Author Topic: Technical (Read 1363211 times)

Asyn · « **Reply #2550 on:** May 13, 2019, 07:44:12 AM »

Blocking Hyperlink Auditing Tracking Pings with Extensions
https://www.bleepingcomputer.com/news/security/blocking-hyperlink-auditing-tracking-pings-with-extensions/

Asyn · « **Reply #2551 on:** May 14, 2019, 07:29:37 AM »

Israeli Firm Tied to Tool That Uses WhatsApp Flaw to Spy on Activists
https://www.nytimes.com/2019/05/13/technology/nso-group-whatsapp-spying.html

Asyn · « **Reply #2552 on:** May 14, 2019, 11:12:13 AM »

Quote from: bob3160 on May 11, 2019, 09:45:31 PM

Quote from: Asyn on May 11, 2019, 09:03:01 PM
Quote from: bob3160 on May 11, 2019, 02:33:57 PM
Quote from: Asyn on May 11, 2019, 08:30:39 AM
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/
I hate vague reports. (Gossip.)
More details here: https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
Same information just posted on a different platform. Still no particulars. 3 Major American AV companies doesn't really give any specifics.

Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond
https://www.bleepingcomputer.com/news/security/fxmsp-chat-logs-reveal-the-hacked-antivirus-vendors-avs-respond/

bob3160 · « **Reply #2553 on:** May 14, 2019, 03:06:02 PM »

Quote from: Asyn on May 14, 2019, 11:12:13 AM

Quote from: bob3160 on May 11, 2019, 09:45:31 PM
Quote from: Asyn on May 11, 2019, 09:03:01 PM
Quote from: bob3160 on May 11, 2019, 02:33:57 PM
Quote from: Asyn on May 11, 2019, 08:30:39 AM
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/
I hate vague reports. (Gossip.)
More details here: https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
Same information just posted on a different platform. Still no particulars. 3 Major American AV companies doesn't really give any specifics.
Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond
https://www.bleepingcomputer.com/news/security/fxmsp-chat-logs-reveal-the-hacked-antivirus-vendors-avs-respond/

Thanks for the link. The opriginal post stated that it effected 3 US security Companies.
Now the statement is 3 companies with offices in the US. Big difference since many Security companies have offices in the US.

Asyn · « **Reply #2554 on:** May 15, 2019, 07:53:36 AM »

ZombieLoad: Cross Privilege-Boundary Data Leakage
https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
https://zombieloadattack.com/
https://cpu.fail/

Pondus · « **Reply #2555 on:** May 15, 2019, 01:17:49 PM »

RIDL and Fallout: MDS attacks
Attacks on the newly-disclosed "MDS" hardware vulnerabilities in Intel CPUs

https://mdsattacks.com/

https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html

https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

https://zombieloadattack.com/#attack

bob3160 · « **Reply #2556 on:** May 15, 2019, 02:06:53 PM »

Quote from: Pondus on May 15, 2019, 01:17:49 PM

RIDL and Fallout: MDS attacks
Attacks on the newly-disclosed "MDS" hardware vulnerabilities in Intel CPUs

https://mdsattacks.com/

https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html

https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

https://zombieloadattack.com/#attack

So according to the tool offered here, https://mdsattacks.com/ my system is vulnerable.

So the next logical question is how dangerous is this for the average user and,
probably more important, when will there be an actual fix outside of purchasing AMD

Asyn · « **Reply #2557 on:** May 15, 2019, 02:36:03 PM »

Quote from: bob3160 on May 15, 2019, 02:06:53 PM

So the next logical question is how dangerous is this for the average user and,
probably more important, when will there be an actual fix outside of purchasing AMD

According to Intel, medium to low, see: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html

bob3160 · « **Reply #2558 on:** May 15, 2019, 02:45:20 PM »

Quote from: Asyn on May 15, 2019, 02:36:03 PM

Quote from: bob3160 on May 15, 2019, 02:06:53 PM
So the next logical question is how dangerous is this for the average user and,
probably more important, when will there be an actual fix outside of purchasing AMD
According to Intel, medium to low, see: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html

Since it's their chip, income and reputation, I'll be just a bit sceptical with anything they have to say till verifies by a third independent source.

Asyn · « **Reply #2559 on:** May 15, 2019, 03:29:19 PM »

Quote from: bob3160 on May 15, 2019, 02:45:20 PM

Quote from: Asyn on May 15, 2019, 02:36:03 PM
Quote from: bob3160 on May 15, 2019, 02:06:53 PM
So the next logical question is how dangerous is this for the average user and,
probably more important, when will there be an actual fix outside of purchasing AMD
According to Intel, medium to low, see: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Since it's their chip, income and reputation, I'll be just a bit sceptical with anything they have to say till verifies by a third independent source.

Hi Bob, agreed. Here's an overview of the currently available updates/fixes. Hope it helps. (German site)
https://www.heise.de/ct/artikel/Updates-gegen-die-Intel-Prozessorluecken-ZombieLoad-Co-4422413.html

Pondus · « **Reply #2560 on:** May 16, 2019, 07:13:38 AM »

May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability
https://blog.trendmicro.com/trendlabs-security-intelligence/mays-patch-tuesday-include-fixes-for-wormable-flaw-in-windows-xp-zero-day-vulnerability/

===================================================
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification.
=======================================================

Asyn · « **Reply #2561 on:** May 16, 2019, 07:58:25 AM »

The May 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/5/14/the-may-2019-security-update-review

Pondus · « **Reply #2562 on:** May 16, 2019, 07:54:37 PM »

Quote from: Pondus on May 15, 2019, 01:17:49 PM

RIDL and Fallout: MDS attacks
Attacks on the newly-disclosed "MDS" hardware vulnerabilities in Intel CPUs

https://mdsattacks.com/

https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html

https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

https://zombieloadattack.com/#attack

This option is available for macOS Mojave, High Sierra, and Sierra after installing security updates.

https://support.apple.com/en-us/HT210108

Asyn · « **Reply #2563 on:** May 17, 2019, 09:22:46 AM »

Bots Tampering with TLS to Avoid Detection
https://blogs.akamai.com/sitr/2019/05/bots-tampering-with-tls-to-avoid-detection.html

Asyn · « **Reply #2564 on:** May 18, 2019, 04:26:13 PM »

Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage
https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/

Author Topic: Technical (Read 1363211 times)

Asyn

Re: Technical

Asyn

Re: Technical

Asyn

Re: Technical

bob3160

Re: Technical

Asyn

Re: Technical

Pondus

Re: Technical

bob3160

Re: Technical

Asyn

Re: Technical

bob3160

Re: Technical

Asyn

Re: Technical

Pondus

Re: Technical

Asyn

Re: Technical

Pondus

Re: Technical

Asyn

Re: Technical

Asyn

Re: Technical