Security

Remote security exploit in all 2008+ Intel platforms – SemiAccurate

https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ This looks quite nasty security issue for very many PCs. It seems that Intel has confirmed it. You can read their advisory here. The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine)

The main differences between internet privacy in the US and the EU

https://www.marketplace.org/2017/04/20/tech/make-me-smart-kai-and-molly/blog-main-differences-between-internet-privacy-us-and-eu European privacy regulations are generally more consumer-focused than U.S. rules. “Who is the focus of these laws? Is it about protecting us, and giving us all the information we need and allowing us to make informed choices?”  “Or is it about allowing Comcast to keep up with Google and Facebook when it comes to

Cyber risks for Industrial environments continue to increase

http://resources.infosecinstitute.com/cyber-risks-industrial-environments-continue-increase/ Industrial control systems (ICS) are a privileged target of different categories of threat actors. Researchers observed a significant increase of brute force attacks on supervisory control and data acquisition (SCADA) systems. In December, IBM warned of the availability of a penetration testing framework named smod that was used in many attacks in the wild.  Organization in any industry can

Invasion of the Hardware Snatchers: Cloned Electronics Pollute the Market – IEEE Spectrum

http://spectrum.ieee.org/computing/hardware/invasion-of-the-hardware-snatchers-cloned-electronics-pollute-the-market Unlike counterfeit electronics of the past, modern clones are very sophisticated.  The counterfeiters make their own components, boards, and systems from scratch and then package them into superficially similar products. The clones may be less reliable than the genuine product, having never undergone rigorous testing. But they may also host unwanted or even malicious software, firmware,

New password guidelines say everything we thought about passwords is wrong

https://venturebeat.com/2017/04/18/new-password-guidelines-say-everything-we-thought-about-passwords-is-wrong/ There is a draft of new guidelines for password management from NIST (the National Institute of Standards and Technology). There is a number of very progressive changes they proposed. Although NIST’s rules are not mandatory for nongovernmental organizations, they usually have a huge influence as many corporate security professionals.

7 considerations to make when securing your Raspberry Pi

https://opensource.com/article/17/3/iot-security-raspberry-pi?sc_cid=7016000000127ECAAY  This article tries to get you thinking of security at an appropriate level for your Raspberry Pi and IoT projects without scaring you away from playing, experimenting, and innovating. It’s about striking a balance. Don’t let a challenge stop you from trying. Just be aware of the big picture for securing your projects.

OWASP Proposes New Vulnerabilities for 2017 Top 10

http://www.securityweek.com/owasp-proposes-new-vulnerabilities-2017-top-10?utm_content=buffer1a6b0&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer The Open Web Application Security Project (OWASP) announced on Monday the first release candidate for the 2017 OWASP Top 10, which proposes two new vulnerability categories.