Security

Uber is in the computer security news again, this time over allegations that its 2FA is no good.

ZDNet, for instance, doesn’t mince its words at all, leading with the headline, “Uber ignores security bug that makes its two-factor authentication useless.”

Two-factor authentication, or 2FA, is also known as 2SV, short for two-step verification. It’s an increasingly common security procedure that aims to protect your online accounts against password-stealing cybercrooks.

Intel is now advising its customers and partners to halt the installation of patches for its Broadwell and Haswell microprocessor systems in the wake of recent reports of reboot problems.

Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel, today said in a post that Intel soon will be issuing a fix for the patch. In the meantime, he says customers should refrain from applying the problematic patches.

A lot of talk went down yesterday about a new way to exploit WhatsApp and bypass the end-to-end encryption the company likes to mention that it has whenever it can. I've seen tweets and comments that run the gamut from "it's FUD" to talking about some backdoor that Facebook had installed.

Intel Corp on Thursday said that recently-issued patches for flaws in its chips could cause computers using its older Broadwell and Haswell processors to reboot more often than normal and that Intel may need to issue updates to fix the buggy patches.

In a statement on Intel’s website, Navin Shenoy, general manager of the company’s data center group, said Intel had received reports about the issue and was working directly with data center customers to “discuss” the issue.

In an open letter released on Thursday, Intel chief Brian Krzanich outlined the company's response to the Meltdown and Spectre vulnerabilities while reassuring customers that his company views security as "an ongoing priority."

Seeking to make peace with members of the global technology industry in the wake of one of the most serious security lapses in recent memory, Krzanich wrote that the chip giant has adopted a three-pronged approach to security that includes renewed commitments to transparency and communication.

Malwarebytes researcher Jerome Segura analyzed a RIG exploit campaign distributing malware coin miners delivered via drive-by download attacks from malvertising.

Around November 2017, Segura began noticing exploit kits containing larger-than-usual payloads carrying one or more cryptominers for Monero and other popular currencies such as Bytecoin and Electroneum, according to a Jan. 9 blog post.

MacRumors spotted a bug report that affects the current version of macOS High Sierra. In System Preferences, you can unlock the App Store preference pane by typing any password. Apple has reportedly already fixed the bug in beta versions of the next macOS High Sierra update.

While this bug is nowhere as serious as the infamous root login bug, as John Gruber wrote, this one is quite embarrassing. What’s wrong with password prompts and macOS?

 In 2017, venture capitalists invested more than $7.6 billion into cybersecurity startups, helping flood the marketplace with an assortment of new software built to prevent malicious attacks before they happen – or fix them once they do.

Although CryptoMove was one of those cybersecurity startups that got funded last year, Mike Burshteyn, its CEO, doesn’t consider his firm to just be part of the pack. CryptoMove’s technology is superior to that of other cybersecurity companies and could change the way cybersecurity is done forever, he said.

While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell's EMC and VMware units. A trio of critical, newly reported vulnerabilities in EMC and VMware backup and recovery tools—EMC Avamar, EMC NetWorker, EMC Integrated Data Protection Appliance, and vSphere Data Protection—could allow an attacker to gain root access to the systems or to specific files, or inject malicious files into the server's file system. These problems can only be fixed with upgrades.

The WiFi Alliance has announced that the WPA3 security protocol will be released later this year, a move intended to provide more secure WiFi networking following the KRACK security flaw uncovered in autumn last year.

It will be the first upgrade to the WiFi Protected Access (WPA) protocol since 2006, and the WPA3 update had been planned for some time before KRACK made it a matter of urgency.