# tech security news



## ae1905

*NVIDIA GPUs weren't immune to Spectre security flaws either*

It's posting updated drivers that fight the vulnerabilities.
Jon Fingas







Devindra Hardawar/Engadget 

It's not just your processor and operating system that are affected by the Meltdown and Spectre memory vulnerabilities -- your graphics card is, too. To that end, NVIDIA has detailed how its GPUs are affected by the speculative execution attacks and has started releasing updated drivers that tackle the issue. All its GeForce, Quadro, NVS, Tesla and GRID chips appear to be safe from Meltdown (aka variant 3 of the attacks), but are definitely susceptible to at least one version of Spectre (variant 1) and "potentially affected" by the other (variant 2). The new software mitigates the first Spectre flaw, but NVIDIA is promising future mitigations as well as eventual updates to address the second.

Most of the updates are available now, although Tesla and GRID users will have to wait until late January.

There's no mention of whether or not NVIDIA's fixes will affect performance. Microsoft has warned that some Spectre fixes could bog down older PCs, but those are fixes for CPUs, not GPUs. NVIDIA had already promised updates for its Shield devices.

NVIDIA's fixes are necessary given the severity of the flaw (an intruder could use speculative execution to swipe sensitive data from protected memory), but they also illustrate just how much of a headache Meltdown and Spectre have become. While they don't affect absolutely every aspect of computing, they're pervasive enough that it's virtually certain you use _something_ which requires an update.


----------



## IamLegend

I have heard about two critical chip flaws that can affect virtually every smartphone, tablet, and computer. I think that's why it's important always to follow computer safety basics. Avoid clicking on unknown links and attachments on emails and refrain from installing software and apps from unofficial sources. I also toped using hola VPN and switched to a new VPN service, nova VPN. And of course I have antivirus program.


----------



## ae1905

bloomberg.com *

Intel Says Chip-Security Fixes Leave PCs No More Than 10% Slower*

By Ian King More stories by Ian King
[HR][/HR] January 10, 2018



 Chipmaker promises more test data on server impact soon 
 Meltdown, Spectre vulnerabilities have put Intel on defensive 
 
Intel Corp., trying to defuse concern that fixes to widespread chip security vulnerabilities will slow computers, released test results late Wednesday showing that personal computers won’t be affected much and promised more information on servers.

The chipmaker published a table of data showing that older processors handled typical tasks 10 percent slower at most, after being updated with security patches. The information covered three generations of processors, going back to 2015, running Microsoft’s Windows 10 and Windows 7 computer operating systems.

“We previously said that we expected our performance impact should not be significant for average computer users, and the data we are sharing today support that expectation on these platforms,” Navin Shenoy, an Intel senior vice president who heads its data center unit, said in a statement. “We plan to share initial data on some of our server platforms in the next few days.”

Last week, the world’s biggest chipmakers and software companies, including Intel and Microsoft Corp., announced vulnerabilities that leave computers and smartphones susceptible to potential hacking. Google researchers last year discovered that features, present in almost all processors running computers and phones, could give cyberattackers unauthorized access to sensitive data.

Intel’s processors are at the heart of the majority of the world’s personal computers and server machines making its assessment of the side effects of patching the vulnerability an important indicator of the extent of the issue. Microsoft gave a more pessimistic appraisal than Intel’s initial assessments, particularly for servers that form the backbone of corporate networks. 

“As of today, we still have not received any information that these exploits have been used to obtain customer data,” Shenoy said on Wednesday.

Before it's here, it's on the Bloomberg Terminal. LEARN MORE


----------



## ae1905

bleepingcomputer.com *

Meltdown & Spectre Patches Causing Boot Issues for Ubuntu 16.04 Computers*

Catalin Cimpanu
[HR][/HR]








Ubuntu Xenial 16.04 users who updated to receive the Meltdown and Spectre patches are reporting they are unable to boot their systems and have been forced to roll back to an earlier Linux kernel image.

The issues were reported by a large number of users on the Ubuntu forums, Ubuntu's Launchpad bug tracker, and Reddit thread. Only Ubuntu users running the Xenial 16.04 series appear to be affected.

All users who reported issues said they were unable to boot after upgrading to Ubuntu 16.04 with kernel image 4.4.0-108.

"Just did an update this morning to 4.4.0-108-generic and the boot failed to process," said Punit Patpatia, an Ubuntu user, earlier today.

"Yep - same here - did update and lockup at boot screen," added a different user on the Ubuntu forums.

Canonical, the company behind Ubuntu OS, deployed Linux kernel image 4.4.0-108 as part of a security update for Ubuntu Xenial 16.04 users, yesterday, on January 9.

According to Ubuntu Security Notice USN-3522-1 and an Ubuntu Wiki page, this was the update that delivered the Meltdown and Spectre patches.

A Canonical spokesperson was not available for comment on the issue, but two new Ubuntu 16.04 updates [1, 2] with Linux kernel image 4.4.0-109 were released two hours before this article's publication.

Some of the users who reported issues with the previous update said the new kernel build worked fine. As a last resort, rolling back to kernel image 4.4.0-104 also fixes the boot issues for affected users.

_Article title updated because we used the term "bricking" incorrectly. Bleeping Computer regrets the error._


----------



## ae1905

https://www.intel.com/content/www/u...de-channel-analysis-and-intel-products.html#1

*Impacted Intel® Platforms*

The following Intel*®*-based platforms are impacted by this issue. Intel may modify this list at a later time. 

Please check with your system vendor or equipment manufacturer (see links above) for more information regarding your system.

Intel® Core™ i3 processor (45nm and 32nm)
Intel® Core™ i5 processor (45nm and 32nm)
Intel® Core™ i7 processor (45nm and 32nm)
Intel® Core™ m processor family (45nm and 32nm)
2nd generation Intel® Core™ processors
3rd generation Intel® Core™ processors
4th generation Intel® Core™ processors
5th generation Intel® Core™ processors
6th generation Intel® Core™ processors
7th generation Intel® Core™ processors
8th generation Intel® Core™ processors
Intel® Core™ X-series processor family for Intel® X99 platforms
Intel® Core™ X-series processor family for Intel® X299 platforms
Intel® Xeon® processor 3400 series
Intel® Xeon® processor 3600 series
Intel® Xeon® processor 5500 series
Intel® Xeon® processor 5600 series
Intel® Xeon® processor 6500 series
Intel® Xeon® processor 7500 series
Intel® Xeon® processor E3 family
Intel® Xeon® processor E3 v2 family
Intel® Xeon® processor E3 v3 family
Intel® Xeon® processor E3 v4 family
Intel® Xeon® processor E3 v5 family
Intel® Xeon® processor E3 v6 family
Intel® Xeon® processor E5 family
Intel® Xeon® processor E5 v2 family
Intel® Xeon® processor E5 v3 family
Intel® Xeon® processor E5 v4 family
Intel® Xeon® processor E7 family
Intel® Xeon® processor E7 v2 family
Intel® Xeon® processor E7 v3 family
Intel® Xeon® processor E7 v4 family
Intel® Xeon® processor Scalable family
Intel® Xeon Phi™ processor 3200, 5200, 7200 series 
Intel Atom® processor C series
Intel Atom® processor E series
Intel Atom® processor A series
Intel Atom® processor x3 series
Intel Atom® processor Z series
Intel® Celeron® processor J series
Intel® Celeron® processor N series
Intel® Pentium® processor J series
Intel® Pentium® processor N series


----------



## ae1905

*AMD is deploying a patch for the second Spectre CPU vulnerability*

It has admitted that its chips are susceptible to both Spectre variants.   

Mariella Moon, @mariella_moon 







Getty Images 

While Intel is at the center of the Spectre/Meltdown fiasco, AMD's chips are also affected by the CPU vulnerabilities. The company previously said that its chips are only susceptible to the first Spectre variant, but in its latest announcement, it admitted that both Spectre variations are "applicable to AMD processors." AMD already provided PC manufacturers its fix for the first Spectre version, and Microsoft has begun rolling it out. The chipmaker also said it's working with Redmond to address a problem that delayed the distribution of patches for its older processors. 

Since the second version of Spectre needs a different fix, AMD will also provide its customers and partners for Ryzen and EPYC processors with a patch for its chips starting this week. Firmware updates for its older chips will follow in the coming weeks. If you use Linux, you might get it sooner than you think, since Linux vendors have already started releasing OS patches for the second variant. You might have to wait a bit if you're a Windows user, though, since AMD is still working out distribution timing with Microsoft. 

While its statement regarding its products' vulnerability both Spectre variants has changed, the company said its chips' architecture will make it very difficult for attackers to exploit version 2. It also maintained that Meltdown isn't applicable to AMD chips at all. AMD's processors aren't "susceptible" to Meltdown, the chipmaker wrote, "due to [the company's] use of privilege level protections within paging architecture. Since "no mitigation is required" for variant 3, it won't be creating a patch for the vulnerability.


----------



## ae1905

*Google details how it protected services like Gmail from Spectre*

The company called 'Meltdown' and 'Spectre' the most complex flaws in the past decade. 

Mariella Moon, @mariella_moon







KaiDunn 

Google says it already deployed anti-Spectre and Meltdown solutions to protect its products, and users didn't even notice. The downside of the patches companies are rolling out to fix the CPU vulnerabilities is that they have the potential to slow down systems. For the big G, that means slowdown for huge services like Gmail, Google Drive and Search and its Cloud products. Mountain View had to gather hundreds of engineers working across the company to find a way to protect its products. After a few months, they found a solution for Meltdown and the first variant of Spectre (two of the three vulnerabilities), which they then started rolling out way back in September. Google says it didn't get any complaint reporting performance degradation after it deployed the fix. 

However, the second variant of Spectre proved a lot more problematic. Google's engineers thought the only way to protect against it was to switch off the CPU features that made the chips vulnerable to attackers. Unfortunately, doing that slowed down applications considerably and caused inconsistent performance, so the tech titan had to look at unusual or "moonshot" solutions. It found the answer in Retpoline, a technique conjured up by Google Senior Staff Engineer Paul Turner, which "modifies programs to ensure that execution cannot be influenced by an attacker."

Retpoline allowed Google to protect its services from the second variant of Spectre without having to modify source codes or to switch off hardware components. And by December, the company was done rolling our protections against all three variants. Google reiterates that it received no support tickets related to the updates, but then again, people might have attributed their complaints to other things if they didn't know about the flaws. 

Google considers this set of vulnerabilities the "most challenging and hardest to fix" it's had to deal with in the past decade. That it was able to find solutions for them relatively quickly demonstrates just how powerful the company is. Thankfully, the tech titan isn't keeping Retpoline a secret: it has shared its research with other tech companies in hopes that it "can be universally deployed to improve the cloud experience industry-wide."


----------



## ae1905

prnewswire.com 

*IOActive and Embedi Uncover Major Security Vulnerabilities in ICS Mobile Applications*

IOActive, Inc.
[HR][/HR]
SEATTLE, Jan. 11, 2018 /PRNewswire/ -- IOActive, Inc., the worldwide leader in research-driven security services, and Embedi, a cybersecurity startup company focused on immunizing IoT/embedded/smart end-point devices against 0- and 1-day attacks, today released a white paper outlining 147 cybersecurity vulnerabilities found in 34 mobile applications used in tandem with Supervisory Control and Data Acquisition (SCADA) systems. The technical details of the research are being released by Alexander Bolshev, Security Consultant for IOActive, and Ivan Yushkevich, Information Security Auditor for Embedi, in a new paper, "SCADA and Mobile Security in the Internet of Things Era."

According to the researchers, if the mobile application vulnerabilities identified are exploited, an attacker could disrupt an industrial process or compromise industrial network infrastructure, or cause a SCADA operator to unintentionally perform a harmful action on the system. The 34 mobile applications tested were randomly selected from the Google Play Store.

"This new vulnerability report proceeds original research conducted by Alex and Ivan two years ago, where 20 mobile applications were tested," said Jason Larsen, Principal Security Consultant at IOActive. "At the time, there just weren't as many SCADA applications on the market. This latest white paper reinforces the fact that mobile applications are increasingly riddled with vulnerabilities that could have dire consequences on SCADA systems that operate industrial control systems. The key takeaway for developers is that security MUST be baked in from the start -- it saves time, money, and ultimately helps protect the brand."

The original research was conducted at Black Hat in 2015 and found a total of 50 issues in 20 mobile applications that were analyzed. In 2017, they found a staggering 147 issues in the 34 applications selected for this research report. This represents an average increase of 1.6 vulnerabilities per application.

Bolshev's and Yushkevich's research focused on testing software and hardware, using backend fuzzing and reverse engineering. In doing so, they successfully uncovered security vulnerabilities ranging from insecure data storage and insecure communication to insecure cryptography and code tampering. Specifically, the research revealed the top five security weaknesses were: code tampering (94% of apps), insecure authorization (59% of apps), reverse engineering (53% of apps), insecure data storage (47% of apps) and insecure communication (38% of apps).

"The flaws we found were shocking, and are evidence that mobile applications are being developed and used without any thought to security," said Bolshev. "It's important to note that attackers don't need to have physical access to the smartphone to leverage the vulnerabilities, and they don't need to directly target ICS control applications either. If the smartphone users download a malicious application of any type on the device, that application can then attack the vulnerable application used for ICS software and hardware. What this results in is attackers using mobile apps to attack other apps."

"Developers need to keep in mind that applications like these are basically gateways to mission critical ICS systems," said Yushkevich. "It's important that application developers embrace secure coding best practices to protect their applications and systems from dangerous and costly attacks." 

IOActive and Embedi informed the impacted vendors of the findings through responsible disclosure, and are coordinating with a number of them to ensure fixes are in place.

*About IOActive
*IOActive is the industry's only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from security advising to penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Read the IOActive Labs Research Blog: http://blog.ioactive.com. Follow IOActive on Twitter: http://twitter.com/ioactive.

*About Embedi
*Embedi expertise is backed up by extensive experience in security of embedded devices, with special emphasis on attack and exploit prevention. Years of research are the genesis of the software solutions created. Embedi developed a wide range of security products for various types of embedded/smart devices used in different fields of life and industry such as: wearables, smart home, retail environments, automotive, smart buildings, ICS, smart cities, and others. Embedi is headquartered in Berkeley, USA. Visit embedi.com for more information and follow Embedi on Twitter (@_embedi_).


----------



## ae1905

*Intel Broadwell and Haswell CPUs Experiencing Reboots After Firmware Updates*

By *Catalin Cimpanu*
January 12, 2018






 Intel said today it is investigating an issue with Broadwell and Haswell CPUs after customers reported higher system reboot rates when they installed firmware updates for fixing the Spectre flaw.

The hardware vendor said these systems are both home computers and data center servers.

"We are working quickly with these customers to understand, diagnose and address this reboot issue, "said Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel Corporation.

"If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue," Shenoy added.

The Intel exec said users shouldn't feel discouraged by these snags and continue to install updates from OS makers and OEMs.

While Shenoy has not clarified what systems are experiencing higher reboot rates, it could only be Linux systems for which Intel started rolling out CPU microcode updates yesterday. These firmware updates mitigate the Spectre flaw.


----------



## ae1905

Now Meltdown Patches Are Making Industrial Control Systems Lurch  (theregister.co.uk)


----------



## ae1905

'Very High Level of Confidence' Russia Used Kaspersky Software For Devastating NSA Leaks  (yahoo.com)


----------



## ae1905

diagnostics tool for meltdown and spectre bugs

https://www.computerworld.com/artic...-pcs-protected-from-meltdown-and-spectre.html

https://www.grc.com/inspectre.htm


----------



## ae1905

since this is unconfirmed it may not be a risk, but uncertainty and the possibility it may be or may yet be makes this a tech security story

Amazon Won't Say If It Hands Your Echo Data To the Government  (zdnet.com)


----------



## zynthaxx

Virtualbox sandbox escape:
https://nvd.nist.gov/vuln/detail/CVE-2018-2687


----------



## SummerHaze

I have read on thehackernews.com the article "*Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012*"
A global mobile espionage campaign collecting a trove of sensitive personal information from victims since at least 2012 has accidentally revealed itself—thanks to an exposed server on the open internet.
It's one of the first known examples of a successful large-scale hacking operation of mobile phones rather than computers.
That's why I think that for better privacy protection, enhanced security from hackers, identity thieves and malware a proxy service like https://buy.fineproxy.org/eng/ is a good option. Protect yourself and stay secure.


----------



## ae1905

Linus Torvalds Calls Intel Patches 'Complete and Utter Garbage'  (lkml.org)


----------



## ae1905

*Intel Releases Linux CPU Microcodes To fix Meltdown & Spectre Bugs*

By *Lawrence Abrams*


January 11, 2018 

https://www.bleepingcomputer.com/ne...-microcodes-to-fix-meltdown-and-spectre-bugs/

look for "intel-microcode" in the program manager

amd has also released a microcode fix for its cpus...search for "amd64-microcode"


----------



## ae1905

^
apparently, the same microcode intel released for linux can be applied for windows

How to update Intel microcode on windows 7 x64 bootup. For Skylake, Kabylake and others. - Overclock.net


----------



## ae1905

Dell and HP Advise All Their Customers To Not Install Spectre BIOS Updates  (bleepingcomputer.com)


----------



## ae1905

Chrome 64 Released With Stronger Popup Blocker, Spectre Mitigations  (bleepingcomputer.com)


----------



## ae1905

Intel promises Spectre- and Meltdown-proof chips this year The company is touting it as a long-term fix.

https://www.engadget.com/2018/01/26/intel-spectre-meltdown-chips/


----------



## ae1905

Tech Firms Let Russia Probe Software Widely Used by US Government  (reuters.com)


----------



## ae1905

Microsoft Issues Windows Out-of-Band Update That Disables Spectre Mitigations  (bleepingcomputer.com)


----------



## ae1905

Google credits AI for stopping more rogue Android apps in 2017 New techniques helped prevent 99 percent of bad apps from touching phones.


https://www.engadget.com/2018/01/30/google-credits-ai-for-stopping-more-rogue-android-apps-in-2017/


----------



## ae1905

Apple is Postponing Release of New Features To iOS This Year To Focus on Reliability and Performance: Report  (axios.com)


----------



## ae1905




----------



## ae1905

Security Settings before Going for a JogA fitness-tracking app’s ability to reveal supposedly clandestine locations is a reality check for people lax about protecting their security and privacy


By Jason R. C. Nurse, The Conversation US on February 1, 2018
https://www.scientificamerican.com/...ear-security-settings-before-going-for-a-jog/


----------



## ae1905

https://www.engadget.com/2018/02/08/intel-spectre-cpu-patch/


----------



## ae1905

engadget.com Olympics officials confirm cyberattack during opening ceremony


----------



## ae1905

uTorrent Client Affected by Some Pretty Severe Security Flaws  (bleepingcomputer.com)


----------



## ae1905

Intel Has a New Spectre and Meltdown Firmware Patch For You To Try Out  (betanews.com)


----------



## ae1905

Researchers Warn of Extraterrestrial Hacks  (vice.com)


----------



## ae1905

Intel Fixes Spectre Update That Caused Reboots On Haswell, Broadwell PCs

The guidance also shows that Intel is planning on updating even older CPU microarchitectures, such as Penryn, Yorkfield, Nehalem, Westmere, and Wolfdale. This could mean that Intel is prepared to fix the Spectre and Meltdown flaws going back about 10 years, considering that Penryn was first released in 2007.


Microsoft Microcode Updates Defend Intel CPUs Against Spectre

Microsoft said it will soon be distributing Intel’s new microcode for other CPUs in the same way but didn’t offer any additional information about its plans. 

This development raises some questions on the overall Meltdown/Spectre mitigation initiative. As stated earlier, we understood that Intel’s microcode updates were to be distributed to end users on a per-product basis via BIOS updates. BIOS updates are able to rewrite ROM that holds a permanent copy of system firmware. We confirmed with Microsoft that the Windows patch is not doing the same thing; instead, it applies the new microcode at a different level in the system, overwriting the default provided by the BIOS ROM. The distinction is that one method is permanent and persists even if you install another OS, whereas the other applies only within the context of the OS. Microsoft confirmed that this means if you reinstall your Windows OS without reapplying the Windows update, then your system will revert to being unprotected.

To be clear, regardless whether you apply the BIOS update or the Windows patch to your system, the end result is that your Windows system is protected.


----------



## ae1905

.


----------



## ae1905

Privacy-Busting Bugs Found in Popular VPN Services Hotspot Shield, Zenmate and PureVPN  (zdnet.com)


----------



## ae1905

engadget.com Intel redesigned its 8th-gen processors to patch ‘Meltdown’ flaws


----------



## ae1905

Android Is Now as Safe as the Competition, Google Says  (cnet.com)


----------



## ae1905

bleepingcomputer.com Firefox Master Password System Has Been Poorly Secured for the Past 9 Years


----------



## ae1905

engadget.com AMD vows to fix newly-disclosed processor vulnerabilities


----------



## ae1905

Intel CPUs Vulnerable To New 'BranchScope' Attack  (securityweek.com)


----------



## zynthaxx

You can now choose between risking that your old virtual servers drop off the network, or having their kernel memory readable and writable by user space software. Nice...
https://www.theregister.co.uk/2018/03/28/microsoft_windows_meltdown_patch_security_flaw/


----------



## ae1905

engadget.com Baltimore’s 911 dispatch system was hacked last weekend


----------



## ae1905

Microsoft Issues Out-Of-Band Security Update To Patch a Meltdown Patch It Released Earlier This Year (bleepingcomputer.com)


----------



## ae1905

Chrome Is Scanning Files on Your Computer, and People Are Freaking Out  (vice.com)


----------



## Pifanjr

ae1905 said:


> Chrome Is Scanning Files on Your Computer, and People Are Freaking Out  (vice.com)


I don't really care that they would scan my documents, but that they use up RAM and CPU while doing so. Chrome uses way too much of both as it is already in my opinion.


----------



## ae1905

Panerabread.com Leaks Millions of Customers Records  (krebsonsecurity.com)


----------



## ae1905

Intel Says Some CPU Models Will Never Receive Microcode Updates  (bleepingcomputer.com)


----------



## ae1905

Malware Attack on Vendor To Blame for Delta and Sears Data Breach Affecting 'Hundreds of Thousands' of Customers (gizmodo.com)


----------



## ae1905

ae1905 said:


> *Chrome Is Scanning Files on Your Computer, and People Are Freaking Out  (vice.com) *



https://www.engadget.com/2018/04/07/chrome-cleanup-download-scan/


----------



## ae1905

Best Buy Warns of Data Breach (usatoday.com)


----------



## ae1905

Global cyberattack targets 200,000 network switches (updated)The attackers displayed a US flag, but it's not clear who's responsible.


https://www.engadget.com/2018/04/07/global-cisco-switch-cyberattack/


----------



## ae1905

Check right now if Cambridge Analytica used your Facebook dataA new page in Facebook's Help Center explains if you were affected.


https://www.engadget.com/2018/04/10/how-to-check-data-facebook-cambridge-analytica/


----------



## ae1905

YouTube Hack: Several High-Profile Videos Mysteriously Disappear From Platform, Some Defaced


----------



## ae1905

Researchers say some Android phone makers hide missed updates Samsung and Sony phones are among those with skipped updates.


https://www.engadget.com/2018/04/12/researchers-some-android-phone-makers-hide-missed-updates/


----------



## ae1905

Uber's 2016 Breach Affected More Than 20 Million US Users (bloomberg.com)


----------



## ae1905

Hackers Stole a Casino's High-Roller Database Through a Thermometer in the Lobby Fish Tank  (businessinsider.com)


----------



## Pifanjr

https://pcgamesn.com/minecraft/minecraft-skins-malware


----------



## ae1905

'Login With Facebook' Data Hijacked By JavaScript Trackers  (techcrunch.com)


----------



## ae1905

*Millions of Chrome Users Have Installed Malware Posing as Ad Blockers*


----------



## ae1905

LinkedIn's AutoFill Plugin Could Leak user Data, Secret Fix Failed (techcrunch.com)


----------



## ae1905

*Hackers Built a 'Master Key' For Millions of Hotel Rooms*


----------



## ae1905

*'Next Generation' Flaws Found on Computer Processors*


----------



## ae1905

*Microsoft's 'Meltdown' Patch For Windows 10 Contains a Fatal Flaw*


----------



## ae1905

*Abbott Addresses Life-Threatening Flaw In a Half-Million Pacemakers*


----------



## ae1905

*Malicious Chrome Extensions Infect Over 100,000 Users Again*


----------



## ae1905

*Google Hasn't Stopped Reading Your Emails*


----------



## ae1905

*Cell Phone Tracking Firm Exposed Millions of Americans' Real-time Locations*


----------



## ae1905

*IBM Warns Quantum Computing Will Break Encryption*


----------



## ae1905

*Google and Microsoft Disclose New CPU Flaw, and the Fix Can Slow Machines Down*


----------



## Agni

ae1905 said:


> *Google and Microsoft Disclose New CPU Flaw, and the Fix Can Slow Machines Down*


Related - https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/


----------



## zynthaxx

Patch yer bimmers...https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/


----------



## ae1905

*FBI Tells Router Users To Reboot Now To Kill Malware Infecting 500,000 Devices*


----------



## ae1905

*Thousands of Organizations Are Exposing Sensitive Data Via Google Groups Lists, Researchers Find*


----------



## ae1905

*Facebook Gave Device Makers Deep Access To Data On Users and Friends*


----------



## ae1905

*MyHeritage, a DNA Testing and Ancestry Service, Announces Data Breach of Over 92 Million Account Details*


----------



## ae1905

*Bugs Allowed Hackers To Make Malware Look Like Apple Software*


----------



## ae1905

*Microsoft Explains How it Decides Whether a Vulnerability Will Be Patched Swiftly or Left For a Version Update*


----------



## ae1905

*Inside the Private Event Where Microsoft, Google, Salesforce and Other Rivals Share Security Secrets*


----------



## ae1905

*Lawmakers are asking DNA-testing companies about their privacy policies — here's what you should know when taking genetics tests like 23andMe or AncestryDNA*


----------



## ae1905

*Google adds anti-tampering DRM to Android apps in the Play Store*


----------



## ae1905

*Security researcher bypasses iPhone's limit on passcode attempts (updated)*


----------



## ae1905

ae1905 said:


> *Security researcher bypasses iPhone's limit on passcode attempts (updated)*


*Apple Refutes Hacker's Claim He Could Break iPhone Passcode Limit*


----------



## Pifanjr

ae1905 said:


> *Apple Refutes Hacker's Claim He Could Break iPhone Passcode Limit*


The article you quoted had an update saying the same thing.


----------



## ae1905

Pifanjr said:


> The article you quoted had an update saying the same thing.



yes, but the headline was not explicit and was actually misleading, so I corrected it


----------



## ae1905

*Last Year's ICOs Had Five Security Vulnerabilities On Average, Say Researchers*


----------



## ae1905

*Wi-Fi Alliance Launches WPA3 Security Standard*


----------



## ae1905

*Hundreds of Hotels Affected by Data Breach at Hotel Booking Software Provider*


----------



## ae1905

*Adidas warns US customers about a possible data breach*


----------



## ae1905

*A Massive Cache of Law Enforcement Personnel Data Has Leaked*


----------



## ae1905

*Security Flaws Disclosed in 4G LTE Mobile Telephony Standard*


----------



## ae1905

*Facebook relaxed its own rules to give these 61 companies special access to user data*


----------



## ae1905

*If you shopped at these 15 stores in the last year, your data might have been stolen*


----------



## ae1905

*Download Bomb Trick Returns in Chrome -- Also Affects Firefox, Opera, Vivaldi and Brave*


----------



## ae1905

*Study Finds That a Large Number of Popular Android Apps Secretly Cast the Screen To Third Parties, But They Don't Listen To Conversations*


----------



## ae1905

*Firefox and Chrome Pull Popular Browser Extension Stylish From Their Stores After Report Claimed It Logs and Shares Browsing History, Credentials*


----------



## Pifanjr

*Researchers Hack Tinder, Ok Cupid, Other Dating Apps to Reveal Your Location and Messages*

From an article that includes some more reasons not to use dating apps:
*5 Disturbing Things About Dating Apps Nobody Told You | Cracked.com*


----------



## ae1905

*How Smart TVs in Millions of US Homes Track More Than What's on Tonight*


----------



## zynthaxx

https://arstechnica.com/information...-link-used-to-sign-password-stealing-malware/


----------



## ae1905

*Hacker Breaches Chrome Extension of Popular VPN Service Hola, Directs Users To Compromised Cryptocurrency Website*


----------



## ae1905

*New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed*


----------



## ae1905

*US Military Publicly Dumps Russian Government Malware Online*


----------



## maxmayer

I use Avast, and it is important part of my PC security, so i can advise it


----------



## ae1905

*Researchers Discover Seven New Meltdown and Spectre Attacks*


----------



## The red spirit

Biflog said:


> By the way, if we talk about antiviruses, what is better to choose now for a weak computer?
> Maybe Avast or ScanGuard?


Avast is better in security. I have ran it on many POS machines and it performs well. Get Avast, it's the best free antivirus.


----------



## Pifanjr

The red spirit said:


> Avast is better in security. I have ran it on many POS machines and it performs well. Get Avast, it's the best free antivirus.


I'm 99% sure you're answering an ad bot, as they reposted this post almost exactly:



Elisiko said:


> By the way, if we talk about antiviruses, what is better to choose now for a weak computer?
> Watching a rating, maybe Avast or ScanGuard?


That account has been banned since then, so this is probably a new account from the same bot.


----------



## maxmayer

I absoulutely agree with you, i uset to use Avast combine it with some different proggrams, and now i can say that result is great. My PC is safe, and security on the high-level


----------



## The red spirit

Pifanjr said:


> I'm 99% sure you're answering an ad bot, as they reposted this post almost exactly:
> 
> 
> 
> That account has been banned since then, so this is probably a new account from the same bot.


I'm confused? Look at post above
^
I
I


----------



## The red spirit

maxmayer said:


> I absoulutely agree with you, i uset to use Avast combine it with some different proggrams, and now i can say that result is great. My PC is safe, and security on the high-level


Avast + Spybot or Avast + Zone Alarm or Avast + Glasswire are great combos. I tried them all myself and they offer robust security. This is really as good as you can achieve with free software. Some may recommend Malwarebytes, but hey it's only a scanner and other free antimalware software offer real time protection. So I usually stay away from it.

I really don't see a reason to pay money for computer protection, when we have awesome free software. In AV testing you can only get like fraction of percent better security at quite high cost of at least 30 freedom greens and very likely you will have to pay that for each year. Waste of money.

The only thing I start to dislike about Avast is that in recent years free version of it has more ads and fake utilities than it ever did. If it becomes shitware, then I will switch.


----------



## ae1905

*[URL="http://rss.slashdot.org/%7Er/Slashdot/slashdot/%7E3/i4CKFEMyzGI/minister-in-charge-of-japans-cybersecurity-says-he-has-never-used-a-computer"]Minister in Charge of Japan's Cybersecurity Says He Has Never Used a Computer**
*[/URL]


----------



## ae1905

*The F-35's Greatest Vulnerability Isn't Enemy Weapons. It's Being Hacked.*


----------



## ae1905

*Fake Fingerprints Can Imitate Real Ones In Biometric Systems, Research Shows*

schwit1 shares a report: Researchers have used a neural network to generate artificial fingerprints that work as a "master key" for biometric identification systems and prove fake fingerprints can be created.


----------



## ae1905

*'The Internet Needs More Friction'*


----------



## ae1905

*500,000 Duped Into Downloading Android Malware Posing As Driving Games On Google Play*


----------



## ae1905

*Rowhammer Attacks Can Now Bypass ECC Memory Protections*


----------



## ae1905

*Half of phishing sites trick you into thinking they're 'secure'*


----------



## ae1905

*In China, Your Car Could Be Talking To the Government*


----------



## ae1905

*Two iOS Fitness Apps Were Caught Using Touch ID To Trick Users Into Payments of $120*


----------



## ae1905

*Researchers Discover SplitSpectre, a New Spectre-like CPU Attack*


----------



## ae1905

*Cyber-Espionage Group Uses Chrome Extension To Infect Victims*

In what appears to be a first on the cyber-espionage scene, a nation-state-backed hacking group has used a Google Chrome extension to infect victims and steal passwords and cookies from their browsers.


----------



## ae1905

*Facial Recognition Has To Be Regulated To Protect the Public, Says AI Report*


----------

