In the wake of the Spectre and Meltdown bugs, Intel has rolled out a significant expansion of its bug bounty program. Intel first launched the program in March 2017. The big changes include a shift from an invitation-only format to one that is open to all security researchers. One key addition is a program for […]
Apple said it is working on a fix for the latest text bomb bug that crashes a number of iOS and Mac apps that display specific Telugu language characters. The bug, first reported by Italian Blog Mobile World, impacts a wide range of Apple apps running on iOS and macOS. While some iPhone users are […]
Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free. The attacks do not generate the same type of default warning from Microsoft associated with macro-based attacks, according to […]
Nearly two-thirds of businesses worldwide have experienced significant delays in sales due to customer data privacy concerns, according to Cisco’s 2018 Privacy Maturity Benchmark Study. The study, based on the responses of roughly 3,000 cybersecurity professionals from 25 countries, shows that 65% of businesses reported sales cycle delays due to concerns over data privacy, with […]
Microsoft has been forced to issue an out-of-band patch to fix problems caused by a buggy Intel update for one of the Spectre vulnerabilities disclosed earlier this month. The Redmond fix (KB4078130) was issued over the weekend and disables the mitigation for branch target injection vulnerability CVE-2017-5715. The fix covers Windows 7 (SP1), Windows 8.1 […]
Researchers have released a proof-of-concept framework for a new covert channel for data exchange using the Transport Layer Security (TLS) protocol. The method exploits the public key certificate standard X.509 and could allow for post-intrusion C2 communication and data exfiltration to go unnoticed despite network perimeter protections. According to Fidelis researchers, the covert data exchange […]
A researcher that goes by the handle “Siguza” released details of a local privilege escalation attack against macOS that dates back to 2002. A successful attack could give adversaries complete root access to targeted systems. Siguza released details of the attack on Dec. 31 via Twitter, wishing followers a “Happy New Year” and linked to […]
Apple has sought to play down fears over the security of its operating system after a portion of iOS source code was leaked on GitHub this week, claiming it’s from several years ago. News outlets were awash with speculation on the potential implications of the leak, which apparently focused around the iBoot process that runs […]
The dental hygiene-focused cryptocurrency known as Dentacoin has widened its availability with partnerships with Arklign Laboratories and PCP Dental Recruitment. Arklign, a full-service dental laboratory based in San Jose, California, fabricates dental restorations and allows patients to track their services via the Arklign Case Relationship Management (aCRM) online patient portal. The deal is Dentacoin’s first […]
Attackers are trying to exploit a critical vulnerability in Cisco’s Adaptive Security Appliance firewall software, the company has confirmed. Cisco has updated its advisory for the vulnerability, which was first revealed on Jan. 29 and has been logged as CVE-2018-0101, on Feb. 7. “The Cisco Product Security Incident Response Team (PSIRT) is aware of public […]
