philgrad

895 Added | 1 Magazine | 13 Following | 129 Followers | @philgrad | Keep up with philgrad on Flipboard, a place to see the stories, photos, and updates that matter to you. Flipboard creates a personalized magazine full of everything, from world news to life’s great moments. Download Flipboard for free and search for “philgrad”

Researcher finds another security flaw in Intel management firmware | Ars Technica

Active Management Technology defaults allow anyone to take control of many PCs.<p>Meltdown and Spectre are not the only security problems Intel is …

Retpoline: a software construct for preventing branch-target-injection

At Google, we have been researching mitigation strategies for the new class of exploits discovered by the Project Zero team affecting speculative …

Google details how it protected services like Gmail from Spectre

Google says it already deployed anti-Spectre and Meltdown solutions to protect its products, and users didn't even notice. The downside of the patches companies are rolling out to fix the CPU vulnerabilities is that they have the potential to slow down systems. For the big G, that means slowdown …

How to Easily Switch Your Two-Factor Security to a New Phone

When you’re switching phones after an upgrade or an accident, the job of checking up on your two-factor verification apps can get lost in the hustle …

Tor Browser Users Urged to Patch Critical ‘TorMoil’ Vulnerability

The Tor Project released a patch for a vulnerability that leaks the real IP addresses of macOS and Linux users of its Tor Browser.

IT security

Android security update fixes KRACK, slaps Band-Aid on Pixel 2 XL screen | Ars Technica

Besides security patch, the Pixel 2 XL gets a "saturated" display mode, audio fix.<p>It's a new month, and that means a new security update for Android. …

Information Security

Apple Patches KRACK Vulnerability in iOS 11.1

Apple has patched the KRACK vulnerability in iOS and elsewhere in its product line, closing a key re-installation vulnerability in the WPA2 protocol …

Information Security

All 3 Billion Yahoo Accounts Affected in Catastrophic Breach

The Yahoo breach was already considered to be the largest known hack of user data when it was counted at 1 billion affected accounts. Now, that …

White House wants to end Social Security numbers as a national ID | Ars Technica

US government is examining the use of a “modern cryptographic identifier.”<p>Rob Joyce, the White House cybersecurity czar, said on Tuesday that the …

In spectacular fail, Adobe security team posts private PGP key on blog | Ars Technica

Since deleted, post gave public and private key for Adobe incident response team.<p>Having some transparency about security problems with software is …

Malware Steals Data From Air-Gapped Network via Security Cameras

Proof-of-concept malware called aIR-Jumper can be used to bypass air-gapped network protections and send data in and out of network.

APIs
CNN

Failure to patch two-month-old bug led to massive Equifax breach | Ars Technica

Critical Apache Struts bug was fixed in March. In May, it bit ~143 million US consumers.<p>The Equifax breach that exposed sensitive data for as many as …

Wireless ‘BlueBorne’ Attacks Target Billions of Bluetooth Devices

Bluetooth attack vector, dubbed ‘BlueBorne’, leaves billions of smart Bluetooth devices open to attack including Android and Apple phones and …

Information Security

Justice demands 1.3M IP addresses related to Trump resistance site

The Department of Justice has requested information on visitors to a website used to organize protests against President Trump, the Los Angeles-based …

Will The Real Security Community Please Stand Up

Black Hat may be the benchmark signaling the end of security nihilism and snark, and a re-prioritization of energy toward the greater good.

World Wide Web

How a hacked Amazon Echo could secretly capture your most intimate moments | Ars Technica

Hack isn’t simple and doesn’t work on all devices, but it’s definitely doable.<p>It's a fact of modern life that many of us forget—the phones, …

Windows SMB Zero Day to Be Disclosed During DEF CON

Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris …

Information Security

Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak | Ars Technica

Operation that hit thousands was “thoroughly well-planned and well-executed.”<p>The third-party software updater used to seed last week's NotPetya worm …

Senators Push Trump for Answers on Power Grid Malware Attack

In one of his first public statements on his priorities as president, Donald Trump promised to develop a "comprehensive plan to protect America's …

GOP Data Firm Accidentally Leaks Personal Details of Nearly 200 Million American Voters

Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National …

Government

Fileless malware targeting US restaurants went undetected by most AV | Ars Technica

Ongoing campaign shows more hackers are adopting sneaky attack technique.<p>Researchers have detected a brazen attack on restaurants across the United …

Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft | Ars Technica

WaPo confirms long-held suspicions as NSA cyberweapons crisis threatens to grow worse.<p>After learning that one of its most prized hacking tools was …

Massive ransomware attack hits UK hospitals, Spanish banks | Ars Technica

Ransomware attack appears to be targeting institutions in several European countries.<p>A large number of hospitals, GPs, and walk-in clinics across …

Macron campaign team used honeypot accounts to fake out Fancy Bear | Ars Technica

Digital team filled fake accounts with garbage data to slow information operation.<p>The failed effort by Russian attackers to influence the outcome of …

Cisco kills leaked CIA 0-day that let attackers commandeer 318 switch models | Ars Technica

Fix neutralizes attack code that was put into the wild in early March.<p>Cisco Systems has patched a critical flaw that even novice hackers could …

More Android phones than ever are covertly listening for inaudible sounds in ads | Ars Technica

Your Android phone may be listening to ultrasonic ad beacons without your knowledge.<p>Almost a year after app developer SilverPush vowed to kill its …

Picture this: Senate staffers’ ID cards have photo of smart chip, no security | Ars Technica

Senate employees just use passwords, and their badges sport a picture of an alternative.<p>When Congress held hearings following the breach of the …

Atlassian's HipChat Hacked — Users' Data May Have Been Compromised

Atlassian's group chat platform HipChat is notifying its users of a data breach after some unknown hacker or group of hackers broke into one of its …

Atlassian

Low-Cost Ransomware Service Discovered

A new ransomware-as-a-service called Karmen appeals to ransomware newbies with a low price, easy setup and developer updates.

Ransomware