world with Android and the Open Handset Alliance: “A new computing environment that will change the way people access and share information in the future. The Android platform will be available under one of the most progressive, developer-friendly open-source licenses to bring to market new innovative products faster and at a much lower cost.

A decade after the announcement we did some fact checking to see whether Google lives up the promises made in the original press release?  

Continue reading…

Malware in the media – July’s “ignorance is bliss”

The Internet of Things (IoT) promises to make life easy, but Panda calls it “the next cyber security nightmare” and CSO ranked “the Internet of malicious things” as the number one threat for 2017. Shortly after the NotPetya ransom-worm, the first ever WIFI-worm was unveiled: broadpwn!

On July the 27th Nitay Artenstein demonstrated the first successful WIFI-worm attack at the Blackhat USA 2017 event. Broadpwn used a vulnerability of the Broadcom WIFI chipset which could potentially impact over one billion smartphones. Luckily both Google  and Apple released a patch before public disclosure (ignorance is bliss).

Continue reading…

Spotlight on security: Bob Dylan & Dalai Lama on threats & transparency

At first glance the WannaCry and NonPetya outbreaks are no different from the CryptoLocker outbreak of 2015 or the CryptoWall outbreak of 2014. Some of us may even remember the first file-encrypting malware, called PC Cyborg Trojan (aka AIDS Trojan) discovered in 1989. So security insiders may ask themselves in despair: How many fools does it take, to make the same mistake over and over again?

Continue reading…