News – January 2018


  • Rush to fix ‘serious’ computer chip flaws

    January 4, 2018

    Tech firms are working to fix two bugs that could allow hackers to steal personal data from computer systems. Google researchers said one of the “serious security flaws”, dubbed “Spectre”, was found in chips made by Intel, AMD and ARM. The other, known as “Meltdown” affects Intel-made chips alone. The industry has been aware of the problem for ...

  • ​240,000 Homeland Security employees, case witnesses affected by data breach

    January 4, 2018

    The United States Department of Homeland Security (DHS) has confirmed the breach of the DHS Office of Inspector General (OIG) Case Management System (CMS), affecting approximately 247,167 individuals employed by DHS in 2014, as well as individuals including subjects, witnesses, and complainants associated with DHS OIG investigations from 2002 through 2014. DHS issued a statement on ...

  • After security disasters, banks using SWIFT messaging platform face new regulations in 2018

    January 3, 2018

    In 2018, all banks using the SWIFT messaging platform will be required to comply with a new cybersecurity framework that aims to establish a baseline for security. SWIFT stands for the Society for Worldwide Interbank Financial Telecommunication. Banks use the closed network to communicate among themselves, sending approximately 25 million messages per day. Read more… Source: TechRepublic

  • Google reveals trio of speculative execution flaws, says AMD affected

    January 3, 2018

    Google’s Project Zero has revealed details of a vulnerability that impacts Intel chips going back to 1995, and confirmed rumours that it involved the use of speculative execution. Importantly for users of AMD chips, the search giant went against comments made earlier in the week from chip manufacturer that said it was not affected. “These vulnerabilities affect many CPUs, ...

  • Satori IoT botnet malware code given away for Christmas

    January 2, 2018

    A hacker has released the working code for a Huawei router exploit used by the Satori botnet over the holiday season as a freebie for cyberattackers seeking to target Huawei devices or bolster botnets. According to NewSky Security principal researcher Ankit Anubhav, the exploit’s code was released on Pastebin over the holiday season. Read more… Source: ZDNet  

  • Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

    January 2, 2018

    A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug. Programmers are scrambling to overhaul the open-source Linux kernel’s virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch ...

  • MacOS LPE Exploit Gives Attackers Root Access

    January 2, 2018

    A researcher that goes by the handle “Siguza” released details of a local privilege escalation attack against macOS that dates back to 2002. A successful attack could give adversaries complete root access to targeted systems. Siguza released details of the attack on Dec. 31 via Twitter, wishing followers a “Happy New Year” and linked to a ...