HITB GSEC Singapore (August 21st - 25th)
Register Online Now!
Since Intel makes the processors that run, well, most computers, any Intel chip vulnerability—especially one that’s been around for nearly a decade—rings alarms. In the wake of Intel disclosing a longstanding flaw in the remote system management features of some popular Intel chipsets, manufacturers are scrambling to release patches.
It’s not an unmitigated disaster, and it affects enterprises more than consumers. But make no mistake, it’s going to take a major effort to fix.
In December 2016, KrebsOnSecurity broke the news that fraud experts at various banks were seeing a pattern suggesting a widespread credit card breach across some 5,000 hotels worldwide owned by InterContinental Hotels Group (IHG). In February, IHG acknowledged a breach but said it appeared to involve only a dozen properties. Now, IHG has released data showing that cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data.
Developers' enthusiasm for sharing code saves their colleagues' time, but also means they share security bugs they haven't noticed. And that means a smart attacker could follow who's shared what with whom to trawl the Web for vulnerabilities.
That sobering idea comes from a group of German researchers with help from Trend Micro. Their straightforward reasoning: if they were able to find recurrent Web application vulnerabilities in reused code snippets, it won't be difficult for black hats to do the same.
There's a new zeroday attack in the wild that's surreptitiously installing malware on fully-patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word.
Late Friday night and early Saturday morning, hackers set off 156 emergency sirens in and around the city of Dallas, Texas. According to The Dallas Morning News, the sirens began blaring shortly before midnight on Friday and were shut off and reactivated "more than a dozen times" before emergency workers shut the system down entirely at around 1:20am on Saturday morning, after confirming that there was no actual emergency and that it wasn't the result of some benign malfunction.