Patrick Howell O’Neill – Page 20

Intel rushes to deploy firmware updates for critical CPU bug by end of next week

Posted on January 4, 2018 by Patrick Howell O'Neill

One day after the Spectre and Meltdown bugs were revealed to impact virtually every processor sold over the last two decades, Intel promised to deploy a range of software and firmware updates by the end of next week for over 90 percent of processor products sold within the last five years. The updates, some of which have already started deploying, will “render those systems immune from both exploits,” according to Intel’s Thursday statement. Machines with processors older than five years will be issued fixes in the future. An Intel spokesperson told CyberScoop that the company is developing updates for older products. One of the major concerns with these bugs was some of the fixes resulted in as much as a 30 percent performance dip on certain machines. That’s not a number likely to be seen on an average home or office computer, but when it comes to the huge cloud infrastructures […]

The post Intel rushes to deploy firmware updates for critical CPU bug by end of next week appeared first on Cyberscoop.

Continue reading Intel rushes to deploy firmware updates for critical CPU bug by end of next week→

Meet ‘Meltdown’ and ‘Spectre,’ the chip flaws causing problems for nearly everyone

Posted on January 3, 2018 by Patrick Howell O'Neill

Critical bugs in all modern processor chips that allow attackers to potentially steal sensitive data were publicly revealed Wednesday after months of private security industry work and days of public speculation. Named “Meltdown” and “Spectre,” the vulnerabilities could allow attackers to find passwords or sensitive documents stored in memory. The exploits work on personal computers, mobile devices and on cloud infrastructure that relies on hardware dating back to 1995. For most people, the solution is to install security updates for their operating system quickly and regularly. It’s not clear if the exploits have been used in the wild, because neither leave any traces in log files. One of the researchers to independently discover these flaws was Google Project Zero’s Jann Horn. Horn “demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible,” Google’s security team explained in a blog post. “For example, an unauthorized party […]

The post Meet ‘Meltdown’ and ‘Spectre,’ the chip flaws causing problems for nearly everyone appeared first on Cyberscoop.

Continue reading Meet ‘Meltdown’ and ‘Spectre,’ the chip flaws causing problems for nearly everyone→

Meet ‘Meltdown’ and ‘Spectre,’ the chip flaws causing problems for nearly everyone

Posted on January 3, 2018 by Patrick Howell O'Neill

The post Meet ‘Meltdown’ and ‘Spectre,’ the chip flaws causing problems for nearly everyone appeared first on Cyberscoop.

Continue reading Meet ‘Meltdown’ and ‘Spectre,’ the chip flaws causing problems for nearly everyone→

Industry braces for critical Intel security flaw impacting a decade’s worth of chips

Posted on January 3, 2018 by Patrick Howell O'Neill

A critical security flaw in Intel processors will require an overhaul of operating system kernels after research found that at least a decade’s worth of chips could be impacted by the vulnerability. The flaw, which affects most Intel processors built over the last 10 years, allows commonly used programs to read the contents or layout of a computer’s protected kernel memory areas. That area can contain passwords and other fundamentally sensitive files hidden from other software. In a worst case scenario, some JavaScript in a web browser could be used to seek out and find some of a machine’s most sensitive data. The forthcoming patches to Linux, Windows and MacOS will result in degraded performance to a number of machines. On various security and hardware message boards, users reported a performance reduction between five and 30 percent. That drop off would disproportionately hurt the vast majority of data centers and cloud infrastructure running […]

The post Industry braces for critical Intel security flaw impacting a decade’s worth of chips appeared first on Cyberscoop.

Continue reading Industry braces for critical Intel security flaw impacting a decade’s worth of chips→

Hacker exploits router zero-day vulnerability in efforts to build Mirai-like botnet

Posted on December 29, 2017 by Patrick Howell O'Neill

Hackers are attacking hundreds of thousands of Huawei routers with variants of Mirai malware in a bid to build a massive botnet like arsenal used in global cyberattacks in 2016, according to the Israeli cybersecurity firm Check Point. A zero-day vulnerability in the Huawei home router HG532 is being exploited to deliver a payload called Satori (or Okiru) by an amateur identified as “Nexus Zeta,” Check Point says. Mirai malware was first discovered in August 2016. By October of that year, it was behind the vast denial-of-service attacks against the Domain Name System provider Dyn. The offensive brought down a wide array of services, including Twitter, Reddit, CNN, Fox News, Visa and Slack. Earlier this month, three men pleaded guilty to their roles in creating, operating and selling access to the botnet. Beginning in November 2017, Check Point detected global attacks against Huawei HG532 devices. One day later, the Chinese security firm Qihoo 360 Netlab spotted 100,000 IP addresses in Argentina […]

The post Hacker exploits router zero-day vulnerability in efforts to build Mirai-like botnet appeared first on Cyberscoop.

Continue reading Hacker exploits router zero-day vulnerability in efforts to build Mirai-like botnet→

Lithuania bans Kaspersky software, citing potential national security threats

Posted on December 22, 2017 by Patrick Howell O'Neill

Lithuania banned products from the Russian cybersecurity firm Kaspersky Lab on Thursday, Reuters reports. The Baltic nation cited potential national security threats as the driving force behind the ban. Although the Moscow-based firm has faced a number of setbacks recently, this action marks the first time a country banned Kaspersky products across the public and private sectors. The Lithuanian ban follows an American federal government ban on Kaspersky that the company is now fighting in court. The U.S. ban resulted in only a small immediate drop in business, according to documents recently filed in court by Kaspersky. In the United Kingdom, intelligence officials recently warned government agencies to avoid Russian-made cybersecurity products. Kaspersky is Russia’s largest cybersecurity company by far. The FBI has been pushing American private companies to cut ties with Kaspersky for some time. The company closed its Washington, D.C., government sales-focused office earlier this month. Kaspersky is the […]

The post Lithuania bans Kaspersky software, citing potential national security threats appeared first on Cyberscoop.

Continue reading Lithuania bans Kaspersky software, citing potential national security threats→

Opera adds cryptojacking defense to latest desktop browser

Posted on December 22, 2017 by Patrick Howell O'Neill

Opera’s new desktop browser will keep websites from siphoning off users’ CPU power in order to mine cryptocurrency, according to a blog post the company published Thursday. Opera’s version 50 will be the first browser with an anti-cryptojacking feature programmed into the software. While popular browsers like Google Chrome and Mozilla Firefox don’t have a native cryptojacking block built in, extensions including AdBlock and uBlock, warn users against sites that steal power in order to mine currency. The browser feature, known as NoCoin, gained wide popularity in 2017 as a browser extension. With the frenetic rise around cryptocurrency and cryptojacking, the company decided to place NoCoin into Opera’s native ad blocker. Cryptojacking is malware that quietly mines cryptocurrency in order to send it back to the perpetrators. On one single machine, the profit is negligible. When the scheme is extended across hundreds of thousands of victims, it’s a sizeable and increasingly common money-maker for criminals. “Bitcoins are really hot […]

The post Opera adds cryptojacking defense to latest desktop browser appeared first on Cyberscoop.

Continue reading Opera adds cryptojacking defense to latest desktop browser→

Another cloud leak shows AWS can only do so much to protect data

Posted on December 21, 2017 by Patrick Howell O'Neill

It’s getting to the point where if you blink, you might miss another story about the accidental exposure of sensitive data stored in a public cloud instance. Case in point: cybersecurity firm UpGuard recently found 36GB of data from the U.S. Census Bureau and consumer credit reporting agency Experian. The data, which was stored by data analytics firm Alteryx, was inadvertently exposed on a Amazon Web Services S3 cloud storage bucket. Experian has called the incident — which affects 123 million U.S. households — “an Alteryx issue,” even as the credit monitoring firm’s customers were directly impacted. UpGuard researcher Chris Vickery told CyberScoop that regardless of what organization is storing data, third-party vendor risk should be a point of concern for all involved. “Third-party vendor risk is a problem for both parties,” Vickery said. “Look at it this way: If you store your valuables in a bank vault, and the bank forgets to […]

The post Another cloud leak shows AWS can only do so much to protect data appeared first on Cyberscoop.

Continue reading Another cloud leak shows AWS can only do so much to protect data→

Twitter upgrades two-factor authentication options by allowing third party apps

Posted on December 20, 2017 by Patrick Howell O'Neill

After a decade of prodding, Twitter drastically improved its two-factor authentication on Wednesday, expanding an important security tool widely adopted elsewhere online, including Google and Facebook. The social media company announced support for apps like Google Authenticator and Authy that work offline, independent of carrier or location and are more resistant to eavesdropping or hijacking. Crucially, users can now turn off SMS authentication for the first time. It’s considered one of the least-secure methods of two-factor authentication. Two-factor authentication typically works by requiring a password as well as a second method to log in. Commonly used second factors include SMS codes, small pieces of hardware — such as USB keys or dongles — or even biometric authenticators like fingerprints or face scans. Security experts strongly recommend all users turn on two-factor authentication for important internet accounts including email, banking and social media. Twitter users can upgrade in the settings and privacy section of their profiles. We’re rolling out an update to […]

The post Twitter upgrades two-factor authentication options by allowing third party apps appeared first on Cyberscoop.

Continue reading Twitter upgrades two-factor authentication options by allowing third party apps→

Israeli autonomous car cybersecurity firm Upstream Security raises $9 million

Posted on December 13, 2017 by Patrick Howell O'Neill

Israeli automobile cybersecurity firm Upstream Security announced the closing of $9 million in Series A funding on Monday. The round was led by the Massachusetts-based Charles River Ventures. The car world is paying attention to cybersecurity more than ever. The 2018 North American International Auto Show in Detroit next month will feature cybersecurity as a main attraction. Berla, an American automobile forensics company that works with DHS, makes its business by diving into the often forgotten mountain of data automobiles collect totaling 25 gigabytes of data per hour. In June 2017, Upstream took in a $2 million seed funding round led by Israel’s Glilot Capital Partners. “Protecting cars from cyber-attacks is a huge challenge, which the automotive industry will have to solve in the coming years,” Arik Kleinstein, a managing partner at Glilot Capital, said in a statement. Upstream sells cloud-based cybersecurity for connected and autonomous vehicles fleets. The customers are auto manufacturers who want non-intrusive, real-time […]

The post Israeli autonomous car cybersecurity firm Upstream Security raises $9 million appeared first on Cyberscoop.

Continue reading Israeli autonomous car cybersecurity firm Upstream Security raises $9 million→