Security News

Utah, North Dakota and South Dakota were the first U.S. states to launch voluntary phone apps that enable public health departments to track the location and connections of people who test positive for the coronavirus. Nearly a month after Utah launched its Healthy Together app to augment the state's contact-tracing efforts by tracking phone locations, state officials confirmed Monday that they haven't done any contact tracing out of the app yet.

"Trend Micro simply designed the driver to provide a significant amount of functionality to privileged callers in user-mode, allowing attackers to misuse the driver in several ways. The problem is that Trend Micro's driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world." Demirkapi believes Trend's kernel driver is cheating on Microsoft's WHQL driver verification test: if the driver detects it is installed on a computer running the test, it alters its behavior to pass the examination, whereas outside the test, it would fail to meet Microsoft's quality standards.

"Trend Micro simply designed the driver to provide a significant amount of functionality to privileged callers in user-mode, allowing attackers to misuse the driver in several ways. The problem is that Trend Micro's driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world." Demirkapi believes Trend's kernel driver is cheating on Microsoft's WHQL driver verification test: if the driver detects it is installed on a computer running the test, it alters its behavior to pass the examination, whereas outside the test, it would fail to meet Microsoft's quality standards.

A technician at ADT remotely accessed hundreds of customers' CCTV cameras to spy on people in their own homes, the burglar-alarm biz has admitted. When ADT dug into the logs, it became clear their rogue insider had been regularly spying on customers, including, it is claimed, accessing the video feed from the bedroom of one teenage girl dozens of times.

A technician at ADT remotely accessed hundreds of customers' CCTV cameras to spy on people in their own homes, the burglar-alarm biz has admitted. When ADT dug into the logs, it became clear their rogue insider had been regularly spying on customers, including, it is claimed, accessing the video feed from the bedroom of one teenage girl dozens of times.

A broad-based campaign group has written to UK health secretary Matt Hancock calling for greater openness in the government's embrace of private-sector tech companies contracted to provide a data store and dashboards as part of the NHS response to the COVID-19 outbreak. Campaign groups including Liberty, openDemocracy and Privacy International have now written to Hancock saying that promises of openness about the role of multiple private-sector tech firms in handling the health data of millions of UK citizens have not been fulfilled.

A broad-based campaign group has written to UK health secretary Matt Hancock calling for greater openness in the government's embrace of private-sector tech companies contracted to provide a data store and dashboards as part of the NHS response to the COVID-19 outbreak. Campaign groups including Liberty, openDemocracy and Privacy International have now written to Hancock saying that promises of openness about the role of multiple private-sector tech firms in handling the health data of millions of UK citizens have not been fulfilled.

Facebook founder Mark Zuckerberg on Monday urged the European Union to take the lead in setting global standards for tech regulation or risk seeing countries follow China as a model. Breton, one of the EU's top officials on tech policy, said that Facebook and other big tech companies must also live up to certain values.

On Wednesday, the software exploit broker said it won't pay anything for some iOS bugs due to an oversupply. Apple's iOS 13 has been particularly buggy, enough that SVP of software engineering Craig Federighi reportedly overhauled the company's internal software testing process to avoid a repeat when iOS 14 arrives later this year.

A new email scam is making the rounds, warning recipients that someone using their Internet address has been caught viewing child pornography. The message claims to have been sent from Microsoft Support, and says the recipient's Windows license will be suspended unless they call an "MS Support" number to reinstate the license, but the number goes to a phony tech support scam that tries to trick callers into giving fraudsters direct access to their PCs. The fraudulent message tries to seem more official by listing what are supposed to be the recipient's IP address and MAC address.