Security News

Microsoft Edge is one of the least private web browsers - even more so than other popular browsers like Google Chrome and Mozilla Firefox - according to academic researchers. According to the analysis, from Douglas Leith with the School of Computer Science and Statistics at Trinity College in Ireland, Edge sends privacy-invasive telemetry to Microsoft's back-end servers - including "Persistent" device identifiers and URLs typed into browsing pages.

TRR is short for Target Row Refresh, a high-level term used to describe a series of hardware protections that the makers of memory chips have been using in recent years to protect against rowhammering. Incidentally, reading out a row essentially wipes its value by discharging it, so immediately after any read, the row is refreshed by saving the extracted data back into it, where it's ready to be accessed again.

Quantifying risk is a significant challenge in cybersecurity. Wade Baker of Cyentia Institute discusses recent research projects.

File this one under "Well, duh." Consumer mag Which? today published research estimating that over a billion Android devices are vulnerable to hackers and malware as they are not receiving security updates. The most current version of Android is version 10, while Android 9.0 Pie and Android 8.0 Oreo continue to receive updates.

Data stolen from Tesco clubcards could be resold for just £2.70 a pop, reckons a price-comparison website that appears to have strayed into the dark web. "Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts. At no point was any customer's financial data accessed," Tesco said.

As Head of Research at CyberMDX, Elad Luz gathers and analyzes information on a variety of connected healthcare devices in order to improve the techniques used to protect them and/or report about their security issues to vendors. Care critical devices that are directly connected to patients like infusion pumps, ventilation, anesthesia, patient monitoring and such obviously represent the most critical endpoints from a security perspective.

The intellectual property, including research results, of biotechnology companies and other medical organizations is also increasingly a target for hackers, who sometimes dump data on hacker forums or public websites. While GBG did not identify the "Member company" impacted by the attack, media outlet Bleeping Computer on Jan. 23 reported that Medical Diagnostics Laboratory - a unit of GBG - was a victim of a Dec. 2, 2019, Maze ransomware attack that resulted in the dumping of more than 9 Gbytes of research related data on the Maze Team website.

The Norwegian Consumer Council has published an extensive report about how the adtech industry violates consumer privacy. At the same time, it is filing three legal complaints against six companies in this space.

A threat group linked to Iran has targeted a U.S.-based research company whose services are used by businesses and government organizations, cybersecurity firm Intezer reveals. Specifically, Intezer's security researchers discovered a phishing document masquerading as an employee satisfaction survey tailored to Westat employees.

Behavioral-biometrics company TypingDNA announces that it raised a $7 million Series A round led by Gradient Ventures, Google's AI-focused venture fund. TypingDNA has developed proprietary artificial intelligence algorithms to authenticate users based on how they type.