Security

Intel says that a piece of software inside virtually all of its newest computer chips contains a critical security flaw that enables an attacker to manipulate security features, run arbitrary code or crash a system.

The chip maker launched a comprehensive review of its firmware after a private team of Russian security researchers reported in August it had found a way to access a backdoor designed to allow some government customers to disable the Management Engine (ME) master controller inside Intel CPUs.

Back at the start of the year, a set of attacks that leveraged the speculative execution capabilities of modern high-performance processors was revealed. The attacks were named Meltdown and Spectre. Since then, numerous variants of these attacks have been devised. In tandem, a range of mitigation techniques has been created to enable at-risk software, operating systems, and hypervisor platforms to protect against these attacks.

In two weeks, one of the most gruelling security challenges returns to the Middle East! As part of Hack in the Box’s (HITB) return to Dubai after an 8-year gap, the HITB Security Conference will be bringing back a wide range of free to the public hacking games and challenges, including its ever-popular HITB Capture The Flag (CTF) competition.

A hacker managed to exploit a five-year-old vulnerability in home routers to create a botnet affecting approximately 100,000 home routers. The botnet was initially discovered in September by researchers from the Netlab team at Qihoo 360, a Chinese internet security company, and it’s likely that the hacker is leveraging this network of compromised routers to send spam emails.

Ukrainian vulnerability researcher has found a bug that would have allowed him to download all the activation keys (also known as CD keys) made available through the Steam gaming platform, for any game, ever.

Discovered by Artem Moskowsky, the bug resided in Steamworks, a platform that Valve runs to help developers with building and publishing games via its Steam gaming client.

Cisco this week patched critical vulnerabilities in its switches, Stealthwatch, and Unity voice messaging system.

Oh, and 'fessed up that it accidentally shipped software that included in-house-developed exploit code for attacking Linux systems via the Dirty COW flaw.

Police in the Netherlands said they decrypted more than 258,000 messages sent using IronChat, an app billed as providing end-to-end encryption that was endorsed by National Security Agency leaker Edward Snowden.

In a statement published Tuesday, Dutch police said officers achieved a “breakthrough in the interception and decryption of encrypted communication” in an investigation into money laundering. The encrypted messages, according to the statement, were sent by IronChat, an app that runs on a device that cost thousands of dollars and could send only text messages.

A vulnerability in the WooCommerce online store platform, used by over four million vendors, can be exploited to hijack WordPress installations hosting the software.

Researchers at RIPSTech discovered and reported the flaw directly to WooCommerce's developers, who cleaned up the bug in version 3.4.6 – so make sure you're running that.

On Monday morning, just 24 hours before polls opened in the US midterm elections, President Trump sounded an alarm with a Tweet: “Law Enforcement has been strongly notified to watch closely for any ILLEGAL VOTING which may take place in Tuesday’s Election (or Early Voting). Anyone caught will be subject to the Maximum Criminal Penalty allowed by law. Thank you!”

The rumor was part of a pair; over the weekend, Trump tweeted that Indiana senator Joe Donnelly was “trying to steal the election” by buying Facebook ads for the libertarian Senate candidate.

The HITB CommSec (community + security) track is a free-to-attend session with 30 and 60 minutes talks held during the 27th and 28th alongside the HITB2018DXB’s Exhibition.