Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.
A lot of talk went down yesterday about a new way to exploit WhatsApp and bypass the end-to-end encryption the company likes to mention that it has whenever it can. I've seen tweets and comments that run the gamut from "it's FUD" to talking about some backdoor that Facebook had installed.
Intel Corp on Thursday said that recently-issued patches for flaws in its chips could cause computers using its older Broadwell and Haswell processors to reboot more often than normal and that Intel may need to issue updates to fix the buggy patches.
In a statement on Intel’s website, Navin Shenoy, general manager of the company’s data center group, said Intel had received reports about the issue and was working directly with data center customers to “discuss” the issue.
In an open letter released on Thursday, Intel chief Brian Krzanich outlined the company's response to the Meltdown and Spectre vulnerabilities while reassuring customers that his company views security as "an ongoing priority."
Seeking to make peace with members of the global technology industry in the wake of one of the most serious security lapses in recent memory, Krzanich wrote that the chip giant has adopted a three-pronged approach to security that includes renewed commitments to transparency and communication.
Malwarebytes researcher Jerome Segura analyzed a RIG exploit campaign distributing malware coin miners delivered via drive-by download attacks from malvertising.
Around November 2017, Segura began noticing exploit kits containing larger-than-usual payloads carrying one or more cryptominers for Monero and other popular currencies such as Bytecoin and Electroneum, according to a Jan. 9 blog post.
MacRumors spotted a bug report that affects the current version of macOS High Sierra. In System Preferences, you can unlock the App Store preference pane by typing any password. Apple has reportedly already fixed the bug in beta versions of the next macOS High Sierra update.
While this bug is nowhere as serious as the infamous root login bug, as John Gruber wrote, this one is quite embarrassing. What’s wrong with password prompts and macOS?
In 2017, venture capitalists invested more than $7.6 billion into cybersecurity startups, helping flood the marketplace with an assortment of new software built to prevent malicious attacks before they happen – or fix them once they do.
Although CryptoMove was one of those cybersecurity startups that got funded last year, Mike Burshteyn, its CEO, doesn’t consider his firm to just be part of the pack. CryptoMove’s technology is superior to that of other cybersecurity companies and could change the way cybersecurity is done forever, he said.
While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell's EMC and VMware units. A trio of critical, newly reported vulnerabilities in EMC and VMware backup and recovery tools—EMC Avamar, EMC NetWorker, EMC Integrated Data Protection Appliance, and vSphere Data Protection—could allow an attacker to gain root access to the systems or to specific files, or inject malicious files into the server's file system. These problems can only be fixed with upgrades.
The WiFi Alliance has announced that the WPA3 security protocol will be released later this year, a move intended to provide more secure WiFi networking following the KRACK security flaw uncovered in autumn last year.
It will be the first upgrade to the WiFi Protected Access (WPA) protocol since 2006, and the WPA3 update had been planned for some time before KRACK made it a matter of urgency.
Western Digital’s My Cloud network attached storage (NAS) devices claim to offer an easy, all-in-one solution for storing your data at home. However, they might also be providing an easy, all-in-one solution for hackers to steal your data take control of your device. Western Digital was told about the vulnerabilities last year but has yet to patch many devices.