Monday, June 25, 2018

LATEST

Beware malicious software updates for legitimate apps

The ACLU warns of the risk that malicious code planted in legitimate software updates could compromise security. Read more in my article on the Bitdefender Business Insights blog.

Smartphone batteries can reveal what you typed and read

Power trace sniffing, a badly-designed API and some cloudy AI spell potential trouble A group of researchers has demonstrated that smartphone batteries can offer a side-channel attack vector by revealing what users do with their devices through analysis of...

Oracle Patches New Spectre, Meltdown Vulnerabilities

Oracle announced on Friday that it has started releasing software and microcode updates for products affected by the recently disclosed variants of the Spectre and Meltdown vulnerabilities. read more

India tells its banks to get Windows XP off ATMs – next year!

And do some pretty basic security hygiene before then The Reserve Bank of India has given that country's banking sector a hard deadline to get Windows XP out of its ATMs: June 2019.…

Episode 206 – The Front Porch w/@wendynather @securityincite @jwgoerlich

Episode 206 - The Front Porch….   Welcome to the first of an occasional series of episodes featuring conversations with a variety of interesting people from both inside and outside of information security.   In this inaugural episode you...

Not hackers but exes are remotely controlling smart devices for domestic abuse

One of the conveniences of smart devices like thermostats, lights, locks, speakers and cameras is that they can be remotely controlled, but remotely controlling smart home technology has also become a modern pattern of behavior in domestic abuse.Do you...

A hacker devised a method to unlock any iPhone and iPad device

A security researcher has devised a method to brute force a passcode on every Apple iPhone or iPad, even the up-to-date ones. Since iOS 8 rolled out in 2014, iPhone and iPad devices are protected with encryption, without providing passcode it...

8 Security Tips for a Hassle-Free Summer Vacation

It's easy to let your guard down when you're away. Hackers know that, too.

Hardened Azure, softened containers, force unlocking iOS 12, 11 iPhones – and more

Plus: Our tip on keeping Mac files encrypted Roundup  This week you had to deal with AI security panic, fake Fortnite, and, if you use OpenBSD, the end of Intel HyperThread support…

iPhone pwned? Researcher says he can unlock iOS without running out of tries

A security researcher says he's found a way to guess iPhone lock codes without getting blocked after 10 mistakes.

Cisco NX-OS Software Internet Group Management Protocol Snooping Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an...

CPU Side-Channel Information Disclosure Vulnerabilities: May 2018

On May 21, 2018, researchers disclosed two vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged, local attacker, in...

CPU Side-Channel Information Disclosure Vulnerabilities

On January 3, 2018, researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged local attacker, in...

Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn’t worry about

How to extract 256-bit signing keys with 99.8% success Intel has, for now, no plans to specifically address a side-channel vulnerability in its processors that can be potentially exploited by malware to extract encryption keys and other sensitive info...

Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible...

WannaCry ransomware scam tries to extort money without actually infecting your computer

Someone is trying to pull a fast one, attempting to trick unsuspecting users into paying a ransom… even though they *haven’t* infected your computer with ransomware.

Friday Squid Blogging: Capturing the Giant Squid on Video

In this 2013 TED talk, oceanographer Edith Widder explains how her team captured the giant squid on video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read...

Supreme Court: Police Need Warrant for Mobile Location Data

The U.S. Supreme Court today ruled that the government needs to obtain a court-ordered warrant to gather location data on mobile device users. The decision is a major development for privacy rights, but experts say it may have limited...

A hacker figured out how to brute force iPhone passcodes

The attack allows any would-be-hacker to run as many passcodes as they want, without destroying the data.

New Drupal Exploit Mines Monero for Attackers

A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server.

The Effects of Iran’s Telegram Ban

The Center for Human Rights in Iran has released a report outlining the effect's of that country's ban on Telegram, a secure messaging app used by about half of the country. The ban will disrupt the most important, uncensored platform...

Tesla Breach: Malicious Insider Revenge or Whistleblowing?

Just before midnight last Sunday evening (June 17, 2018), Elon Musk sent an email to all staff. He was dismayed, he said, to learn about a Tesla employee "making direct code changes to the Tesla Manufacturing Operating System under...

Cracking Cortana: The Dangers of Flawed Voice Assistants

Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.

New Encrypted Downloader Delivers Metasploit Backdoor

A series of cyber-attacks targeting the Middle Eastern region use an encrypted downloader to deliver a Metasploit backdoor, AlienVault reports. read more

LEADERS

Beware malicious software updates for legitimate apps

The ACLU warns of the risk that malicious code planted in legitimate software updates could compromise security. Read more in my article on the Bitdefender Business Insights blog.

WannaCry ransomware scam tries to extort money without actually infecting your computer

Someone is trying to pull a fast one, attempting to trick unsuspecting users into paying a ransom… even though they *haven’t* infected your computer with ransomware.

Friday Squid Blogging: Capturing the Giant Squid on Video

In this 2013 TED talk, oceanographer Edith Widder explains how her team captured the giant squid on video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read...

Supreme Court: Police Need Warrant for Mobile Location Data

The U.S. Supreme Court today ruled that the government needs to obtain a court-ordered warrant to gather location data on mobile device users. The decision is a major development for privacy rights, but experts say it may have limited...

The Effects of Iran’s Telegram Ban

The Center for Human Rights in Iran has released a report outlining the effect's of that country's ban on Telegram, a secure messaging app used by about half of the country. The ban will disrupt the most important, uncensored platform...