Subscribe: Softpedia News - Security
http://news.softpedia.com/newsRSS/Security-5.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
apps  company  data  devices  google  intel  kaspersky  meltdown spectre  meltdown  security  software  spectre  vulnerabilities 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Softpedia News - Security

Softpedia News / Security



Softpedia News / Security



Published: Tue, 16 Jan 2018 09:58:11 +0000

Last Build Date: Tue, 16 Jan 2018 09:58:11 +0000

Copyright: 2001 - 2014 Softpedia. All rights reserved.
 



New Intel Security Vulnerability Discovered, Millions of Laptops Affected

Fri, 12 Jan 2018 10:15:00 +0000

As if the Meltdown and Spectre bugs weren’t enough trouble for Intel already, security researcher Harry Sintonen working for Finnish company F-Secure discovered another vulnerability that potentially affects millions of corporate laptops. This time, the security bug exists in Intel’s Active Management Technology (AMT) and can be exploited by hackers to take complete control of a vulnerable device “in a matter of seconds,” as the researcher explains. What’s important to note from the very beginning is that unlike Meltdown and Spectre, a successful exploit of this vulnerability (which doesn’t yet have a name) requires physical access to the device. But this is still a critical flaw, Sintonen points out, as a hacker can compromise a system in less than a minute and then remotely control it by connecting to the same network. The vulnerability can be exploited even if other security measures are in place, including here a BIOS password, BitLocker, TPM Pin, or a traditi...



Google: Our Meltdown and Spectre Patches Don’t Slow Down Devices

Fri, 12 Jan 2018 09:45:00 +0000

While both Microsoft and Intel confirmed that their Meltdown and Spectre updates cause a more or less noticeable slowdown on devices, Google says no performance impact is being experienced following its own security patches. Google says it started patching the three variants of the discovered vulnerabilities in September when the first mitigations for Variants 1 and 3 were released (Variants 1 and Variant 2 are generally referred to as Spectre, while Variant 3 is called Meltdown). “Thanks to extensive performance tuning work, these protections caused no perceptible impact in our clou...



Fourth The Fappening Hacker Pleads Guilty to Breaking into Celebrities’ Accounts

Fri, 12 Jan 2018 07:43:00 +0000

Connecticut-based George Garofano has agreed to plead guilty to charges of hacking more than 250 Apple iCloud accounts, including many that belonged to celebrities like Jennifer Lawrence, Kate Upton, Miley Cyrus, and Kirsten Dust. Garofano, 26, is the fourth the Fappening hacker that pleads guilty, after Emilio Herrera, Edward Majerczyk, and Ryan Collins. Majerczyk has already been sentenced to nine months in jail, while Collins received a sentence of 18 months behind bars. Herrera, who broke into 550 iCloud and Gmail accounts, is due to be sentenced in February. The US Department of Justice (DoJ) says Garofano ran a phishing scheme between April 2013 and October 2014 to steal usernames and passwords for accessing iCloud accounts. He sent emails to his targets, including a series of US celebrities, claiming to work for Apple and requesting the login credentials or recommending passwords resets though a fake website that looked similar to Apple’s. Five year...



Intel Confirms Meltdown & Spectre Updates Bug Causing System Reboots

Fri, 12 Jan 2018 06:41:00 +0000

Intel rolled out its own security updates to address Meltdown and Spectre vulnerabilities disclosed earlier this year, but it turns out that just like it happened with Windows and Ubuntu patches, they’re causing unexpected reboots on a number of PCs. Intel has just confirmed that it’s indeed aware of the reports and is currently investigating, though the company doesn’t have a workaround for impacted systems just yet. The executive vice president and general manager of Intel's Data Center Group, Navin Shenoy, explained that Broadwell and Haswell processors are affected by the bug, though no specifics were provided, other than impacted systems are pushed into an infinite reboot loop. “We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and add...



AMD Releases Linux and Windows Patches for Two Variants of Spectre Vulnerability

Thu, 11 Jan 2018 23:44:00 +0000

AMD has published a press announcement on Thursday to inform its customers that it released patches for two variants of the Spectre security vulnerability disclosed to the public earlier this month. Last week, several security researchers from Google Project Zero, Graz University of Technology, Cyberus Technology, and others, have publicly disclosed what it would appear to be the worse chip flaws in the history of computing. Dubbed Meltdown and Spectre, these critical security vulnerabilities affect billions of devices by allowing unprivileged attackers to steal sensitive data from memory. All devices running modern processors released in the past two decades are affected by these two hardware bugs that shouldn't be there in the first place. They put numerous devices powered by processors from Intel, AMD, and ARM at...



How to Check If iPhone, Android, Windows Browsers Are Affected by Spectre Bug

Thu, 11 Jan 2018 12:52:00 +0000

One of the ways the Spectre hardware bug can be used to steal data from an unpatched computer is with the help of JavaScript attacks launched from the browser, and this is one of the reasons the majority of developers rushed to update their software. Microsoft, Google, Apple, and Mozilla have all announced updates to protect browser users against Spectre attacks, though in the case of the search giant, a full mitigation will be shipped later this month and users are in the meantime recommended to turn on Site Isolation. Running a secure browser is critical these days, especially with all the craze regarding the Meltdown and Spectre vulnerabilities, so making sure you’re protected and all the patches are installed is vital. This is why this web-based checker from Chinese firm Tencent comes in handy, as it promises to help users determine whether their browsers are vulnerable to Spectre attacks...



Fruitfly Malware Creator Indicted for Spying on Windows/Mac Users for 13 Years

Thu, 11 Jan 2018 10:25:00 +0000

The United States Department of Justice has charged an Ohio resident for allegedly creating the famous malware dubbed Fruitfly and used to infect Windows and macOS systems. Phillip R. Durachinsky, 28, of North Royalton, Ohio was indicted on no less than 16 separate charges, all of them related to the malware. According to the DoJ, Durachinsky used the malware to steal personal data of victims, including passwords, medical records, banking credentials, Internet searches, and messages, while also taking screenshots, logging their keystrokes, and even turning on computers’ cameras to spy on them. The malware was created in 2003 when the hacker was just a teenager, but it’s been used for more than 13 years to infect thousands of computers owned by consumers across the world, but also those operated by companies, schools, a police department and even the US government. Malware infected a US government computer The US DoJ says that at least one system ...



NVIDIA Releases Meltdown and Spectre Updates

Thu, 11 Jan 2018 07:09:00 +0000

NVIDIA has just shipped updates for Meltdown and Spectre vulnerabilities, emphasizing that while its hardware is not impacted, drivers do require mitigations to block potential exploits. “We believe our GPU hardware is immune to the reported security issue. As for our driver software, we are providing updates to help mitigate the CPU security issue,” the firm says. NVIDIA updated GeForce, Quadro, and NVS drivers on Windows, Linux, FreeBSD, and Solaris, Tesla drivers on Windows and Linux, and GRID drivers on Windows, Windows Server with Hyper-V, Linux, Citrix XenServer, VMware vSphere, and Red Hat KVM. You can refer to the table at the end of the article to check for the versions you should update to in order to be protected from Meltdown and Spectre vulnerabilities, yet it’s worth mentioning that additional patches will be released by the end of the month for drivers not yet patched. Software patching NVIDIA says its users should be protected ag...



FBI Says It Wants To (But Can’t) Hack 8,000 Devices

Wed, 10 Jan 2018 10:29:00 +0000

The FBI has been one of the biggest supporters of backdoors in devices like smartphones and tablets, and Director Christopher Wray used his speech at the International Conference on Cyber Security in New York to emphasize how hard it is for the agency to break into encrypted electronics. Wray revealed that the FBI is in possession of no less than 7,775 encrypted devices that it wants to but can’t hack simply because it doesn’t have the necessary know-how to do it. In other words, these devices, which Wray says were involved in various investigations, might store information that could help FBI agents in their fight against criminals, but this info can’t be extracted because of the strong encryption. “Being unable to access those devices is a major public safety issue and impacts our investigations across the board,” he told the audience. “This problem will require a thoughtful and sensible approach. We have people devoted to working with stakeholders to find a way...



Wi-Fi Alliance Announces WPA3 Protocol with New Security Features, Coming 2018

Tue, 09 Jan 2018 17:07:00 +0000

Wi-Fi Alliance announced the upcoming availability of the third WPA (Wi-Fi Protected Access) security protocol and security certification program for securing wireless computer networks. After the discovery of KRACK (Key Reinstallation Attack) in the WPA2 security protocol, a severe flaw that lets attackers intercept passwords and other sensitive information transmitted through your wireless network, Wi-Fi Alliance announced at CES 2018 that they'd release WPA3 this year with an extra layer of security enhancements. These include new configuration, encryption, and authentication features across the entire family of Wi-Fi CERTIFIED security solution, which we are using for more than a decade to communicate with each other and access the Internet. With these new improvements, Wi-Fi Alliance promises state-of-the-art security protections. More precisely, WPA3 will...



Intel CEO Plays Down Meltdown and Spectre Bugs at CES 2018

Tue, 09 Jan 2018 08:37:00 +0000

Intel’s press conference was one of the most eagerly-awaited moments at this year’s CES show, mostly following the security vulnerabilities in the company’s chips and disclosed last week. But contrary to what people expected, Intel’s CEO Brian Krzanich has spent less than two minutes discussing the hardware bugs, and a big part of the stage time granted to Meltdown and Spectre vulnerabilities was just a reiteration of the words the company said in the official press release. Krzanich emphasized that Intel wanted to keep customers safe, explaining that “we have not received any information that these exploits have been used to obtain customer data.” Oddly enough, while Intel’s priority was to ensure users were protected, the CEO refused to answer one important question: why hasn’t the company rolled out patches fast...



Linux Founder Trashes Intel Over Meltdown and Spectre Vulnerabilities

Mon, 08 Jan 2018 11:03:00 +0000

The creator of Linux and principal kernel developer Linus Torvalds blasted Intel for the recently-reported Meltdown and Spectre vulnerabilities, criticizing the company for its approach and raising questions as to how they treat customers even when critical bugs are discovered. Torvalds suggested in an email to a Linux list that Intel’s employees are knowingly allowing customers to purchase flawed products. “I think somebody inside of Intel needs to really take a long hard look at their CPU's, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed,” he said. Shortly after Google released the details of the Meltdown and Spectre vulnerabilities, Intel released a press statement to emphasize that its chips aren’t the only o...



Meltdown & Spectre Bugs Possibly Hitting Qualcomm’s New Snapdragon 845 Chip

Mon, 08 Jan 2018 08:43:00 +0000

The Meltdown & Spectre fiasco is affecting not only processors manufactured by Intel, AMD, and ARM, but also products using chip technology developed by the three companies, including Apple’s iPhone and, more recently, Qualcomm’s Snapdragon series. Qualcomm has recently confirmed that it’s already working on patches for the two security vulnerabilities, although the company hasn’t provided any specifics as to which of its chips could be affected. Snapdragon mobile processors are based on ARM technology and are thus impacted by Meltdown and Spectre flaws, but the company says that with the mitigations it’s already developing, users shouldn’t be exposed to attacks. Snapdragon 845 delay? “We are actively incorporating and deploying mitigations against the vulnerabilities for our impacted products, and we continue to...



US-CERT Says Fixing Meltdown & Spectre Involves Replacing Your CPU

Fri, 05 Jan 2018 11:45:00 +0000

The United States Computer Emergency Readiness Team (US-CERT) said in an advisory published this week that addressing the Meltdown and Spectre vulnerabilities discovered in Intel, AMD, and ARM processors doesn’t necessarily come down to software patches, but to replacing the CPUs altogether. The awkward advice posted on its official website has already been removed, but a cached version of the page (also shown in a screenshot attached to this article) still includes the reference to the recommended hardware replacement. “The underlying vulnerability is primarily caused by CPU architecture design choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware,” US-CERT said in the original advisory. Software updates should do the job The updated suppo...



Intel Promises It’ll Nearly Exterminate Meltdown and Spectre Bugs in a Few Days

Fri, 05 Jan 2018 06:06:00 +0000

Intel has already released updates to fix the already-infamous Meltdown and Spectre security vulnerabilities affecting the chips it manufactured in the last 20 years, and the company is very optimistic about how fast it’ll be able to exterminate the two bugs. In a press release (embedded below) announcing the “significant progress in deploying updates as software patches and firmware updates,” Intel explains that it will block the two vulnerabilities on no less than 90% of impacted devices by the end of the week, with the company to then continue work on addressing the remain 10%. “By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years,” Intel says. While Intel is indeed working with partners and device manufacturers to ship updates, thi...



The 2018 Fappening: Faye Brookes Sex Tape Leaks

Thu, 04 Jan 2018 10:54:00 +0000

The Fappening X-rated content leak scandal continues in 2018 after an explicit sex tape belonging to actress Faye Brookes reached the web on several video sharing websites. 30-year-old Brookes, who plays the role of lesbian Kate Connor in the soap opera Coronation Street, has already contacted law enforcement after her phone has reportedly been hacked, though no specifics were provided on how and when the attack was conducted. The video was first posted on one of the largest adult video sharing sites on the web and despite being removed shortly after, it recorded thousands of hits before being re-uploaded on a growing number of mirrors. Sites that are known for posting content as part of the Fappening saga have also published the leaked sex tape and, as it happened in the past, there’s little chance the clip is removed anytime soon. Brookes “devastated” by sex tape leak The actress hasn’t offered any statement following the leak, but on December ...



Intel CEO Sold Off $24M in Stock After Google Reported Chip Vulnerability

Thu, 04 Jan 2018 08:51:00 +0000

Intel’s CEO Brian Krzanich sold off no less than $24 million in company stock in late November in a move that took many by surprise, mostly because this left the executive with only 250,000 shares, which is the minimum required by the firm as part of the employment agreement. The controversy around this unexpected sell-off is fueled today by the revelations of a major vulnerability affecting Intel chips,which makes it possible for malicious actors to steal passwords and other sensitive data from any computer powered by Intel hardware. Google had discovered the security flaw and reported it to Intel in June last year, only a few months before the company’s CEO took the decision to sell off the shares. According to



Google Removes Fake Android Security Apps Harvesting User Data, Showing Ads

Thu, 04 Jan 2018 06:42:00 +0000

A total of 36 fake security apps for Android that were published in the Google Play Store were used to secretly harvest user data from devices and push intrusive ads. Discovered by security company Trend Micro, the apps (PDF document) have already been removed by Google last month, though at this point it’s not known how many downloads they recorded during the time they were available in the Google Play Store. An in-depth look at their behavior reveals that these apps claimed to offer scanning features, cleaning junk, or features to save battery, cool the CPU, or lock apps. “The apps were actually able to perform these simple tasks, but they also secretly ...



Billions of Devices at Risk of Attacks Because of Two Critical Hardware Bugs

Wed, 03 Jan 2018 23:36:00 +0000

The security flaw found in Intel CPUs, which Intel confirmed to affect other types of computing devices, just got to a whole new level as security researchers revealed details on two critical vulnerabilities that put billions of devices at risk of attacks. Dubbed Meltdown and Spectre, the two hardware bugs found in Intel processors affect almost every computing device that was made in the past two decades, no matter if it's a mobile phone or a personal computer. They allow malicious programs to steal sensitive data processed on the affected machine, and we're talking about billions of devices here. "While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents," reads the ...



Lithuania Bans Kaspersky Antivirus Due to Cyber Espionage Fears

Fri, 22 Dec 2017 10:03:00 +0000

The Lithuanian government has decided to ban security software developed by Moscow-based Kaspersky due to concerns the company might be involved in cyber espionage campaigns carried by Russia. In an announcement this week, Lithuanian authorities announced that Kaspersky must be removed from computers operated by energy, finance, or transport departments, including those that are being used by private companies. The government says the decision comes because Kaspersky is now considered “a potential threat to national security,” explaining that its software can only run on computers that aren’t working with sensitive data, with a permission to be granted by the company’s cybersecurity agency. “Information from computers using the software can leak into countries where we don’t want it to end up,” Rytis Rainys, deputy director at the state cybersecurity agency, was quoted as saying by



Kaspersky Sues US Government Over Antivirus Ban

Tue, 19 Dec 2017 08:52:00 +0000

The Kaspersky versus the US saga continues with a new episode, as the Russian security vendor has filed an appeal in federal court to overturn the ban blocking its software from being used on civilian government agencies computers. After the Department of Homeland Security (DHS) asked agencies to remove Kaspersky software within 90 days due to risks of Russian cyber-espionage, President Donald Trump earlier this month signed a bill that forbids the government to use antivirus technology developed by the Moscow-based firm. Kaspersky denied all claims of ties with Kremlin, offering instead to have its source code inspected by a third-party company. The US government, however, said this would be helpful to demonstrate that Kaspersky isn’t working with Russia, it’s still not enough to prove its software is safe to install on ...



Starbucks Wi-Fi Turned People’s Laptops into Cryptocurrency Miners

Fri, 15 Dec 2017 10:15:00 +0000

The free Wi-Fi that the Buenos Aires Starbucks offers to its customers was being used to mine for cryptocurrency, and what’s worse, it used people’s laptops to do it. The whole thing was discovered by Stensul CEO Noah Dinkin who actually paid a visit to the store and wanted to browse the web using the free Wi-Fi, only to discover that his laptop was unknowingly converted into a cryptocurrency miner. He then turned to Twitter to ask Starbucks if they know about the what he described as bitcoin mining taking place without customers knowing about it. “Hi Starbucks, did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop? Feels a little off-brand,” he said in his tweet. Even though Dinkin says the Wi-Fi was used to mine for Bitcoin, it turns out that the cryptocurrency in question was Mon...



85 Infected Android Apps Stealing Social Network Passwords Found on Play Store

Thu, 14 Dec 2017 09:58:00 +0000

A total of 85 Android apps were removed from the Google Play Store after it was discovered they were compromised with malware capable of stealing social network passwords from users’ devices. Ironically, the compromised apps were discovered by Kaspersky, whose software was recently banned in the United States over alleged ties with Kremlin, and the malware was targeting users of Russian-based social network VK. The more worrying side of the story is that the apps have been available for download for a long time, and one of them recorded more than 1 million downloads on the Google Play Store. Called “Mr President Rump,” this app was a game that was published in March this year and its download count skyrocketed in the summer. Other apps have been in the Store for nearly two years, with their installations ranging between ...



President Donald Trump Signs Bill to Ban Kaspersky Antivirus in the US

Thu, 14 Dec 2017 05:57:00 +0000

US President Donald Trump has signed the bill that bans the use of Kaspersky antivirus on government computers following concerns that software developed by the Moscow-based security vendor could be used for cyber-espionage. Described as a “grave risk to US national security” by Democratic Senator Jeanne Shaheen, Kaspersky software was originally banned on computers used by select agencies, including the Department of Defense, earlier this year. “The case against Kaspersky is well-documented and deeply concerning. This law is long overdue, and I appreciate the urgency of my bipartisan colleagues on the Senate Armed Services Committee to remove this threat from government systems,” Shaheen said. Detailed in the Fiscal Year 2018 National Defense Authorization Act (NDAA), ...



Banking Malware Bypasses Google Filters, Infects Thousands of Android Devices

Tue, 12 Dec 2017 10:56:00 +0000

Malware in the Google Play Store is nothing new, as infected apps occasionally make it to the store and become available for Android devices, and this time two different listings were found to be spreading banking Trojans. Security company ESET says the malware was specifically aimed at Polish banks and was disguised as two legitimate apps, namely Crypto Monitor and StorySaver. The two apps recorded between 1,000 and 5,000 downloads in the Google Play Store, according to official stats, before eventually getting removed following ESET’s report. The company explains that the first app was uploaded to the store on November 25, while the one was listed for download four days later. After installed, the apps scanned the device to look for banking apps using a list of fourteen Polish banks. “If any of the fourteen apps are found on the device, the malware can display fake log...



The Fappening: Alleged Nude Pics, Sex Tape of “Charmed” Star Rose McGowan Leaked

Mon, 11 Dec 2017 11:47:00 +0000

Alleged nude photos and a sex tape stolen from American actress Rose McGowan have been posted online as part of another series of the already-famous celebrity pic leak called The Fappening. Best known for her role as Paige Matthews in The WB supernatural drama series Charmed, McGowan hasn’t commented on the leak, and details of the incident, including how the photos ended up possibly getting stolen by hackers, aren’t available for the time being. Several websites known in the past for posting the Fappening leaks also published a video showing the now-44-year-old actress having sexual intercourse with a man. It’s not clear if the photos indeed belong to McGowan, and if they’re part of an old or new batch. This isn’t the first time Rose McGowan’s X-rated photos are posted online, as three different leaks also took place in November 2016, December 2016, and March 2017. Previous incidents reported to law enforcement After the March...



The Fappening: Hackers Leak Preview of Alleged Taylor Swift Nude Photos

Thu, 07 Dec 2017 10:14:00 +0000

Even though X-rated photos allegedly belonging to celebrities across the world no longer reach the web at the same pace as they did as part of the famous Fapenning saga, several websites known for posting such content keep leaking new galleries which they claim were stolen from the stars’ own devices. The latest that could be targeted by such a leak is Taylor Swift, with one of the websites threatening in a message that went live this week that a new set of pictures would be posted in the near future. While it’s not clear if they’re indeed in possession of new adult photos with the American singer, the website also posted a preview of what they claim to be part of the stolen pic batch that could soon make its way online. Comparison photos posted by the same site seem to indicate that Taylor Swift is indeed the one in the images, though it goes without saying these could all be faked. They could be fake Swift hasn’t yet released a statement on thi...



The Fappening: Nude Pics of WWE Diva Maria Kanellis Leaked

Wed, 06 Dec 2017 09:35:00 +0000

​Hackers have leaked a new set of photos that seem to be part of the famous “Fappening” saga, this time with one famous WWE diva apparently targeted. American professional wrestler Maria Kanellis, who is currently inactive because of her pregnancy, is the latest celebrity targeted by the Fappening hackers, with a new batch of X-rated photos published online on various websites that were known for spreading such content in the past. While Kanellis has remained completely tight-lipped on the legitimacy of the photos, one of the websites claims this is just part of a bigger leak of photos stolen from the WWE star, threatening to post another batch in the coming future. There’s no word just yet on how the content ended up being stolen from the WWE diva, but it could be part of a bigger leak that took place earlier this year



Android Keyboard App Collected and Leaked Personal Data of 31 Million Users

Wed, 06 Dec 2017 04:39:00 +0000

If you’ve been using the keyboard app developed by Ai.Type there’s a good chance that your personal information has been exposed online, as security researchers discovered that the company silently collected data and stored it in a misconfigured MongoDB database. Security vendor Kromtech estimates that sensitive data belonging to approximately 31 million users was included in the database, with found entries proving the keyboard app logged pretty much any keystroke no matter if it was just standard text or passwords. While the developing company says it doesn’t collect information from password fields and all data is encrypted, ZDNet reveals the database discovered by Kromtech included everything from users’ full names, email addresses, location, device make, m...



UK Warns Against Using Kaspersky Antivirus Due to Cyber Espionage Concerns

Mon, 04 Dec 2017 11:45:00 +0000

The United Kingdom’s cyber security agency has published a public letter to the country’s government departments to warn against using Russian security software that could be used for cyber espionage and targeted attacks aimed at local officials. The UK National Cyber Security Centre revealed there are concerns that “Russia is acting against the UK’s national interest in cyberspace,” and Russian security software could facilitate espionage, disruption and influence operations. “We advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen. In practical terms, this means that for systems processing information classified SECRET and above, a Russia-based provider should never be used,” NCSC CEO Ciaran Martin said in the public let...