OS Makers Preparing Patches for Secret Intel CPU Security Bug

OS makers and cloud service providers are preparing patches for a security bug affecting Intel processors, according to several sources with knowledge of the upcoming fixes. [...]

https://www.bleepingcomputer.com/news/security/os-makers-preparing-patches-for-secret-intel-cpu-security-bug/

Intel Denies Reports of Huge Performance Dip Due to Patches for CPU Security Bug

Intel released a statement earlier today denying media reports that upcoming patches for a yet-to-be-disclosed security bug cause huge performance dips for devices using Intel CPUs. [...]

https://www.bleepingcomputer.com/news/hardware/intel-denies-reports-of-huge-performance-dip-due-to-patches-for-cpu-security-bug/

Google: Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws

Google has just published details on two vulnerabilities named Meltdown and Spectre that in the company's assessment affect "every processor [released] since 1995." [...]

https://www.bleepingcomputer.com/news/security/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws/

List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates

This article contains an continuously updated list of advisories, bulletins, and software updates related to the Meltdown and Spectre vulnerabilities discovered in modern processors. The related CVEs are CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. [...]

https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/

Microsoft Releases Emergency Updates to Fix Meltdown and Spectre CPU Flaws

Late last night, Microsoft issued out-of-band updates that address Meltdown and Spectre, two security flaws said to be affecting almost all CPUs released since 1995. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-updates-to-fix-meltdown-and-spectre-cpu-flaws/

Mozilla Confirms Web-Based Execution Vector for Meltdown and Spectre Attacks

Mozilla has officially confirmed that the recently disclosed Meltdown and Spectre CPU flaws can be exploited via web content such as JavaScript files in order to extract information from users visiting a web page. [...]

https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/

How to Check and Update Windows Systems for the Meltdown and Spectre CPU Flaws

A simple, dumbed-down, step-by-step article on how to get these updates and navigate Microsoft's overly complicated announcement. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/

Server Cryptomix Ransomware Variant Released

The devs behind the Cryptomix ransomware just keep pushing them out. A new Cryptomix variant was released last week that appends the .SERVER extension to encrypted files and changes the contact emails used by the ransomware.  [...]

https://www.bleepingcomputer.com/news/security/server-cryptomix-ransomware-variant-released/

Department of Homeland Security Suffers Data Breach

The US Department of Homeland Security (DHS) announced it suffered a data breach last year, during which data for over 247,000 DHS employees and individuals under DHS investigations was taken from a secure DHS database. [...]

https://www.bleepingcomputer.com/news/security/department-of-homeland-security-suffers-data-breach/

Intel Promises Firmware Updates for Most Modern CPUs by the End of Next Week

Intel pinky-promised today that it will provide firmware updates by the end of next week for 90% of all CPU models it released in the past five years. [...]

https://www.bleepingcomputer.com/news/hardware/intel-promises-firmware-updates-for-most-modern-cpus-by-the-end-of-next-week/

Microsoft Word subDoc Feature Abused to Steal Windows Credentials

The security research team at Rhino Labs, a US-based cyber-security company, has discovered that malicious actors can use a lesser-known Microsoft Word feature called subDoc to trick Windows computers into handing over their NTLM hashes, the standard format in which user account credentials are stored. [...]

https://www.bleepingcomputer.com/news/security/microsoft-word-subdoc-feature-abused-to-steal-windows-credentials/

Google Unveils New Retpoline Coding Technique for Mitigating Spectre Attacks

Google has published details about a new coding technique created by the company's engineers that any developer can deploy and prevent Spectre attacks. [...]

https://www.bleepingcomputer.com/news/google/google-unveils-new-retpoline-coding-technique-for-mitigating-spectre-attacks/

Apple: All Mac Systems and iOS Devices Are Affected by Meltdown & Spectre Flaws

Apple has finally released an official statement on the company's mitigations status regarding the recently disclosed Meltdown and Spectre vulnerabilities. [...]

https://www.bleepingcomputer.com/news/apple/apple-all-mac-systems-and-ios-devices-are-affected-by-meltdown-and-spectre-flaws/

HP Recalls Laptop Batteries Due to Overheating and Fire Hazard

HP announced today "a worldwide voluntary safety recall and replacement program" for laptop batteries it shipped with notebooks or sold as accessories or replacements between December 2015 and December 2017. [...]

https://www.bleepingcomputer.com/news/hardware/hp-recalls-laptop-batteries-due-to-overheating-and-fire-hazard/

Python-Based Botnet Targets Linux Systems with Exposed SSH Ports

Experts believe that an experienced cybercrime group has created a botnet from compromised Linux servers and is using these systems to mine Monero, a digital currency. [...]

https://www.bleepingcomputer.com/news/security/python-based-botnet-targets-linux-systems-with-exposed-ssh-ports/

The Week in Ransomware - January 5th 2018 - Slow For The Holidays

Looks like even ransomware developers take time off for the holidays as there was not much activity over the past couple of weeks.  We have seen mostly new variants being release, with the biggest being CryptoMix. Otherwise, just a few small in development ransomwares being released. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-5th-2018-slow-for-the-holidays/

Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online

AMD has fixed, but not yet released BIOS/UEFI/firmware updates for the general public for a security flaw affecting the AMD Secure Processor. [...]

https://www.bleepingcomputer.com/news/security/security-flaw-in-amds-secure-chip-on-chip-processor-disclosed-online/

Adware Bundle Adds Persistence to Download More Malware at Later Time

For about a week now there have been repeated posts on the BleepingComputer and Malwarebytes forums regarding a BITSADMIN 3.0 command prompt that repeatedly opens on its own and downloads files.  What all of these users had in common were numerous adware and unwanted programs installed on the computer. [...]

https://www.bleepingcomputer.com/news/security/adware-bundle-adds-persistence-to-download-more-malware-at-later-time/

Microsoft Halts Bitcoin Transactions Because It's An "Unstable Currency"

Microsoft has stopped supporting Bitcoin as a payment method for Microsoft products, Bleeping Computer has learned. [...]

https://www.bleepingcomputer.com/news/cryptocurrency/microsoft-halts-bitcoin-transactions-because-its-an-unstable-currency-/

Backdoor Account Removed from Western Digital NAS Hard Drives

A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account. [...]

https://www.bleepingcomputer.com/news/security/backdoor-account-removed-from-western-digital-nas-hard-drives/

US Customs and Border Protection Publishes New Rules for Searching Electronic Devices

The US Customs and Border Protection (CBP) agency published last week a new guideline containing updated procedures for searching travelers' electronic devices at US borders. [...]

https://www.bleepingcomputer.com/news/government/us-customs-and-border-protection-publishes-new-rules-for-searching-electronic-devices/