Microsoft and Intel researchers have found a way to combine artificial intelligence and image analysis to create a highly effective means to combat malicious software infections. The researchers call their approach "STAMINA" -- static malware-as-image network analysis -- and say it's proven to be highly effective in detecting malware with a low rate of false positives.

A Dutch researcher has revealed a novel way to crack into a PC through a Thunderbolt port. The method, dubbed "Thunderspy" by researcher Björn Ruytenberg, sidesteps the login screen of a sleeping computer, as well as its hard disk encryption, to access all its data. "Thunderspy is stealth, meaning that you cannot find any traces of the attack. It does not require your involvement," he explained.

Under ordinary circumstances, the average consumer can order a latte on the way to the coffee shop, book a last-minute trip to the coast, and come home to find groceries delivered -- all with the click of a button. What makes these transactions so smooth and effortless? It starts with account creation. Consumers increasingly are willing to create accounts with sites they interact with regularly.

E-commerce account takeovers increased 347 percent and shipping fraud jumped 391 percent from 2018 to 2019, a fraud and identity solutions company reported. Fraudsters are gaining access to accounts using credential stuffing, romance scams, social engineering, phishing or hacking. The three-digit rise in account takeovers is connected to the rash of data breaches over the last decade.

Microsoft and partners have disrupted the Necurs botnet group blamed for infecting more than 9 million computers globally. There are 11 botnets under the Necurs umbrella, all apparently controlled by a single group, according to Valter Santos, security researcher at Bitsight, which worked with Microsoft on the takedown. Four of those botnets account for about 95 percent of all infections.

The United States Office of Personnel Management last week urged agencies to prepare to allow federal employees to telework -- that is, work remotely.This came on the heels of the Department of Homeland Security closing its facilities in Washington state, after learning an employee had visited the Life Care facility in the city of Kirkland, which is ground zero for the state's COVID-19 outbreak.

Since Android's unveiling in 2007, the platform has stayed true to its commitment to provide open and free source code. The source code is freely available to developers and device manufacturers who can, at their own discretion, install the software without worrying about the hassles of licensing fees. Android not only delivers cheaper smartphones -- it is the largest mobile OS in the world.

Ransomware hit at least 966 U.S. government agencies, educational establishments and healthcare providers in 2019, at a cost possibly exceeding $7.5 billion. The victims included 113 state and municipal governments and agencies; 764 healthcare providers; and 89 universities, colleges and school districts. Operations at up to 1,233 individual schools potentially were affected.

A vulnerability in Philips Hue smart lightbulbs and their controller bridges could allow intruders to infiltrate networks with a remote exploit, Check Point Software Technologies has disclosed. The researchers notified the owner of the Philips Hue brand about the vulnerability in November, and it issued a patched firmware version through an automatic update.

A digital forensic analysis conducted by FTI Consulting concludes with "medium to high confidence" that Amazon CEO Jeff Bezos' smartphone was hacked through a malicious file sent from the WhatsApp account of Saudi Arabian crown prince Mohammed bin Salman. The malware was in an MP4 file attached to a WhatsApp message. UN special rapporteurs released technical elements of the report.

Cybersecurity and privacy threats aren't confined to the tech world. They've cast their pall on the world in general. Computer viruses, malware and data leaks have become commonplace, personal privacy has become a bad joke, and cyberwar looms like a virtual mushroom cloud. What sometimes gets lost in the gloom are the many ways security professionals have been working to shore up cyberdefenses.

Cybersecurity is a very serious issue for 2020 -- and the risks stretch far beyond the alarming spike in ransomware. In addition to the daily concerns of malware, stolen data and the cost of recovering from a business network intrusion, there is the very real danger of nefarious actors using cyberattacks to influence or directly impact the outcome of the 2020 U.S. general election.

After 10 years of fully supporting Windows 7, Microsoft ended its official support for the out-of-date Windows operating system on Tuesday. The popular classic Windows 7 OS still runs on some 200 million PCs around the globe, according to industry estimates. Users include small business owners, some larger companies, and hordes of consumers holding onto aging personal computers.

Ransomware tops the list of cybersecurity threats for 2020. While there have been efforts to convince individuals, corporations and municipalities not to pay ransoms, the simple fact is that whenever one is paid, the attack becomes a success that encourages cyberthieves to try again. Ransomware attacks increased 18 percent in 2019, up from an average 12 percent increase over the past five years.

Google has released an update to its Chrome browser with a slew of new features that are heavy on security. The new version has 51 security fixes. It offers improved password protection over earlier versions, real-time phishing protection, and predictive phishing tools. Google recognizes the issues and has taken steps to fix them, noted James McQuiggan, security awareness advocate at KnowBe4.

Microsoft will end support for Windows 7 on Jan. 14, 2020. Windows 7 will continue to run on Jan. 14 as it did on Jan. 13. So why is it so important to upgrade to Windows 10? The answer: cybercrime. End of support means that Windows 7 no longer will receive the OS patches or security updates that keep your IT systems safe. Uusing an unpatched out-of-date system is like leaving the door wide open.

Flaws in Amazon and Google smart speakers can expose users to eavesdropping and voice phishing. Researchers at Security Research Labs discovered that developers could create malicious apps for the Amazon and Google platforms to turn the smart speakers into smart spies. Using the standard development interfaces for the platforms, the researchers found a way to request and collect personal data.

Online tech support scams have been on the rise for the past decade, as hackers found new ways to trick consumers into providing remote access to their computers in order to steal information. This tried-and-true scam currently relies on sophisticated social engineering, fueled by detailed user information that creates enough credibility to dupe even the most savvy and skeptical users.

October is National Cyber Security Awareness Month, and one of the prongs in the three-part theme is for all computer users to "Own IT." This means staying safe on social media, updating privacy settings, and keeping tabs on apps. Simply put, users need to take better ownership of their data and their online presence as part of daily safe cyber practices.

Two eGobbler malvertising exploits impacted 1.16 billion programmatic ads between Aug. 1 and Sept. 23, according to Confiant, which has been tracking the threat. The first targeted versions of Chrome prior to Chrome 75 on iOS. The flaw was fixed in the Chrome 75 rollout June 4. he second exploit impacted WebKit-based browsers. Confiant reported it to the Chrome and Apple security teams Aug. 7.

Cybersecurity should be a concern for all businesses -- large and small. Cybersecurity also should be a concern for consumers, government agencies, and basically anyone who relies on the Internet in our increasingly connected world. Among efforts to focus attention on the threatscape is designating October as National Cyber Security Awareness Month.

Users of a multi-cloud storage strategy may be twice as likely to face a security breach as those that use hybrid or single clouds, suggests a report from UK-based security specialist Nominet. Fifty-two percent of survey respondents who adopted a multi-cloud approach suffered a data breach over the past 12 months, compared to 24 percent of hybrid cloud users, and 24 percent of single-cloud users.

Google, Mozilla and Apple have blocked a fake root certificate issued by Kazakhstan's government to spy on its citizens' online activities. The government provided separate installation instructions for Android, iOS, Chrome, Firefox, and IE Web browsers. When those who installed the certificate attempt to access website using Chrome, Firefox or Safari, they now will see an error message.

Numerous driver design flaws by 20 different hardware vendors expose Microsoft Windows users to widespread security compromises that can cause persistent malware attacks. A report titled "Screwed Drivers," which Eclypsium security researchers presented at DEF CON, urges Microsoft to support solutions to better protect against this class of vulnerabilities.

Is anyone surprised to learn that in just the first quarter of 2019 more than $1.2 billion worth of cryptocurrency was stolen? Probably not. This story follows the old line from bank robber Willie Sutton who is credited with saying that he robbed banks "because that's where the money is." So not much has changed. Cryptocurrencies are not exactly money, though, even if they do have a market value.

Many users of Facebook's WhatsApp messaging software are scrambling to patch the program in response to news of a flaw that allowed spyware to be installed on mobile phones running Android and iOS. "This new type of attack is deeply worrying and shows how even the most trusted mobile apps and platforms can be vulnerable," said Mike Campin, vice president of engineering at Wandera.

Baltimore officials have admitted that the city government once again has been victimized by ransomware -- the second such attack in just over a year. City computers reportedly were infected with the RobinHood ransomware virus. Hackers told city officials that they would unlock the computers in return for payment of three bitcoins per system, or 13 bitcoins for the entire system.

A new cryptovirus called "B0r0nt0K" has been putting Linux and possibly Windows Web servers at risk of encrypting all of the infected domain's files. The new ransomware threat and the ransom of 20 bitcoins -- about $75,000 -- first came to light last week in a forum post. A client's website had all its files encrypted and renamed with the .rontok extension appended to them, the forum user indicated.

The Samsung Galaxy S10, scheduled for launch on Feb. 20, likely will incorporate a cryptocurrency wallet. "Samsung has a long history of throwing everything it can think of, technology-wise, into its flagship Galaxy S series smartphones," remarked Ken Hyers, research director at Strategy Analytics. Most users aren't fully aware of their Galaxy S phone capabilities, he noted.

Hackers planted malware on StatCounter to steal bitcoin revenue from Gate.io account holders, according to Eset researcher Matthieu Faou, who discovered the breach. The malicious code was added to StatCounter's site-tracking script last weekend, he reported. The malicious code hijacks any bitcoin transactions made through the Web interface of the Gate.io cryptocurrency exchange.