Security Briefing – 1.9.2018
Boy meets girl. Girl tracks boy with spyware. Girl (allegedly) hires hitman to kill boy. Girl arrested by hitman, who works for the FBI. This is a delightful read, for real.
Updates released by Apple on Monday for iOS, macOS and Safari should mitigate the effects of the vulnerabilities exploited by the recently disclosed attack method named Spectre. KEEP YOUR OPERATING SYSTEMS UPDATED!!
Users have complained that the updates released by Microsoft last week for the Spectre and Meltdown vulnerabilities cause Windows to break down on some computers with AMD processors. Shortly after releasing the Meltdown/Spectre updates, Microsoft warned that it had . The company informed users that if they had not been offered the security updates, they may be running an incompatible antivirus application.
Security researchers have discovered several severe vulnerabilities and a secret hard-coded backdoor in Western Digital’s My Cloud NAS devices that could allow remote attackers to gain unrestricted root access to the device. Western Digital’s My Cloud and My Cloud Mirror firmware version 2.30.165 and earlier are affected by all above-reported vulnerabilities.
Spectre and Meltdown, two CPU flaws that are potentially catastrophic. Both affect nearly everything with a CPU in it. Both have been (mostly) patched by recent updates. KB4056892 for Windows, iOS 11.2, MacOS 10.13.2, and the January 5th security patch for Android. KEEP YOUR THINGS UP TO DATE.
An application compiled just weeks ago was found to be an installer for a Monero miner designed to send the mined currency to a North Korean university, AlienVault reports. This exploits xmrig, a program already associated with wide campaigns exploiting unpatched IIS servers to mine Monero.
Microsoft is working on a password-free world, starting at home. Their company has 125,000 employees and all of them use Windows Hello as their default logins. Apparently, the facial recognition on Windows Hello is better than the iPhone X, but not immune to the same infra-red photography techniques used to subvert both platforms.
The U.S. Customs and Border Patrol announced new restrictions on when agents can copy data from digital devices at border crossing points. Agents now need “reasonable suspicion” in advance of searches of phones, computers, tablets, cameras or any other digital device belonging to people entering or leaving the United States. Border agents will also be restricted from accessing data stored remotely in the cloud.
In a one-two punch, the Wi-Fi Alliance today introduced several key enhancements to its Wi-Fi Protected Access II (WPA2) security protocol and unveiled its next security protocol WPA3.
A breach of the Unique Identification Authority of India’s Aadhaar biometric system is putting personally identifiable information (PII) of more than 1 billion Indian residents at risk, reports the Tribune, an Indian publication. Read more about Aadhaar here.