Security

Alex Stamos, Facebook's chief information security officer, will shift roles at the company. His transition will come in the wake of disagreements with other Facebook executives like COO Sheryl Sandberg about how to investigate and disclose Russian activity on the platform, The New York Times reports, citing employees of the social network. Stamos advocated for greater disclosure. Prior to his hiring at Facebook in 2015, Stamos was Chief Information Security Officer at Yahoo.

Amsterdam – 19 March 2018: User behavior analytics (UBA) solutions typically applies machine learning algorithms to detect abnormal user activities and the market is continuing to expand rapidly with vendor and open-source UBA tech to help organisations identify ‘unknown unknowns’ for further investigation. A key to successfully implementing these solutions requires advanced understanding of the underlying technology, concepts and risks involved.

For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature.

Both Firefox and Thunderbird allow users to set up a "master password" through their settings panel. This master password plays the role of an encryption key that is used to encrypt each password string the user saves in his browser or email client.

Amsterdam – 16 March 2018: A smart connected car is not much more than a computer on wheels, with systems that control one or more areas of the automobile called electronic control units (ECUs). ECUs communicate in real-time over a system called a controller area network or CAN. At the Hack In The Box Conference in Amsterdam next month, ElevenPaths Claudio Caracciolo and Sheila Ayelan Berta will be presenting a new feature of their hardware device ‘The Bicho’ which exploits the CAN bus allowing for remote take over of the target vehicle.

Shipping in the second half of this year, the next generation of Xeon Scalable Processors (codenamed Cascade Lake) will contain hardware fixes for the Meltdown attack and certain variants of the Spectre attack. So, too, will a range of processors using the same 8th generation Core branding that some processors are already using.

Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies.

The US has introduced new sanctions against Russia after accusing the country not only of interfering in the 2016 election, but also launching a cyberattack on its energy grid.

Officials say that malware traced back to Moscow had been found to have infected operating systems on computers belonging to companies in the energy sector. The Department of Homeland Security is in no doubt that the Russian government is responsible.

CTS Labs, a heretofore unknown Tel Aviv-based cybersecurity startup, has claimed it's found over a dozen security problems with AMD Ryzen and EPYC processors. Linus Torvalds, Linux's creator, doesnt buy it.

Torvalds, in a Google+ discussion, wrote:

    "When was the last time you saw a security advisory that was basically 'if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?' Yeah."

In July of 2017, the nonprofit certificate authority Let's Encrypt promised to deliver something that would put secure websites and Web applications within reach of any Internet user: free "wildcard" certificates to enable secure HTTP connections for entire domains. Today, Let's Encrypt took that promised service live, in addition to a new version of the Automated Certificate Management Environment (ACME) protocol, an interface that can be used by a variety of client software packages to automate verification of certificate requests.

When the Spectre and Meltdown vulnerabilities were revealed in millions of processors earlier this year, those deep-seated vulnerabilities rattled practically the entire computer industry. Now a group of Israeli researchers is outlining a new set of chip-focused vulnerabilities that, if confirmed, would represent another collection of flaws at the core of computer hardware, this time in a processor architecture designed by AMD.

Last month, U.S. intelligence agencies weren't so into the idea of people using Chinese phones.

The heads of the CIA, FBI and NSA told a Senate committee in February they didn't recommend products or services by China's Huawei or ZTE be used by Americans, concerned about companies or entities becoming "beholden to foreign governments."