News
News
- May 11, 2018
11 May'18
Hardware debug documentation leads to widespread vulnerability
A hardware debug bug, apparently caused by unclear Intel hardware architecture documentation, infested almost all major OSes, as well as leading virtualization software.
- May 10, 2018
10 May'18
Android P security improves authentication trust and data privacy
Android P security features, which were previewed at Google I/O, include notable improvements for data privacy and encryption and preventing malicious apps from spying on users.
- May 09, 2018
09 May'18
Microsoft patches Internet Explorer zero-day 'Double Kill'
Microsoft's Patch Tuesday for May includes fixes for two zero-day vulnerabilities under attack, including an Internet Explorer exploit known as Double Kill.
-
- May 09, 2018
09 May'18
Google I/O's security and privacy focus missing on day one
It's fairly easy to find stories sparking security and privacy concerns regarding a Google product or service — Search, Chrome, Android, AdSense and more — but if you watched or attended Google ...
- May 04, 2018
04 May'18
Remote Android Rowhammer attack possible, but scope limited
A new Android Rowhammer PoC proves an attack is possible, but an expert said the limited scope of affected devices and feasibility of performing the attack lessens the danger.
- May 04, 2018
04 May'18
Facebook APIs used by tens of thousands of malicious apps
News roundup: Researchers find tens of thousands of malicious apps use Facebook APIs and can access user data. Plus, AWS threatens to suspend Signal's use of the platform, and more.
- May 04, 2018
04 May'18
AMD patches in testing with ecosystem partners
The timeline for the AMD patches promised to fix chipset flaws disclosed in March is being criticized, but AMD said the patches are being tested by partners and are still on track.
- May 04, 2018
04 May'18
Twitter bug exposes passwords of all 336 million users
On none other than World Password Day, a Twitter bug was announced that led to the passwords of all 336 million users being stored in plaintext in an internal log.
- May 03, 2018
03 May'18
Cybersecurity pervasiveness subsumes all security concerns
Given the increased digitization of society and explosion of devices generating data (including retail, social media, search, mobile, and the internet of things), it seems like it might have been ...
- April 30, 2018
30 Apr'18
Windows NTFS flaw posted after disclosure gets nowhere
Proof-of-concept code showing how an NTFS flaw can shut down Windows systems was published by a security researcher nine months after he disclosed it to Microsoft.
-
- April 30, 2018
30 Apr'18
Attackers seek Oracle WebLogic vulnerability after faulty patch
The combination of a broken Oracle WebLogic vulnerability and available proof-of-concept exploit code has led threat actors to search for any servers that are at risk.
- April 30, 2018
30 Apr'18
Algorithmic discrimination: A coming storm for security?
Following several RSA Conference 2018 talks on machine learning and AI, it's worth asking how algorithmic discrimination might manifest in the infosec industry.
- April 30, 2018
30 Apr'18
Phishing threats still dwarf vulnerabilities, zero-days
Proofpoint research shows that while phishing attacks now require victims to take more steps, the success rate for such attacks hasn't declined and enterprises are still on the defensive.
- April 27, 2018
27 Apr'18
DDoS-for-hire website taken down by law enforcement
Webstresser.org, a popular DDoS-for-hire website, was taken down by several law enforcement agencies across the globe. Details are sparse, but arrests have reportedly been made.
- April 27, 2018
27 Apr'18
Microsoft releases Spectre variant 2 microcode patches
Microsoft released new fixes that include the Intel microcode patches for Spectre variant 2 to help protect users on Windows 10 and Windows Server 2016.