Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Securing Mobile Devices During Summer Travel

05/25/2018 01:27 PM EDT  Original release date: May 25, 2018

As summer begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them.

NCCIC encourages users to review the NCCIC Tips on Holiday Traveling with Personal Internet-Enabled DevicesCybersecurity for Electronic Devices, and International Mobile Safety. The suggested security practices in these Tips will help travelers secure their portable devices during the summer travel season and throughout the year.


Facebook 2FA no longer needs a phone number: here’s how to set it up

One more excuse for not using 2FA bites the dust


Acoustic attacks can blue-screen computers

New research has discovered hard drives can be vulnerable to sonic interference.


TA18-141A: Side-Channel Vulnerability Variants 3a and 4

05/21/2018 04:54 PM EDT  Original release date: May 21, 2018

Systems Affected – CPU hardware implementations

Microsoft and Google are jointly disclosing a new out-of-order execution vulnerability. Speculative Store Bypass (SSB) relies on the memory loading behavior common to Intel and AMD CPUs, IBM’s POWER8 and POWER9 CPUs, as well as System Z and certain ARM processors.

Overview
On May 21, 2018, new variants—known as Spectre 3A and 4—of the side-channel central processing unit (CPU) hardware vulnerability were publically disclosed. These variants can allow an attacker to obtain access to sensitive information on affected systems.

Description
CPU hardware implementations— known as Spectre and Meltdown—are vulnerable to side-channel attacks. Meltdown is a bug that “melts” the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a CPU to reveal its data.

Spectre Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.

Spectre Variant 4 is a vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to read arbitrary privileged data; and run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods.

To read complete alert including CVE and remediation information, click the link.

More information from TechRepublic.


 

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.