Call 01865 845 700
Google+ account Linkedin account Twitter account YouTube account


WhiteLine
 
 
LATEST NEWS & THREATS

JAN 12th 2018
Silicon.co.uk

READ MORE
How To Fix Windows Registry Issues That Halt Microsoft Security Updates

ANALYSIS: Microsoft is halting all security updates on Windows systems with badly-behaved antivirus products. But you can fix this problem

When I wrote on Jan. 5 about ways to protect your computers from exploits related to two processor issues called Spectre and Meltdown, I mentioned that Microsoft had released Windows Update patches that would be applied either immediately or on the normal Patch Tuesday, Jan. 9.

As it turns out, not every Windows user received the updates because the antivirus software they’re using was incompatible with the update.

What most people didn’t know is that the incompatibility would ensure that they never received an update, ever. The problem is rooted in the behavior of a few AV products that make unsupported calls to the Windows kernel memory.


JAN 12th 2018
The Register

READ MORE
Next; tech; meltdown..? Mandatory; semicolons; in; JavaScript; mulled;

Punctuation-averse devs, you're coding it wrong

In what non-technical people might take as an attempt to outdo the absurdity of the tabs vs. spaces debate that continues to divide programmers, the TC39 technical group that advises the development of ECMAScript - the specification from which JavaScript is implemented - has proposed telling web developers to terminate statements and declarations with semicolons.

Semicolons help separate JavaScript statements from one another.

A great many JavaScript developers already pepper their code with semicolons, but they often don't have to, even though semicolons are required in most cases by the ECMAScript specification.


JAN 12th 2018
SC Magazine

READ MORE
Hackers could get certificates for domains they don't own

Certificate authority Let's Encrypt has disabled TLS-SNI-01 validation on its service. Through the vulnerability, a hacker could have requested certificates for domains that were not theirs.

TLS certificates are used to set up an encrypted connection between websites and visitors. Let's Encrypt, which issues free TLS certificates, has several ways to check whether the applicant for a certificate is also the owner of the corresponding domain. One of these methods is the "ACME TLS-SNI-01" validation, where communication between the server of the specified domain and the server of Let's Encrypt takes place. In this way, Let's Encrypt validates that it is a legitimate application.

According to a posting by Let's Encrypt, it had report from Frans Rosén of Detectify outlining a method of exploiting some shared hosting infrastructures to obtain certificates for domains he did not control, by making use of the ACME TLS-SNI-01 challenge type.

 


JAN 12th 2018
Silicon.co.uk

READ MORE
Mark Zuckerberg Promises Major Shakeup Of Facebook Newsfeed

More personal posts and less commercial content will be promoted on users' Facebook Newsfeed, CEO says

Facebook is to undertake a major shakeup of its newsfeed after concern that public content (i.e. adverts and clickbait from businesses, brands and media) is crowding out people's personal moments.

The significant change was announced by CEO Mark Zuckerberg on his Facebook page, and is part of his effort to ensure that people's time on Facebook “is time well spent,”

It comes after Zuckerberg recently vowed to “fix” Facebook in 2018, and he pledged to protect users from abuse.


JAN 8th 2018
The Register

READ MORE
Smartphones' security enhancements just make them more dangerous

Is that incriminating data in your pocket or are you just pleased to see me?

Over the holidays I bought Apple’s newest, shiniest face scanner. For the first fortnight - and periodically since then, that constant lift-and-scan felt weird. As though my smartphone had suddenly become too intimate, too familiar.

This is hardly the thin end of the wedge. It started with passcodes - which many people didn’t even use, to begin with. Then, as it became clear that an unlocked smartphone could leak dangerous data, we began locking them behind PINs.

Even that basic layer of safety proved too hard for many people - either unable to remember the PIN or unwilling to spend time typing it in, over and over and over - so a few - years back the devices added fingerprint readers.


JAN 6th 2018
The Register

READ MORE
Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches

Googler drops bug bomb in public - but don't panic

Cfir Cohen, a security researcher from Google's cloud security team, on Wednesday disclosed a vulnerability in the fTMP of AMD's Platform Security Processor (PSP), which resides on its 64-bit x86 processors and provides administrative functions similar to the Management Engine in Intel chipsets.

This sounds bad. It's not as bad as you think.

The fTMP is a firmware implementation of the Trusted Platform Module, a security-oriented microcontroller specification. Cohen said he reported the flaw to AMD in late September last year, and the biz apparently had a fix ready by December 7. Now that the 90-day disclosure window has passed seemingly without any action by AMD, details about the flaw have been made public.


JAN 5th 2018
SC Magazine

READ MORE
Android banking trojan targets more than 232 apps

Security researchers have found a new strain of malware targeting banking apps on Android devices.

Called Android.banker.A2f8a, researchers at Quick Heal Security Labs said that the malware has targeted more than 232 banking apps, stealing login credentials, hijacking SMSs, uploading contact lists and SMSs on a malicious server. It also displays an overlay screen (to capture details) on top of legitimate apps.

The malware being distributed through a fake Flash Player app on third-party stores. Bajrang Mane, a researcher at Quick Heal Security Labs said that this not surprising given that Adobe Flash is one of the most widely distributed products on the Internet.

He added that after installing the malicious app, it will ask the user to activate administrative rights. And even if the user denies the request or kills the process, the app will keep throwing continuous pop-ups until the user activates the admin privilege. “Once this is done, the malicious app hides its icon soon after the user taps on it,” said Mane.


JAN 5th 2018
SC Magazine

READ MORE
Meltdown and Spectre - vulnerabilities to watch (and fix)

Almost all iPhones and Macs are at risk from Spectre chip security flaw according to industry reports.

CPU data cache timing can be exploited to efficiently leak information out of mis-speculated execution, according to Jann Horn of Google's Project Zero. In a blog entitled, “Reading privileged memory with a side-channel,” he says that at worst this could lead to arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.

This security issue could allow cyber-criminals to steal the entire memory contents of computers, including mobile devices, personal computers and servers running in cloud computer networks. The current Meltdown patch could slow down processing by as much as 30 percent under certain workloads and Spectre could require many companies to redesign their processors, meaning there will be significant challenges for the semiconductor industry.


JAN 2nd 2018
The Register

READ MORE
UK security chief: How 'bout a tax for tech firms that are 'uncooperative' on terror content?

Because the state has a great track record of recouping tax from internet giants

Tech firms are indirectly costing the UK government millions in "human surveillance" of extremist content and should have a windfall tax levied against them to make up for it, according to security minister Ben Wallace.

Wallace said that inaction from internet giants means the cost of tackling terror content is "heaped on law enforcement agencies" - and the state should be able to recoup that in some way.

"I have to have more human surveil-lance. It's costing hundreds of millions of pounds. If they [internet firms] continue to be less than co-operative, we should look at things like tax as a way of incentivis-ing them or compen­sating for their inaction," he told The Sunday Times.


JAN 2nd 2018
BBC News

READ MORE
Ripple becomes second most valuable crypto-coin

A crypto-currency called Ripple has become the second most valuable virtual cash system.

Over the weekend the value of the digital currency hit more than $100bn (£74bn) according to some market monitors.

This valuation is higher than the other popular crypto-cash system - Ethereum.

Each Ripple coin, called an XRP, is now worth about $2.34 - far higher than the half a US cent they were worth a year ago.

Bitcoin still remains the most valuable crypto-currency. The value of the 16.8 million bitcoins in circulation is now worth a nominal $231bn. Each bitcoin has a value of about $13,580.


JAN 2nd 2018
SC Magazine

READ MORE
CryptoMix ransomware variant carries new .tastylock extension

Cyber-criminals have given CryptoMix ransomware a few minor twists, including adding a new extension name to the encrypted files.

Bleeping Computer's founder Lawrence Abrams did a quick overview of the changes, which was uncovered by cyber-security researcher Michael Gillespie. The main difference is the addition of the .tastylock extension to all encrypted files. The email address used to contact the attacker for payment information has also changed and is now t_tasty@aol.com.

Abrams noted that the basic encryption method used by this variant was the same as CryptoMix and the ransomware remained a text document named _HELP_INSTRUCTION.TXT.


JAN 2nd 2018
The Register

READ MORE
'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Other OSes will need an update, performance hits loom

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features - such as PCID - to reduce the performance hit. Your mileage may vary.


missed out on the news? check out the NEW ARCHIVE
READ MORE
 
 
  © Quadsys 2014  -  Site Map  |  Privacy Policy  |  Terms of Use  |  Cookies Information  
Cookies in Use