15-Year-old Finds Flaw in Ledger Crypto Wallet

A 15-year-old security researcher has discovered a serious flaw in cryptocurrency hardware wallets made by Ledger, a French company whose popular products are designed to physically safeguard public and private keys used to receive or spend the user’s cryptocurrencies. Read about how a 15-year-old found flaws in a ledger crypto wallet on Krebs on Security.

AMD on chip flaws: ‘Newly outed bugs are real but no big deal, and fixes are coming’

AMD has confirmed its chips are vulnerable to the bugs exposed by Israel-based security research firm CTS-Labs this month. But the chipmaker recently said it is developing firmware and BIOS updates to address the security flaws in its Ryzen and Epyc chips outed by CTS-Labs just 24 hours after notifying AMD on March 13. The little-known security […]

Privilege escalation on Unix machines via plugins for text editors

Several of the most popular extensible text editors for Unix environments could be misused by attackers to escalate privileges on targeted systems, SafeBreach researchers have found. They tested Sublime, Vim, Emacs, Gedit, Pico and its clone Nano on machines running Ubuntu, and have managed to exploit the process of loading plugins to achieve privilege escalation […]

7 Spectre/Meltdown Symptoms That Might Be Under Your Radar

Spectre and Meltdown are awful. That much goes without saying. When a vulnerability in the heart of the CPU can bring your secure authentication efforts to naught, it’s a bad thing. But in addition to the obvious security threats, there could be significant impact on an organization’s budgets, schedules, vendor relationships, and product plans. And […]

New Intel processors to have hardware-based protections against Meltdown, Spectre 2

Intel has officially pushed out microcode updates with Spectre and Meltdown mitigations for all of the processors it launched in the past five years. In addition to this, the company’s CEO announced new, redesigned processor lines that will start shipping later this year and will include hardware-based protection for Meltdown (exploiting CVE-2017-5754, a rogue cata cache load flaw) […]

Medical Apps Come Packaged with Hardcoded Credentials

Two popular applications for medical records management contain hidden user accounts with hard-coded credentials that could be abused by hackers, a researcher has found. Rapid7 today published a report on the newly discovered security vulnerabilities (CVE-2018-5551 and CVE-2018-5552) in DocuTrac’s electronic medical record (EMR) software QuicDoc and Office Therapy billing software. DocuTrac software runs at […]

Windows RDP flaw: ‘Install Microsoft’s patch, turn on your firewall’

Microsoft’s Patch Tuesday updates for March deliver fixes for 75 security bugs, including patches for 15 critical flaws and a serious vulnerability that exposes sysadmins to credential theft. In addition to new updates to mitigate Meltdown and Spectre, Microsoft has released fixes for 15 critical flaws affecting the scripting engine in Internet Explorer 11 and its […]

Meltdown and Spectre will delay patching for most organizations

Complexity and challenges associated with the Spectre and Meltdown patches will result in companies delaying future patch rollouts, according to Barkly. 72% of organizations planned to slow future rollouts and yet 50% of organizations lack a strategy for securing endpoints that are waiting to be patched, leaving companies exposed. Applying the Meltdown and Spectre patches has been a […]

Researchers find 13 critical flaws in AMD’s Ryzen and Epyc chips

It’s high drama on the AMD front as researchers claim to have discovered “multiple critical security vulnerabilities and exploitable manufacturer backdoors inside AMD’s latest Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile processors.” The researchers say that if attackers were to exploit the flaws, then the scenarios range from AMD’s processors being infected with persistent malware […]

Researchers find critical flaws in SecurEnvoy SecurMail, patch now!

If you’re a user of SecurEnvoy SecurMail and you haven’t yet implemented the latest patch, do so now – or risk getting your encrypted emails read by attackers. The warning comes from SEC Consult researchers, who discovered a number of vulnerabilities in the product that break its core security promises. They found seven CVE-assigned flaws, including […]