05/25/2018 01:27 PM EDT Original release date: May 25, 2018
As summer begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them.
NCCIC encourages users to review the NCCIC Tips on Holiday Traveling with Personal Internet-Enabled Devices, Cybersecurity for Electronic Devices, and International Mobile Safety. The suggested security practices in these Tips will help travelers secure their portable devices during the summer travel season and throughout the year.
One more excuse for not using 2FA bites the dust
New research has discovered hard drives can be vulnerable to sonic interference.
05/21/2018 04:54 PM EDT Original release date: May 21, 2018
Systems Affected – CPU hardware implementations
Microsoft and Google are jointly disclosing a new out-of-order execution vulnerability. Speculative Store Bypass (SSB) relies on the memory loading behavior common to Intel and AMD CPUs, IBM’s POWER8 and POWER9 CPUs, as well as System Z and certain ARM processors.
On May 21, 2018, new variants—known as Spectre 3A and 4—of the side-channel central processing unit (CPU) hardware vulnerability were publically disclosed. These variants can allow an attacker to obtain access to sensitive information on affected systems.
CPU hardware implementations— known as Spectre and Meltdown—are vulnerable to side-channel attacks. Meltdown is a bug that “melts” the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a CPU to reveal its data.
Spectre Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.
Spectre Variant 4 is a vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to read arbitrary privileged data; and run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods.
To read complete alert including CVE and remediation information, click the link.
More information from TechRepublic.