Security

Since Intel makes the processors that run, well, most computers, any Intel chip vulnerability—especially one that’s been around for nearly a decade—rings alarms. In the wake of Intel disclosing a longstanding flaw in the remote system management features of some popular Intel chipsets, manufacturers are scrambling to release patches.

It’s not an unmitigated disaster, and it affects enterprises more than consumers. But make no mistake, it’s going to take a major effort to fix.

In December 2016, KrebsOnSecurity broke the news that fraud experts at various banks were seeing a pattern suggesting a widespread credit card breach across some 5,000 hotels worldwide owned by InterContinental Hotels Group (IHG). In February, IHG acknowledged a breach but said it appeared to involve only a dozen properties. Now, IHG has released data showing that cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data.

Developers' enthusiasm for sharing code saves their colleagues' time, but also means they share security bugs they haven't noticed. And that means a smart attacker could follow who's shared what with whom to trawl the Web for vulnerabilities.

That sobering idea comes from a group of German researchers with help from Trend Micro. Their straightforward reasoning: if they were able to find recurrent Web application vulnerabilities in reused code snippets, it won't be difficult for black hats to do the same.

There's a new zeroday attack in the wild that's surreptitiously installing malware on fully-patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word.

Late Friday night and early Saturday morning, hackers set off 156 emergency sirens in and around the city of Dallas, Texas. According to The Dallas Morning News, the sirens began blaring shortly before midnight on Friday and were shut off and reactivated "more than a dozen times" before emergency workers shut the system down entirely at around 1:20am on Saturday morning, after confirming that there was no actual emergency and that it wasn't the result of some benign malfunction.

When facial recognition was introduced to Android, it was quickly discovered that the feature was merely a novelty because it was easily bypassed using a photo of the person who owns the device. Fast forward to today, and we’re sure many are wondering if Samsung has somehow found a way to fix that with the Galaxy S8.

Foiling people who manufacture fake money can be a pretty challenging task, which is why governments regularly role out new security enhancements to their legal tender. Holographic strips, special serial numbers and insignias, one-of-a-kind ink helps keep paper bills safer from fakes than they’ve ever been, but what about coinage? The UK’s Royal Mint thinks it has a solution, and it’s introduced it in its brand new one pound coin. The only problem is that nobody besides the Royal Mint actually know what the feature is, how it works, or why it makes coins “impossible” to fake.

Open-source developers who use Github are in the cross-hairs of advanced malware that can steal passwords, download sensitive files, take screenshots, and self-destruct when necessary.

Hackers are demanding Apple pay a ransom in bitcoin, or they claim they will remotely erase millions of customer iPhones, iPads, and Macs.

We first noted a few days ago several loose ends and nuances to consider in this developing story. New reporting by ZDNet paints a slightly clearer picture.

For most of us, Saturday morning is a time for a lie in, a leisurely brunch, or maybe taking the kids to the park. But for some it's bug-hunting time.