Own a Mac, Windows PC or a smartphone? You need to update now!

Apple says all of its Macs, iPhones, and iPads contain a security flaw that requires an update. It’s not alone. Any owner of a PC, tablet or smartphone should make sure that automatic software updates for their operating systems are enabled after security researchers this week revealed a broad flaw in Intel and other chips […]

Another CPU vulnerability; This one is called MADIoT

Just before the holiday season, there is another serious vulnerability that could hit your home devices, laptops, PCs, and workstations. CPUs made by AMD, ARM, Intel, and probably others, are affected by the MADIoT vulnerability. This is especially true for a lot of smart devices which use ARM CPUs. According to ARM, they are already “securing” […]

Meltdown-Spectre: Intel says newer chips also hit by unwanted reboots after patch

Intel confirmed in an update late Wednesday that not only are its older Broadwell and Haswell chips tripping up on the firmware patches, but newer CPUs through to the latest Kaby Lake chips are too. The firmware updates do protect Intel chips against potential Spectre attacks, but machines with Ivy Bridge, Sandy Bridge, Skylake, and Kaby […]

Is ethical hacking more lucrative than software engineering?

HackerOne published its 2018 Hacker Report, which examines the geography, demographics, experience, tools used and motivations of nearly 2,000 bug bounty hackers across 100 countries. On average, top earning ethical hackers make up to 2.7 times the median salary of a software engineer in their respective home countries; hackers in India are making as much […]

Vulnerability in ISC BIND leads to DoS, patch today!

The Internet Systems Consortium has released security updates for BIND, the most widely used Domain Name System (DNS) software on the Internet, and a patch for ISC DHCP, its open source software that implements the Dynamic Host Configuration Protocol for connection to an IP network. The BIND update should be implemented as soon as possible: […]

Meltdown-Spectre: More businesses warned off patching over stability issues

Several industrial-equipment manufacturers have reported problems with the fixes for the recently disclosed Meltdown and Spectre attacks. Rockwell Automation has reported a dozen errors that are appearing in its FactoryTalk-based products after installing Microsoft’s Meltdown and Spectre patches for Windows systems. Other industrial-equipment manufacturers, including ABB and Siemens, have also reported problems. Intel last week confirmed that its […]

Spectre and Meltdown explained: What they are, how they work, what’s at risk

In the first days of 2018, published research revealed that nearly every computer chip manufactured in the last 20 years contains fundamental security flaws, with specific variations on those flaws being dubbed Spectre and Meltdown. The flaws arise from features built into chips that help them run faster, and while software patches are available, they may have impacts on […]

Cyber Attacks Continue to Succeed

Read why Andrew Dauman says that cyber attacks will continue to succeed due to inherent weakness in cyber security on EE Times : Spectre and Meltdown, two methods of exploiting security vulnerabilities found in Intel, AMD and Arm processors, demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry. […]

Intel AMT security issue gives attackers complete control over a laptop

F-Secure reports a security issue affecting most corporate laptops that allows an attacker with physical access to backdoor a device in less than 30 seconds. The issue allows the attacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation. It exists […]

IoT malware targeting zero-day vulnerabilities

Once it became evident that IoT devices can be relatively easily enslaved in botnets and that even their limited power can be used for a variety of nefarious purposes, it was open season for malicious actors. First, they targeted IoT devices with default or weak passwords, and manufacturers and users began changing them. Then they […]