Tuesday, September 25, 2018

Microsoft offers completely passwordless authentication for online apps

Applications using Azure Active Directory (AD) to authenticate—a category that includes Office 365, among other things—will soon be able to stop using passwords entirely. Azure AD accounts can already use the Microsoft Authenticator app for two factor authentication, combining a...

New modification of the old cold boot attack leaves most systems vulnerable

Enlarge (credit: rabiem22 / Flickr) Cold boot attacks, used to extract sensitive data such as encryption keys and passwords from system memory, have been given new blood by researchers from F-Secure. First documented in 2008, cold boot attacks...

To prevent hacking, Georgia must end all-electronic voting, activists say

Enlarge / A stack of voter access cards sit on a table at a polling location during the Georgia primary runoff elections in Atlanta, Georgia, on Tuesday, July 24, 2018. (credit: Elijah Nouvelage/Bloomberg via Getty Images) ...

Windows 10 support extended again: September releases now get 30 months

Enlarge / Licensing is not really the easiest topic to illustrate. (credit: Peter Bright) In its continued efforts to encourage corporate customers to make the switch to Windows 10, Microsoft is shaking up its support and lifecycle plans...

Google wants to get rid of URLs but doesn’t know what to use instead

Enlarge / This is how a Chrome 57 displays https://www.xn--80ak6aa92e.com/. Note the https://www.apple.com in the address bar. Uniform Resource Locators (URLs), the online addresses that make up such an important part of the Web and browsers we...

Microsoft obliquely acknowledges Windows 0-day bug published on Twitter

Here is the alpc bug as 0day: https://t.co/m1T3wDSvPX I don't fucking care about life anymore. Neither do I ever again want to submit to MSFT anyway. Fuck all of this shit. — SandboxEscaper (@SandboxEscaper) August 27, 2018 A privilege escalation flaw...

The secret history of ED011, the obscure computer lab that hacked the world

Enlarge / The University Politehnica building that hosts the Automatic Control and Computer Science (ACCS) program. (credit: Adi Dabu) BUCHAREST, Romania—At the edge of Europe, Romania’s University Politehnica of Bucharest has long been the most prestigious engineering...

Chrome 69 will take the next step to killing Flash, roll out new design

Enlarge Chrome 69, due to be released on September 4, is going to take the next step toward phasing out support for Adobe's Flash plugin. Chrome started deprecating Flash in 2016, defaulting to HTML5 features and requiring Flash...

Intel’s SGX blown wide open by, you guessed it, a speculative execution attack

Foreshadow explained in a video. Another day, another speculative execution-based attack. Data protected by Intel's SGX—data that's meant to be protected even from a malicious or hacked kernel—can be read by an attacker thanks to leaks enabled by speculative execution. Since...

Windows 10 to get disposable sandboxes for dodgy apps

Enlarge (credit: F Delventhal) Microsoft is building a new Windows 10 sandboxing feature that will let users run untrusted software in a virtualized environment that's discarded when the program finishes running. The new feature was revealed in a bug-hunting...

Heads-up: 2FA provider Duo Security to be acquired by Cisco (ugh)

Enlarge / Artist's impression of how this deal feels from this author's chair. (credit: Getty Images / Gary Hanna / Lee Hutchinson) US-based two-factor authentication provider Duo Security announced this morning that it is in talks to be...

New Spectre attack enables secrets to be leaked over a network

Enlarge (credit: Pete) When the Spectre and Meltdown attacks were disclosed earlier this year, the initial exploits required an attacker to be able to run code of their choosing on a victim system. This made browsers vulnerable, as...

Microsoft offers extended support for Windows, SQL 2008: but with a catch

(credit: Marcus W / Flickr) Windows Server 2008 and 2008 R2, as well as SQL Server 2008 and 2008 R2, are due to move out of extended support over the next few years; SQL Server in July 2019,...

New Spectre-like attack uses speculative execution to overflow buffers

Enlarge (credit: Aurich Lawson / Getty Images) When the Spectre and Meltdown attacks were disclosed earlier this year, the expectation was that these attacks would be the first of many, as researchers took a closer look at the...

Hyperthreading under scrutiny with new TLBleed crypto key leak

Enlarge / A shiny wafer full of Kaby Lake refresh parts. (credit: Intel) Last week, developers on OpenBSD—the open-source operating system that prioritizes security—disabled hyperthreading on Intel processors. Project leader Theo de Raadt said that a research paper...

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...