More stories

  • in

    Patch your Windows PC now before bootkit malware takes it over – here’s how

    Elyse Betters Picaro / ZDNETWindows users who don’t always install the updates rolled out by Microsoft each month for Patch Tuesday will want to install the ones for June. That’s because the latest round of patches fixes a flaw that could allow an attacker to control your PC through bootkit malware.Designated as CVE-2025-3052, the Secure Boot bypass flaw is a serious one, according to Binarly security researcher Alex Matrosov, who discovered the vulnerability. In a Binarly blog post published Tuesday, he described the problem as a memory corruption issue that exploits Microsoft’s Secure Boot. Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more”Attackers can exploit this vulnerability to run unsigned code during the boot process, effectively bypassing Secure Boot and compromising the system’s chain of trust,” Matrosov said. “Because the attacker’s code executes before the operating system even loads, it opens the door for attackers to install bootkits and undermine OS-level security defenses.” Crafty and dangerous malwareBootkit malware is especially crafty and dangerous. By running before your PC boots up, it’s able to skirt past your usual security protection and evade detection. Plus, such malware can allow attackers to control your PC, infect it with additional malware, or even access your confidential information. The irony here is that Microsoft implemented Secure Boot on Windows PCs specifically to prevent malware from loading during the boot-up process. This security feature has been available on PCs that use Unified Extensible Firmware Interface (UEFI) firmware as a more modern replacement for the older BIOS firmware. Also: Apple, Google, and Microsoft offer free password managers – but should you use them?In this case, however, the flaw lets an attacker bypass Secure Boot by signing a vulnerable UEFI application with Microsoft’s third-party certificates, essentially giving it carte blanche to run. Though the flaw itself has not been exploited in the wild, the vulnerable application has been around since late 2022, and was uploaded to the VirusTotal security site, which is where Matrosov discovered it. More

  • in

    How to remove your personal info from Google Search – it’s quick and easy

    How long does Google take to approve removal requests? When you submit a removal request, Google will send a confirmation email and inform you when the URL is no longer visible in Search. In many cases, this happens within a few minutes to a few days. Also: The best secure browsers for privacy in 2025: Expert testedWhen I tried Google’s removal tool for myself, I found the process simple. I searched for my name, found a site that listed my information, and submitted a removal request. My request was approved four minutes later. “Within a few hours,” Google’s follow-up email explained, “the URL for this result will no longer be visible”. More

  • in

    How to turn on Android’s Private DNS Mode – and why your security depends on it

    Kerry Wan/ZDNETNearly everything you do on your desktop, laptop, phone, and tablet begins with a Domain Name System (DNS) query. Essentially, DNS turns domain names (such as ZDNET.com) into an IP address so web browsers and apps know where to get the information you want. Also: Your Android phone is getting 4 big upgrades for free, thanks to Android 16Without DNS, you’d have to type 34.149.132.124 every time you wanted to go to ZDNET.com or 74.125.21.102 to go to Google.com. Even by simply running a Google search, DNS is at work. The problem is that standard DNS isn’t encrypted, meaning all your queries are sent over the network as plain text.Why is non-encrypted DNS a problem?Let’s say you’re on a public network  — like a coffee shop — and you start searching for things on your Android device. Or maybe you have to access a CMS or another work tool, and you don’t want the public to know the address you’re typing. If someone else is on the same network and has the skills, they could intercept your non-encrypted search queries (or the URLs you visit) and know exactly what you’re looking for.That’s where Private DNS Mode comes into play. Once you enable this feature, all of your DNS queries are encrypted, so bad actors won’t be able to view them (even if they capture those packets). In other words, Private DNS Mode should be an absolute must for anyone who values their privacy and security.Also: I test dozens of Android phones every year: Here’s how the best models stack upBut how do you enable Private DNS Mode on Android? It’s actually pretty simple. Let me show you how.How to enable Private DNS mode on AndroidWhat you’ll need: The only thing you need to enable Private DNS Mode is an Android device running at least Version 9 of the operating system (released in 2018). I’m using a Pixel 9 Pro; pretty much every modern Android phone is capable of enabling Private DNS. More

  • in

    Your Android phone is getting new security protections – and it’s a big deal for enterprises

    Kerry Wan/ZDNETMobile devices are always a tempting target for cybercriminals. That’s true not just for consumers but for companies. According to Google, more than half of organizations have pointed to smartphones as their most exposed endpoint, and data breaches often occur from improper use of these devices. In a blog post released on Tuesday, Google describes the latest protections available with its Android Enterprise platform.Also: Your Android phone is getting 4 big upgrades, thanks to Android 16Mobile devices have become popular, convenient tools among workers, as they can access email, apps and other internal business resources from anywhere. But often an employee’s phone is unmanaged and uncontrolled, leading to security weaknesses that can be exploited by hackers and attackers. Android Enterprise offers organizations and IT admins a way to better manage these devices, whether they’re company-owned or employee-owned. Though Android Enterprise has been around for a number of years, here are some of the latest initiatives Google has introduced. Security features Advanced protection: Employees can better thwart targeted attacks through strong mobile device protection. With just a single tap, they can enable multiple security features to defend against online attacks, malicious apps, unsafe websites, scam calls and other threats. This feature is accessible on Android 16 and higher but may only be available on certain devices and in specific regions. Identity Check: This feature prevents scams such as PIN theft and shoulder surfing, in which nearby thieves can pick up the PIN or password used to access a phone. With Identity Check, signing in to the device and apps requires a biometric method, such as facial or fingerprint recognition. This feature is also available on Android 16 and higher on certain devices. Corporate badges in Google Wallet: Employees can add their corporate ID badge to the Google Wallet app and then use their phones to securely gain entry to NFC-enabled buildings and offices. Secure network access with Access Point Name: Access Point Name, or APN, is a secure gateway between a mobile network and the public internet. With APN enabled, IT admins can apply custom cellular network configurations on managed devices to control how they use cellular data.Also: 7 simple things I always do on Android to protect my privacy – and why you should too More

  • in

    Cybercriminals are stealing business Salesforce data with this simple trick – don’t fall for it

    Mensent Photography/Getty Do you use Salesforce at your business? If so, then you’ll want to watch out for a new phishing attack in which hackers aim to steal your Salesforce data. In a blog post published Wednesday, Google’s Threat Intelligence Group explained how the attackers are using vishing, or voice phishing, to trick employees into […] More

  • in

    Your Asus router may be part of a botnet – here’s how to tell and what to do

    Elyse Betters Picaro / ZDNETDo you own an Asus router? If so, your device may have been one of thousands compromised in a large campaign waged by cybercriminals looking to exploit it. In a blog post published Wednesday, security firm GreyNoise revealed that the attack was staged by what it suggests is “a well-resourced and highly capable adversary.”Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and moreTo gain initial access, the attackers used brute-force login techniques and two different methods to bypass the built-in authentication. They’ve also been able to exploit certain vulnerabilities not yet assigned official CVE numbers. Once they’d accessed the router, they were able to run arbitrary system commands by exploiting a known security flaw identified as CVE-2023-39780.Though no malware was actually installed, the attackers certainly left their mark. More than 9,000 Asus routers affectedBy using built-in Asus settings, they were able to set up SSH access, a secure way to connect to and control a remote device. They also installed a backdoor to return easily to the router’s firmware without worrying about authentication. The backdoor was stored in non-volatile memory (NVRAM), which meant it couldn’t be removed by rebooting the router or updating its firmware. To avoid being caught, the criminals even disabled logging, which would otherwise record their access. Also: Why no small business is too small for hackers – and 8 security best practices for SMBsBased on data from internet scanner Censys, more than 9,000 Asus routers are affected, and that number is growing. However, GreyNoise said that over the past three months, it witnessed only 30 related requests to access the affected routers. That seems to be a sign that the campaign is moving along slowly and quietly. If no malware is installed, what’s the goal behind the attack? “This appears to be part of a stealth operation to assemble a distributed network of backdoor devices — potentially laying the groundwork for a future botnet,” GreyNoise said in its post.And who’s behind it?”The tactics used in this campaign — stealthy initial access, use of built-in system features for persistence, and careful avoidance of detection — are consistent with those seen in advanced, long-term operations, including activity associated with advanced persistent threat (APT) actors and operational relay box (ORB) networks. While GreyNoise has made no attribution, the level of tradecraft suggests a well-resourced and highly capable adversary.” Also: Your old router could be a security threat – here’s why and what to doThe language used by GreyNoise, particularly the reference to APTs, suggests a nation-state or attackers working on behalf of a hostile government. Though GreyNoise didn’t cite any particular adversary, such attacks have been attributed to different countries, including China, Russia, North Korea, and Iran.Using its AI-powered payload analysis tool Sift and its observation grid, GreyNoise discovered the attack on March 18. But the firm said it waited until now to disclose it publicly so it could have time to consult with its government and industry partners.”In the past few years, networking gear especially for the home, SOHO, and SMB market segments, has had a rough go with attackers increasingly targeting these devices,” John Bambenek, president at cybersecurity firm Bambenek Consulting, told ZDNET. “The risk of the household being compromised is minimal, they’ll simply have their router be used to launch attacks on other parties (though they might start experiencing more captchas when they engage in their routine internet use). Sophisticated attackers are going for these devices because they intend to do something, and it’ll be more than cryptomining.” More

  • in

    Qualcomm patches three exploited security flaws, but you could still be vulnerable

    Qualcomm Wireless tech maker Qualcomm has patched three zero-day security flaws that it says may have already been exploited in the wild. In a security bulletin published Monday, the company revealed that the issue affects a driver for the Adreno Graphics Processing Unit, which is found in devices powered by its Snapdragon processors. Also: The […] More

  • in

    The default TV setting you should turn off ASAP – and why professionals do the same

    Adam Breeden/ZDNETFor many people, motion smoothing on TVs is only appropriate for gaming and watching live sports; enthusiasts typically prefer turning off the feature to watch anything else because it can detract from the filmmaker’s original intent, making on-screen images seem artificial or hyper-realistic. This is what’s called the “soap opera effect.” Also: I changed 6 settings on my Samsung TV to instantly improve the performanceIt’s a perfectly descriptive metaphor that probably requires no explanation. You can see it all too well: the cinematic film should not look like a daytime soap; you shouldn’t feel like you’re on the set with the actors. But it is appealing to feel like you’re in the stadium watching your team with thousands of fans. The soap opera effect makes sense for live sporting event broadcasts. More