Skip to main content

Security

Intel says patches can cause reboot problems in old chips

posted onJanuary 12, 2018
by l33tdawg

Intel Corp on Thursday said that recently-issued patches for flaws in its chips could cause computers using its older Broadwell and Haswell processors to reboot more often than normal and that Intel may need to issue updates to fix the buggy patches.

In a statement on Intel’s website, Navin Shenoy, general manager of the company’s data center group, said Intel had received reports about the issue and was working directly with data center customers to “discuss” the issue.

Intel CEO issues 'security-first pledge' following Meltdown, Spectre exploits

posted onJanuary 11, 2018
by l33tdawg

In an open letter released on Thursday, Intel chief Brian Krzanich outlined the company's response to the Meltdown and Spectre vulnerabilities while reassuring customers that his company views security as "an ongoing priority."

Seeking to make peace with members of the global technology industry in the wake of one of the most serious security lapses in recent memory, Krzanich wrote that the chip giant has adopted a three-pronged approach to security that includes renewed commitments to transparency and communication.

Cryptominer malwares in RIG EK spread via malvertising

posted onJanuary 11, 2018
by l33tdawg

Malwarebytes researcher Jerome Segura analyzed a RIG exploit campaign distributing malware coin miners delivered via drive-by download attacks from malvertising.

Around November 2017, Segura began noticing exploit kits containing larger-than-usual payloads carrying one or more cryptominers for Monero and other popular currencies such as Bytecoin and Electroneum, according to a Jan. 9 blog post.

Another macOS password prompt can be bypassed with any password

posted onJanuary 11, 2018
by l33tdawg

MacRumors spotted a bug report that affects the current version of macOS High Sierra. In System Preferences, you can unlock the App Store preference pane by typing any password. Apple has reportedly already fixed the bug in beta versions of the next macOS High Sierra update.

While this bug is nowhere as serious as the infamous root login bug, as John Gruber wrote, this one is quite embarrassing. What’s wrong with password prompts and macOS?

A dad-and-son cybersecurity firm impressed investors with its ‘unique’ software that plays a kind of hide-and-seek with hackers

posted onJanuary 11, 2018
by l33tdawg

 In 2017, venture capitalists invested more than $7.6 billion into cybersecurity startups, helping flood the marketplace with an assortment of new software built to prevent malicious attacks before they happen – or fix them once they do.

Although CryptoMove was one of those cybersecurity startups that got funded last year, Mike Burshteyn, its CEO, doesn’t consider his firm to just be part of the pack. CryptoMove’s technology is superior to that of other cybersecurity companies and could change the way cybersecurity is done forever, he said.

EMC, VMware security bugs throw gasoline on cloud security fire

posted onJanuary 11, 2018
by l33tdawg

While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell's EMC and VMware units. A trio of critical, newly reported vulnerabilities in EMC and VMware backup and recovery tools—EMC Avamar, EMC NetWorker, EMC Integrated Data Protection Appliance, and vSphere Data Protection—could allow an attacker to gain root access to the systems or to specific files, or inject malicious files into the server's file system. These problems can only be fixed with upgrades.

After last year’s KRACK vulnerability, WPA3 Wi-Fi security announced with new protections

posted onJanuary 10, 2018
by l33tdawg

The WiFi Alliance has announced that the WPA3 security protocol will be released later this year, a move intended to provide more secure WiFi networking following the KRACK security flaw uncovered in autumn last year.

It will be the first upgrade to the WiFi Protected Access (WPA) protocol since 2006, and the WPA3 update had been planned for some time before KRACK made it a matter of urgency.

Western Digital’s My Cloud Storage Devices Have Hard-Coded Backdoor

posted onJanuary 10, 2018
by l33tdawg

Western Digital’s My Cloud network attached storage (NAS) devices claim to offer an easy, all-in-one solution for storing your data at home. However, they might also be providing an easy, all-in-one solution for hackers to steal your data take control of your device. Western Digital was told about the vulnerabilities last year but has yet to patch many devices.