Latest news with #U.S.CybersecurityandInfrastructureSecurityAgency
Forbes
20-05-2025
- Forbes
Google Chrome — Relaunch Your Browser Now To Stop Hacks
Relaunch your Google Chrome browser now. Update, May 20, 2025: This story, originally published May 19, has been updated with further advice regarding Chrome browser security updates from Google, as well as what you can do if your Chrome update fails. Do you use the Google Chrome browser? Silly question, really, considering it's the world's most popular browsing platform with more than three billion users. Here's another question, then: when was the last time you relaunched Chrome? If the answer is I don't know, then you could be leaving yourself, your system and your data open to attack. Not only do you need to act now, but you should act regularly if you want to be protected against the ongoing Chrome hacker threat. Here's what you need to know. I hope you are sitting down as I'm about to take you on a whistle-stop recent news headlines tour to explain precisely why you need to take the Chrome browser attack threat seriously. Let's start on March 4, when Google confirmed no less than nine newly discovered browser security vulnerabilities, followed by another five just six days later. Fast forward to March 20, and a new critical Chrome vulnerability dropped, with more on April 16, April 22, April 29 and May 6. It was on May 14, however, that Google confirmed the most critical in this long list of Chrome security vulnerabilities, CVE-2025-4664. Why so critical? Because, according to the U.S. Cybersecurity and Infrastructure Security Agency, it was already being exploited by attackers in the wild. All security vulnerabilities are serious, but some are to be taken more seriously than others. If a Chrome zero-day emerges, where attackers are already out there exploiting that vulnerability, then action needs to be taken fast, as the hackers won't be wasting time waiting. With Chrome attackers looking to bypass 2FA protections, and compromise passwords, proactive defensive measures are a must. Which is where relaunching the Chrome browser comes into play. The one commonality between the aforementioned Chrome security vulnerabilities is that they were all disclosed by Google, along with the confirmation that an update to patch them was also being rolled out to users. While the security updating process is automatic for the Chrome browser, that doesn't mean you are protected as soon as the Google announcement drops. Indeed, those announcements themselves all state that patches will 'roll out over the coming days and weeks.' Which is nice, but less than comforting, especially in those cases where you know attackers already have the exploit code and attacks are underway. Relaunch your Google Chrome Browser to activate update protections. Luckily, you don't actually have to wait for the security update to find you, you can go and find it. Or, more accurately, you can kickstart the process and let your Chrome browser go get it for you. This is as simple as choosing the About Google Chrome option from the Chrome Help menu. Doing that will automatically start the process, check for any outstanding updates, download them and install them. What it won't do, however, is activate the security patch unless you relaunch your browser. Don't worry, this shouldn't impact all those open tabs you have, as Chrome saves these and reopens them upon restarting. Google itself has pointed out that while relaunching your browser happens in most cases, as a typical user will close and open the app regularly, 'if you haven't closed your browser in a while, you might see a pending update.' If there's no relaunch option to be found, Google said, 'you're on the latest version.' It should be noted, however, that during the relaunch process following a successful security update, while Chrome will save and reload the tabs you have opened, this isn't the case if you are browsing in Incognito mode. The reasons for this are pretty self-explanatory, given the privacy-focused nature of this mode. 'Your Incognito windows won't reopen when Chrome restarts,' Google said, so it advised users in this situation who don't want to lose those tabs to select the 'not now' option and let the update activate the next time that Chrome is restarted instead. But what if your Chrome browser security update fails to install? Google has some advice for users in this unlikely scenario as well. Trying to download the update again is the primary option, followed by uninstalling and reinstalling Chrome. Checking that antivirus or parental control applications aren't blocking the update from downloading is also recommended, as is the old IT Crowd chestnut of have you tried turning it off and on again. If it helps, here are the common update errors that people might see and what they mean: If you genuinely care about your Chrome security, and the sheer number of newly discovered vulnerabilities and ongoing attacks against the most popular web browsing platform suggest you must, then regularly checking for security updates and relaunching your browser is essential. You know what to do: make that check and relaunch your Google Chrome browser now.
Forbes
10-04-2025
- Forbes
iOS 18.4.1—iPhone Bug Fixes And Security Updates About To Land
It isn't long since Apple issued iOS 18.4, but the iPhone maker is about to release iOS 18.4.1, ... More including bug fixes and security updates. It hasn't been long since Apple issued iOS 18.4, but the iPhone maker is about to release iOS 18.4.1, including bug fixes and security updates. That's according to a new report on Apple-focused website MacRumors, which cites its visitor logs — a reliable indicator of previous soon-to-arrive iOS updates. The iOS 18.4.1 update will be launched within a week or two, according to the site. Coming so soon after iOS 18.4, iOS 18.4.1 almost certainly contains security and bug fixes only ahead of the launch of iOS 18.5 in May. So what kind of fixes and security updates will arrive when Apple drops iOS 18.4.1 in the coming weeks? It's highly possible that iOS 18.4.1 will contain security updates. The last Apple update in between point upgrades, iOS 18.3.2, did exactly this, patching an urgent issue already being used in real life attacks on iPhones. The flaw in WebKit, which underpins Apple's Safari browser, was so serious that the U.S. Cybersecurity and Infrastructure Security Agency issued an alert warning high-risk users to update before its deadline. Apple's iOS 18.4 addressed a whopping 62 security flaws, so you'd think the iPhone maker had caught them all in time for its last update. However, iOS 18.4.2 could contain a single fix, if the flaw is being used in real life attacks and Apple sees the patch as an emergency. Not long after iOS 18.4 was released, users started complaining of a number of bugs on their iPhones. One of the most talked about is that the update is resulting in long-deleted apps reappearing on some users' iPhones. 'After upgrading to iOS 18.4, my iPhone randomly installed 'Last war survival',' one user wrote on an Apple discission thread. 'This app was previously installed on my iPhone a few months ago but uninstalled after a few hours. Now it appeared back on my Home Screen.' Given how widespread this issue seems to be, it's very likely Apple will fix it in iOS 18.4.1. Apple's iOS 18.4.1 is about to arrive, possibly by next week, containing important security updates and bug fixes. With this in mind, it's a good idea to keep checking for the update on your iPhone. Go to your Settings > General > Software Update to spot iOS 18.4.1, or keep checking my Forbes page for updates.
The Independent
15-03-2025
- The Independent
Cybersecurity officials warn against potentially costly Medusa ransomware attacks
The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are warning against a dangerous ransomware scheme. In an advisory posted earlier this week, government officials warned that a ransomware-as-a-service software called Medusa, which has launched ransomware attacks since 2021, has recently affected hundreds of people. Medusa uses phishing campaigns as its main method for stealing victims' credentials, according to CISA. To protect against the ransomware, officials recommended patching operating systems, software and firmware, in addition to using multifactor authentication for all services such as email and VPNs. Experts also recommended using long passwords, and warned against frequently recurring password changes because they can weaken security. Medusa developers and affiliates — called 'Medusa actors' — use a double extortion model, where they 'encrypt victim data and threaten to publicly release exfiltrated data if a ransom is not paid,' the advisory said. Medusa operates a data-leak site that shows victims alongside countdowns to the release of information. 'Ransom demands are posted on the site, with direct hyperlinks to Medusa affiliated cryptocurrency wallets,' the advisory said. 'At this stage, Medusa concurrently advertises sale of the data to interested parties before the countdown timer ends. Victims can additionally pay $10,000 USD in cryptocurrency to add a day to the countdown timer.' Since February, Medusa developers and affiliates have hit more than 300 victims across industries, including the medical, education, legal, insurance, technology and manufacturing sectors, CISA said.
Yahoo
15-03-2025
- Politics
- Yahoo
WA Secretary of State concerned over declining federal support in election security efforts
The Brief Washington Secretary of State Steve Hobbs said uncertainty is growing as key federal programs to support government cybersecurity face funding cuts. At the same time, the state's multi-billion dollar budget shortfall could impact his ability to fill the gaps. OLYMPIA, Wash. - Washington's secretary of state is sounding an alarm, saying federal cuts are creating uncertainty around election security and the state's multi-billion dollar budget shortfall could further complicate the situation. What they're saying Secretary Steve Hobbs (D) said he and his counterparts on both sides of the aisle from across the country are concerned about cuts to services and programs for elections management and government cybersecurity, provided by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). "This is not good for our state, or for any of the states," Hobbs told members of the House State Government and Tribal Relations committee Friday morning. State elections staff said the federal support is crucial to helping state and local officials track and respond to threats against the voting process. "In the lead up to the 2024 elections, CISA was a key partner for elections across the country," said Kylee Zabel with the Information Security and Response division of the secretary of state's office. "With the Vancouver drop box incident. They also helped elections offices across the country with bomb threats on Election Day. the many white powder incidents that we've seen both in Washington state and across the country. And also debunking fabricated videos from Russian influence actors in Georgia and Pennsylvania." The secretary of state's office said within the past few weeks, there have been firings of federal cybersecurity advisors, defunding of information partnerships between local, federal and private sector groups and cancelled briefings on election security. Local perspective While other federal supports have not been cut, officials argue what is being done is creating uncertainty and confusion about what changes could come next, what exact impacts that would have, and what could be done locally in response. "No secretary of state's office is going to be equipped to gather information and intelligence at a national or global scale on the threat vectors that exist that we have to be prepared for and combat against," Zabel told the committee. The uncertainty of federal support comes at a bad time for the secretary's office, as Hobbs said he is at risk of losing funding for staff that could fill federal gaps because of the state's projected multi-billion-dollar deficit over the next four years. "My hope is that the federal government will restore these services – at least give us clarity on what's going on," Hobbs said. "And that you all, if you are on a fiscal committee, to please fund these programs. So that we can at least defend it on our end, even though we'll be very squeezed to do so." Rep. Jim Walsh, R-Aberdeen, asked if the federal government's work was more geared toward streamlining processes, rather than cutting them outright. He also questioned if the changes would ultimately have any defined, adverse impacts on Washington's election security efforts. Hobbs said it is just too unclear at this point what the government is looking to do with the support programs and what the end result would be. Attacks on government cyber infrastructure happen all the time and will only benefit from opportunities of confusion, he argued. "These attacks don't stop," Hobbs said. "Russia and China are not going to pause as this transition is going on and we're trying to figure out what we're doing." The Source Information in this story is from Albert James, a television reporter covering state government as part of the Murrow News Fellowship program – a collaborative effort between news outlets statewide and Washington State University. Fire destroys, damages multiple Cybertrucks in Seattle lot Family wants justice years after Graham, WA man's death Bryan Kohberger defense ramps up legal maneuvers in bid to keep Idaho murders suspect off death row Major TSA change to shorten airport security wait times, DHS says: What to know Seattle Seahawks trade DK Metcalf to Pittsburgh Steelers To get the best local news, weather and sports in Seattle for free, sign up for the daily FOX Seattle Newsletter. Download the free FOX LOCAL app for mobile in the Apple App Store or Google Play Store for live Seattle news, top stories, weather updates and more local and national coverage, plus 24/7 streaming coverage from across the nation.
Washington Post
11-03-2025
- Politics
- Washington Post
Cybersecurity executive tapped to lead agency that protects voting systems
President Donald Trump has nominated a cybersecurity executive to lead the agency that works to protect the nation's critical infrastructure, one that has faced Republican criticism in recent years over its involvement in elections. Sean Plankey, who retired from the U.S. Coast Guard in 2023, was nominated Tuesday to lead the U.S. Cybersecurity and Infrastructure Security Agency, known as CISA. He worked in the first Trump administration as a director for cyber policy at the National Security Council and then as a principal deputy assistant secretary at the U.S. Department of Energy.
