A quick Saturday digest of cybersecurity news articles from other sources.
Securing Mobile Devices During Summer Travel
05/25/2018 01:27 PM EDT Original release date: May 25, 2018
As summer begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them.
NCCIC encourages users to review the NCCIC Tips on Holiday Traveling with Personal Internet-Enabled Devices, Cybersecurity for Electronic Devices, and International Mobile Safety. The suggested security practices in these Tips will help travelers secure their portable devices during the summer travel season and throughout the year.
Facebook 2FA no longer needs a phone number: here’s how to set it up
One more excuse for not using 2FA bites the dust
Acoustic attacks can blue-screen computers
New research has discovered hard drives can be vulnerable to sonic interference.
TA18-141A: Side-Channel Vulnerability Variants 3a and 4
05/21/2018 04:54 PM EDT Original release date: May 21, 2018
Systems Affected – CPU hardware implementations
Microsoft and Google are jointly disclosing a new out-of-order execution vulnerability. Speculative Store Bypass (SSB) relies on the memory loading behavior common to Intel and AMD CPUs, IBM’s POWER8 and POWER9 CPUs, as well as System Z and certain ARM processors.
Overview
On May 21, 2018, new variants—known as Spectre 3A and 4—of the side-channel central processing unit (CPU) hardware vulnerability were publically disclosed. These variants can allow an attacker to obtain access to sensitive information on affected systems.
Description
CPU hardware implementations— known as Spectre and Meltdown—are vulnerable to side-channel attacks. Meltdown is a bug that “melts” the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a CPU to reveal its data.
Spectre Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.
Spectre Variant 4 is a vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to read arbitrary privileged data; and run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods.
To read complete alert including CVE and remediation information, click the link.
More information from TechRepublic.
Share
JUN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com