Intel’s efforts to issue fixes for the Spectre and Meltdown CPU vulnerabilities are still hitting some bumps in the road, a company executive said in a blog post. “We have now issued firmware updates for 90 percent of Intel CPUs introduced in the past five years, but we have more work to do,” said Navin […]
APPLE PREPS CHAIOS IMESSAGE BUG FIX FOR NEXT WEEK
January 20, 2018
The update will address a flaw software developer Abraham Masri publicly identified in a tweet earlier this week, according to multiple published reports. The flaw causes the iMessage app on iOS devices to freeze, crash or restart. Macs are also affected. A macOS High Sierra 10.13.3 update is expected later this month to fix the […]
Google Drive Exploited to Download Malware Directly from URL
January 19, 2018
A vulnerability has emerged that allows hackers to automatically download malware to a victim’s computer directly from a Google Drive URL. Proofpoint uncovered the vulnerability and created a proof-of-concept exploit for the issue, which exists in the Google Apps Script. The development platform is based on JavaScript and allows the creation of both standalone web […]
Believe It: Cyber security is Getting Better, Not Worse
January 18, 2018
2017 has been a tough year from a cybersecurity stand point. We’ve seen some of the biggest hacks and data breaches ever, as well as one of the most devastating ransomware/malware outbreaks on record. Despite all of this – I’m going to make a statement that will shock many in the industry – cybersecurity is […]
What Does Data Loss Mean for Your Business?
January 17, 2018
In May 2018, the General Data Protection Regulation (GDPR) comes into force. GDPR toughens rules around obtaining consent to process data; it forces companies to tell consumers whenever a serious breach occurs; it sets much more stringent standards for data protection; and it means that companies can be forced to stop collecting or processing data, […]
Meltdown Patch Broke Some Ubuntu Systems
January 16, 2018
Canonical was forced to release a second round of Ubuntu updates that address the recently disclosed CPU vulnerabilities after some users complained that their systems no longer booted after installing the initial patches. On January 9, Canonical released Ubuntu updates designed to mitigate Spectre and Meltdown, two recently disclosed attack methods that work against processors […]
AMD Working on Microcode Updates to Mitigate Spectre Attack
January 15, 2018
AMD has informed customers that it will soon release processor microcode updates that should mitigate one of the recently disclosed Spectre vulnerabilities, and Microsoft has resumed delivering security updates to devices with AMD CPUs. Shortly after researchers revealed the Spectre and Meltdown attack methods, which allow malicious actors to bypass memory isolation mechanisms and access […]
Bogus Passwords Can Unlock AppStore Preferences in macOS
January 14, 2018
A security vulnerability impacting macOS High Sierra allows admins to unlock the AppStore Preferences in System Preferences by providing any password. The issue was found to affect macOS 10.13.2, the latest iteration of the platform, and can be reproduced only if the user is logged in as administrator. For non-admin accounts, the correct credentials are […]
Simple Attack Allows Full Remote Access to Most Corporate Laptops
January 13, 2018
Attack is Simple to Exploit, Has Incredible Destructive Potential Researchers have discovered a flaw in Intel’s Advanced Management Technology (AMT) implementation that can be abused with less than a minute of physical access to the device. An Evil Maid attack could ultimately give an adversary full remote access to a corporate network without having to […]
Critical Flaw Reported In phpMyAdmin Lets Attackers Damage Databases
January 12, 2018
A critical security vulnerability has been reported in phpMyAdmin—one of the most popular applications for managing the MySQL database—which could allow remote attackers to perform dangerous database operations just by tricking administrators into clicking a link. Discovered by an Indian security researcher, Ashutosh Barot, the vulnerability is a cross-site request forgery (CSRF) attack and affects […]