Specification that defines a software interface between an operating system and platform firmware
POPULARITY
In today's podcast we cover four crucial cyber and technology topics, including: 1. Europol wraps on campaign shutting down fake goods sites, and illegal sharing 2. Acer flaw could allow bypass of crucial security feature3. Twitter CEO reveals new end-to-end encryption plan 4. META fined 275 million USD over 2021 data leak I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Black Friday is just around the corner, which marks the unofficial launch of the holiday shopping season. As you're considering what gifts to give to your loved ones this year, I want to make sure you're thinking about the privacy and security aspects. To that end, I have updated my annual Best and Worst Gift Guide and I will go over the highlights in this episode for my Tip of the Week. But I also have a special new gift idea this year: security and privacy coupons that you can download and give to your loved ones! In the news: USPS tells customers to avoid using the big blue mailboxes for gifts and important letters during the holiday season; Google pays nearly $400M fine to 40 states who sued over location tracking; Medibank refuses to pay ransom for data and criminals are starting to leak sensitive medical records online; TransUnion reports a data breach; FBI director warns that TikTok is a national security risk; Lenovo laptops are exposed to UEFI malware risks (update now); a mysterious company with government ties and a history of spying has become a root certificate authority; the British government is scanning its citizens devices looking for vulnerabilities in hopes of fixing them; almost 50% of all Mac malware can be traced to a single, security application; Apple apps are sending tons of analytics data to Apple even when analytics are disabled; I answer a listener question (Dear Carey) about the best Mastodon clients, in the wake of the Twitter collapse. Article Links [Lifehacker] Avoid Using Blue Mailboxes During the Holidays, USPS Warns https://lifehacker.com/avoid-using-blue-mailboxes-during-the-holidays-usps-wa-1849773201 [The Hacker News] Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location https://thehackernews.com/2022/11/google-to-pays-391-million-privacy-fine.html [CPO Magazine] Medibank Refuses Ransom Payments, Hackers Leak Stolen Health Data to Dark Web https://www.cpomagazine.com/cyber-security/medibank-refuses-ransom-payments-hackers-leak-stolen-health-data-to-dark-web/ [BGR] TransUnion data breach compromises financial information of consumers https://bgr.com/tech/transunion-data-breach-compromises-financial-information-of-consumers/ [USA TODAY] FBI director says TikTok poses national security threat, and he's 'extremely concerned' https://www.usatoday.com/story/tech/2022/11/16/tiktok-poses-national-security-threat-fbi/10709987002/ [Ars Technica] Lenovo driver goof poses security risk for users of 25 notebook models https://arstechnica.com/information-technology/2022/11/lenovo-patches-secure-boot-vulnerabilities-that-imperil-25-notebook-models/ [The Washington Post] Mysterious company with government ties plays key internet role https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/ [Bleeping Computer] British govt is scanning all Internet devices hosted in UK https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/british-govt-is-scanning-all-internet-devices-hosted-in-uk/amp/ [Tom's Guide] Almost 50% of macOS malware reportedly comes from single app — delete it now https://www.tomsguide.com/news/new-report-says-nearly-half-of-macos-malware-comes-from-single-app-delete-it-now [Gizmodo] Apple Is Tracking You Even When Its Own Privacy Settings Say It's Not, New Research Says https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558 Dear Carey: Mastodon clients. https://joinmastodon.org/apps https://bilge.world/mastodon-ios-apps Further Info Best & Worst Gifts for 2022: https://firewallsdontstopdragons.com/best--worst-gifts-2022/ Privacy & Security Coupons: https://fdsd.me/coupons Give thanks and donate! https://firewallsdontstopdragons.com/give-thanks-donate/ Send me your questions! https://fdsd.me/qna Support me! https://fdsd.me/support Subscribe to the newsletter: https://firewallsdo...
We have made it to episode 700!!! Sure, only half of the crew made it this far, but that's just how it goes. It's a war of attrition, and Jeremy was there from episode one (Josh joined a bit later). And this week we decided to gather, virtually, once again, and talk about the most affordable graphics card ever made!RTX 4080 review, gaming PC building vs consoles, Nvidia earnings, some good security news for once, and more!Timestamps:00:00 Intro01:39 Food with Josh03:08 NVIDIA GeForce RTX 4080 Founders Edition review36:07 You aren't dreaming...it's NVIDIA quarterly earnings coverage!42:34 Podcast sponsor - Masterclass44:03 Did Gamers Nexus solve the 4090 connector mystery?55:47 AMD's EPYC new server processors1:00:53 Josh talks memory controllers1:04:23 AMD brings HYPR-RX to Radeon Software next year1:06:09 Google settles Android tracking lawsuit1:08:02 Lenovo patches UEFI vulnerability1:10:01 Gaming PSA1:13:12 Picks of the Week1:25:45 Outro ★ Support this podcast on Patreon ★
Navigating the UEFI waters is treacherous. While UEFI has become the standard on most PCs, servers, and laptops, replacing legacy BIOS, it is a complex set of standards and protocols. Jesse joins us to help explain how some of this works and describe how vulnerabilities, specifically with SMM, can manifest and be exploited. Segment Resources: [CHIPSEC GitHub] https://github.com/chipsec/chipsec Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw764
In the Security News: Stealing Mastodon passwords, reporting vulnerabilities in open-source privately, labeling does not solve problems, or does it? will it every get patched? geolocating people from photos, no meta-data required, update your firmware on Linux, hacking flow computers, when a driver isn't really a driver, well, its a driver, but not the one you may be thinking of, oops I leaked it again, misconfiguration leads to compromise, harden runner, guard dog and hacking spacecraft via Ethernet! Navigating the UEFI waters is treacherous. While UEFI has become the standard on most PCs, servers, and laptops, replacing legacy BIOS, it is a complex set of standards and protocols. Jesse joins us to help explain how some of this works and describe how vulnerabilities, specifically with SMM, can manifest and be exploited. Segment Resources: [CHIPSEC GitHub] https://github.com/chipsec/chipsec Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw764
Navigating the UEFI waters is treacherous. While UEFI has become the standard on most PCs, servers, and laptops, replacing legacy BIOS, it is a complex set of standards and protocols. Jesse joins us to help explain how some of this works and describe how vulnerabilities, specifically with SMM, can manifest and be exploited. Segment Resources: [CHIPSEC GitHub] https://github.com/chipsec/chipsec Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw764
In the Security News: Stealing Mastodon passwords, reporting vulnerabilities in open-source privately, labeling does not solve problems, or does it? will it every get patched? geolocating people from photos, no meta-data required, update your firmware on Linux, hacking flow computers, when a driver isn't really a driver, well, its a driver, but not the one you may be thinking of, oops I leaked it again, misconfiguration leads to compromise, harden runner, guard dog and hacking spacecraft via Ethernet! Navigating the UEFI waters is treacherous. While UEFI has become the standard on most PCs, servers, and laptops, replacing legacy BIOS, it is a complex set of standards and protocols. Jesse joins us to help explain how some of this works and describe how vulnerabilities, specifically with SMM, can manifest and be exploited. Segment Resources: [CHIPSEC GitHub] https://github.com/chipsec/chipsec Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw764
Microsoft's new goodies for Linux users, the Ubuntu Summit wraps up, and our takeaways from the recent fireside chat with Linus Torvalds.
Microsoft's new goodies for Linux users, the Ubuntu Summit wraps up, and our takeaways from the recent fireside chat with Linus Torvalds.
Микропроцессор – мозг, сердце любой системы. С Владимиром Туровым из Selectel прошлись по техническому устройству процессора, архитектурам. CPU по праву считается центральным элементом, обсудили как он взаимодействует с другими частями системы. А в конце традиционно разобрали эволюцию отрасли. Поддержи лучший подкаст про IT: www.patreon.com/podlodka Также ждем вас, ваши лайки, репосты и комменты в мессенджерах и соцсетях! Telegram-чат: https://t.me/podlodka Telegram-канал: https://t.me/podlodkanews Страница в Facebook: www.facebook.com/podlodkacast/ Twitter-аккаунт: https://twitter.com/PodlodkaPodcast Ведущие в выпуске: Стас Цыганов, Евгений Кателла Полезные ссылки: Как запускается сервер https://habr.com/ru/company/selectel/blog/471756/ (Legacy) https://habr.com/ru/company/selectel/blog/516810/ (UEFI) Книга «Код, тайный язык информации» Видео разбора мака старого и с M1 https://www.youtube.com/watch?v=IWIHEI1Au0k Бенчмарки от организаций https://www.spec.org/ Статьи по древним серверам https://habr.com/ru/users/ereinion/posts/ Профиль Владимира на хабре https://habr.com/ru/users/firemoon
Intel isn't happy that the source code for their Alder Lake BIOS has been leaked online. The UEFI code was nabbed by someone and posted to the Internet as a 6 GB file containing all kinds of secret things. One of the big finds is the private key for Intel Boot Guard, a seuciry feature designed to create a secure booting environment. No official word has been released on who leaked the data but signs point to an ODM in China that created a Github repository that was cloned and distributed rapidly. Tom, how bad is this for Intel? Time Stamps: 0:00 - Welcome to the Rundown 0:22 - Disk Drive Market Declining 3:04 - Splunk Claims Cribl Cribbed Code 7:53 - Pavilion Data is Threadbare 11:15 - Airlines Want 5G Made Permanent 16:48 - Alder Lake Leaks BIOS Source 26:39 - The Weeks Ahead 27:50 - Thanks for Watching Follow our hosts on Social Media Tom Hollingsworth: https://www.twitter.com/NetworkingNerd Stephen Foskett: https://www.twitter.com/SFoskett Max Mortillaro: https://www.twitter.com/MaxMortillaro Follow Gestalt IT Website: https://www.GestaltIT.com/ Twitter: https://www.twitter.com/GestaltIT LinkedIn: https://www.linkedin.com/company/1789
Finger heat can leak your password US airport sites targeted by KillNet Intel confirms UEFI leak Thanks to today's episode sponsor, Noname Security Prevent API attacks in real-time with automated AI and ML-based detection from Noname Security. Monitor API traffic for data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. Integrate with your existing IT workflow management system like Jira, ServiceNow, or Slack for seamless remediation. Learn more at nonamesecurity.com/runtime-protection
This week Dave talks with Mike Bursell (https://dgshow.org/guests/mbursell) and Nathaniel McCallum (https://dgshow.org/guests/nmccallum) about confidential computing! Check out Mike on D&G 201 (https://dgshow.org/201) from 2020! Enarx (https://enarx.dev/) Red Hat (https://www.redhat.com/en) Profian (https://www.profian.com/) McCallum-Relyea exchange (https://www.admin-magazine.com/Archive/2018/43/Automatic-data-encryption-and-decryption-with-Clevis-and-Tang) Trusted computing (https://en.wikipedia.org/wiki/Trusted_Computing) Confidential computing – the new HTTPS? (https://aliceevebob.com/2019/12/03/confidential-computing-the-new-https/) Confidential Computing Consortium (https://confidentialcomputing.io/) Trusted Platform Module (TPM) (https://en.wikipedia.org/wiki/Trusted_Platform_Module) Trusted Execution Environment (TEE) (https://en.wikipedia.org/wiki/Trusted_execution_environment) Digital Rights Management (DRM) (https://en.wikipedia.org/wiki/Digital_rights_management) Intel SGX (https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html) AMD SEV (https://developer.amd.com/sev/) AWS Nitro System (https://aws.amazon.com/ec2/nitro/) What is attestation for Confidential Computing? (https://aliceevebob.com/2022/06/14/what-is-attestation-for-confidential-computing/) WebAssembly (https://webassembly.org/) Bytecode Alliance (https://bytecodealliance.org/) Drawbridge (https://github.com/profianinc/drawbridge) Keep (https://github.com/enarx/enarx-keepldr) Secure multi-party computation (https://en.wikipedia.org/wiki/Secure_multi-party_computation) Privacy-Enhancing Technologies (PET) (https://en.wikipedia.org/wiki/Privacy-enhancing_technologies) Homomorphic encryption (https://en.wikipedia.org/wiki/Homomorphic_encryption) Functional equivalence and formal equivalence checking (https://en.wikipedia.org/wiki/Formal_equivalence_checking) What is a Linux Container? (https://www.redhat.com/en/topics/containers/whats-a-linux-container) Functions as a Service (https://en.wikipedia.org/wiki/Function_as_a_service) UEFI (https://en.wikipedia.org/wiki/UEFI) Reproducible builds (https://en.wikipedia.org/wiki/Reproducible_builds) Trusted Computing Base (TCB) (https://en.wikipedia.org/wiki/Trusted_computing_base) Confidential Computing: try it now, for free (https://blog.profian.com/confidential-computing-now-for-free/) FedRAMP (https://www.fedramp.gov/) Bell–LaPadula model (https://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_model) NVIDIA Confidential Computing (https://www.nvidia.com/en-us/data-center/solutions/confidential-computing/) U.S. and U.K. Launch Innovation Prize Challenges in Privacy-Enhancing Technologies to Tackle Financial Crime and Public Health Emergencies (https://www.whitehouse.gov/ostp/news-updates/2022/07/20/u-s-and-u-k-launch-innovation-prize-challenges-in-privacy-enhancing-technologies-to-tackle-financial-crime-and-public-health-emergencies/) Advancing a Vision for Privacy-Enhancing Technologies (https://www.whitehouse.gov/ostp/news-updates/2022/06/28/advancing-a-vision-for-privacy-enhancing-technologies/) Accelerating the adoption and development of privacy-enhancing technologies (PETs) (https://petsprizechallenges.com/) Trust in Computer Systems and the Cloud (https://www.wiley.com/en-us/Trust+in+Computer+Systems+and+the+Cloud-p-9781119692324) We Give Thanks * Mike Bursell (https://dgshow.org/guests/mbursell) and Nathaniel McCallum (https://dgshow.org/guests/nmccallum) for joining us on the show! * Jen Wike Huger (https://twitter.com/JenWike) for connecting the dots! Special Guests: Mike Bursell and Nathaniel McCallum.
Linux goes underwater, Microsoft kills the Teams' Linux app, and the nasty GRUB bug some of us could not avoid.
Linux goes underwater, Microsoft kills the Teams' Linux app, and the nasty GRUB bug some of us could not avoid.
Debian's firmware future is up for debate, Pine64 teases a RISC-V SBC, and some of your favorite tools just got new tricks.
Debian's firmware future is up for debate, Pine64 teases a RISC-V SBC, and some of your favorite tools just got new tricks.
This week Dr. Doug talks: UEFI, PyPI, vishing, VNC, Sova, Doom, Mailchimp, hiding photos, and is joined by Jason Wood on this episode of Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn232
This week Dr. Doug talks: UEFI, PyPI, vishing, VNC, Sova, Doom, Mailchimp, hiding photos, and is joined by Jason Wood on this episode of Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn232
Mai menü:Felmérés szerint az átlag amerikai naponta 6,5 alkalommal lép be gyanús oldalakraKínai hacker keresőKínai UEFI rootkitet találtak Gigabyte és Asus alaplapokon | SecurityWeek.ComHamisított git metaadatokAnti-vax társkereső webhely kitett adatok 3,500 felhasználók keresztül "hibakeresési mód" hiba - A VergeNoMoreRansom születésnapFBI lefoglal $500,000 Ransomware kifizetések és Crypto az észak-koreai hackerektőlAz XSS-sel történő hackelés tisztázásaKezdje el tanulni a biztonságot az SQLi segítségévelElérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show
CHIPS Act clears Congress, ensuring $52 billion boost to US foundries. Intel (INTC) earnings Q2 2022. Intel Kills Optane Memory Business Entirely. Apple's $83B quarter by the numbers. FY22 Q4 - Press Releases - Investor Relations - Microsoft. Amazon (AMZN) Q2 2022 earnings. Peacock's paid subscribers stayed flat at 13 million, losses widen to $467 million. Why Big Tech Is Making a Big Play for Live Sports. Collect and Trade NFL Highlights As NFTs. Spotify has 188 million Premium users, but continues to lose money. Spotify forks out $295M for Findaway, Podsights, Chartable, and Sonantic, filing reveals. FTC's Lina Khan Overruled Staff to Sue Meta Over Virtual-Reality Deal. Instagram Admits It's 'Not Good' After Kardashians Beg It to Stop Copying TikTok. Instagram walks back TikTok-style changes — Adam Mosseri explains why. Facebook Is Finally Giving People A Non-Algorithmic News Feed. Twitter is raising the Blue subscription price from $2.99 to $4.99 monthly. Twitter v. Elon Musk trial date set to start October 17th. FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us. T-Mobile to pay $500M for one of the largest data breaches in US history. Tim Hortons offers free coffee to settle mobile app class action lawsuits. Russia tried to hijack some of Apple's internet traffic for 12 hours. Details from FBI Raid of U.S. Private Vaults Being Kept from Public. Why One Critical Second Can Wreak Havoc on the Internet. HBO Max will begin streaming 'Game of Thrones' in 4K HDR next month. Ultiworld on Twitter: "Marques Brownlee (@MKBHD) with the MASSIVE sky for @PrideofNY at the World Ultimate Club Championships" NASA on Twitter: "We celebrate the life of Nichelle Nichols, Star Trek actor, trailblazer, and role model, who symbolized to so many what was possible." Host: Leo Laporte Guests: Jason Snell, Shoshana Weissmann, and Dan Patterson Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: UserWay.org/twit Melissa.com/twit kolide.com/twit go.newtek.com/twit-tv
CHIPS Act clears Congress, ensuring $52 billion boost to US foundries. Intel (INTC) earnings Q2 2022. Intel Kills Optane Memory Business Entirely. Apple's $83B quarter by the numbers. FY22 Q4 - Press Releases - Investor Relations - Microsoft. Amazon (AMZN) Q2 2022 earnings. Peacock's paid subscribers stayed flat at 13 million, losses widen to $467 million. Why Big Tech Is Making a Big Play for Live Sports. Collect and Trade NFL Highlights As NFTs. Spotify has 188 million Premium users, but continues to lose money. Spotify forks out $295M for Findaway, Podsights, Chartable, and Sonantic, filing reveals. FTC's Lina Khan Overruled Staff to Sue Meta Over Virtual-Reality Deal. Instagram Admits It's 'Not Good' After Kardashians Beg It to Stop Copying TikTok. Instagram walks back TikTok-style changes — Adam Mosseri explains why. Facebook Is Finally Giving People A Non-Algorithmic News Feed. Twitter is raising the Blue subscription price from $2.99 to $4.99 monthly. Twitter v. Elon Musk trial date set to start October 17th. FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us. T-Mobile to pay $500M for one of the largest data breaches in US history. Tim Hortons offers free coffee to settle mobile app class action lawsuits. Russia tried to hijack some of Apple's internet traffic for 12 hours. Details from FBI Raid of U.S. Private Vaults Being Kept from Public. Why One Critical Second Can Wreak Havoc on the Internet. HBO Max will begin streaming 'Game of Thrones' in 4K HDR next month. Ultiworld on Twitter: "Marques Brownlee (@MKBHD) with the MASSIVE sky for @PrideofNY at the World Ultimate Club Championships" NASA on Twitter: "We celebrate the life of Nichelle Nichols, Star Trek actor, trailblazer, and role model, who symbolized to so many what was possible." Host: Leo Laporte Guests: Jason Snell, Shoshana Weissmann, and Dan Patterson Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: UserWay.org/twit Melissa.com/twit kolide.com/twit go.newtek.com/twit-tv
CHIPS Act clears Congress, ensuring $52 billion boost to US foundries. Intel (INTC) earnings Q2 2022. Intel Kills Optane Memory Business Entirely. Apple's $83B quarter by the numbers. FY22 Q4 - Press Releases - Investor Relations - Microsoft. Amazon (AMZN) Q2 2022 earnings. Peacock's paid subscribers stayed flat at 13 million, losses widen to $467 million. Why Big Tech Is Making a Big Play for Live Sports. Collect and Trade NFL Highlights As NFTs. Spotify has 188 million Premium users, but continues to lose money. Spotify forks out $295M for Findaway, Podsights, Chartable, and Sonantic, filing reveals. FTC's Lina Khan Overruled Staff to Sue Meta Over Virtual-Reality Deal. Instagram Admits It's 'Not Good' After Kardashians Beg It to Stop Copying TikTok. Instagram walks back TikTok-style changes — Adam Mosseri explains why. Facebook Is Finally Giving People A Non-Algorithmic News Feed. Twitter is raising the Blue subscription price from $2.99 to $4.99 monthly. Twitter v. Elon Musk trial date set to start October 17th. FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us. T-Mobile to pay $500M for one of the largest data breaches in US history. Tim Hortons offers free coffee to settle mobile app class action lawsuits. Russia tried to hijack some of Apple's internet traffic for 12 hours. Details from FBI Raid of U.S. Private Vaults Being Kept from Public. Why One Critical Second Can Wreak Havoc on the Internet. HBO Max will begin streaming 'Game of Thrones' in 4K HDR next month. Ultiworld on Twitter: "Marques Brownlee (@MKBHD) with the MASSIVE sky for @PrideofNY at the World Ultimate Club Championships" NASA on Twitter: "We celebrate the life of Nichelle Nichols, Star Trek actor, trailblazer, and role model, who symbolized to so many what was possible." Host: Leo Laporte Guests: Jason Snell, Shoshana Weissmann, and Dan Patterson Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: UserWay.org/twit Melissa.com/twit kolide.com/twit go.newtek.com/twit-tv
CHIPS Act clears Congress, ensuring $52 billion boost to US foundries. Intel (INTC) earnings Q2 2022. Intel Kills Optane Memory Business Entirely. Apple's $83B quarter by the numbers. FY22 Q4 - Press Releases - Investor Relations - Microsoft. Amazon (AMZN) Q2 2022 earnings. Peacock's paid subscribers stayed flat at 13 million, losses widen to $467 million. Why Big Tech Is Making a Big Play for Live Sports. Collect and Trade NFL Highlights As NFTs. Spotify has 188 million Premium users, but continues to lose money. Spotify forks out $295M for Findaway, Podsights, Chartable, and Sonantic, filing reveals. FTC's Lina Khan Overruled Staff to Sue Meta Over Virtual-Reality Deal. Instagram Admits It's 'Not Good' After Kardashians Beg It to Stop Copying TikTok. Instagram walks back TikTok-style changes — Adam Mosseri explains why. Facebook Is Finally Giving People A Non-Algorithmic News Feed. Twitter is raising the Blue subscription price from $2.99 to $4.99 monthly. Twitter v. Elon Musk trial date set to start October 17th. FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us. T-Mobile to pay $500M for one of the largest data breaches in US history. Tim Hortons offers free coffee to settle mobile app class action lawsuits. Russia tried to hijack some of Apple's internet traffic for 12 hours. Details from FBI Raid of U.S. Private Vaults Being Kept from Public. Why One Critical Second Can Wreak Havoc on the Internet. HBO Max will begin streaming 'Game of Thrones' in 4K HDR next month. Ultiworld on Twitter: "Marques Brownlee (@MKBHD) with the MASSIVE sky for @PrideofNY at the World Ultimate Club Championships" NASA on Twitter: "We celebrate the life of Nichelle Nichols, Star Trek actor, trailblazer, and role model, who symbolized to so many what was possible." Host: Leo Laporte Guests: Jason Snell, Shoshana Weissmann, and Dan Patterson Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: UserWay.org/twit Melissa.com/twit kolide.com/twit go.newtek.com/twit-tv
CHIPS Act clears Congress, ensuring $52 billion boost to US foundries. Intel (INTC) earnings Q2 2022. Intel Kills Optane Memory Business Entirely. Apple's $83B quarter by the numbers. FY22 Q4 - Press Releases - Investor Relations - Microsoft. Amazon (AMZN) Q2 2022 earnings. Peacock's paid subscribers stayed flat at 13 million, losses widen to $467 million. Why Big Tech Is Making a Big Play for Live Sports. Collect and Trade NFL Highlights As NFTs. Spotify has 188 million Premium users, but continues to lose money. Spotify forks out $295M for Findaway, Podsights, Chartable, and Sonantic, filing reveals. FTC's Lina Khan Overruled Staff to Sue Meta Over Virtual-Reality Deal. Instagram Admits It's 'Not Good' After Kardashians Beg It to Stop Copying TikTok. Instagram walks back TikTok-style changes — Adam Mosseri explains why. Facebook Is Finally Giving People A Non-Algorithmic News Feed. Twitter is raising the Blue subscription price from $2.99 to $4.99 monthly. Twitter v. Elon Musk trial date set to start October 17th. FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us. T-Mobile to pay $500M for one of the largest data breaches in US history. Tim Hortons offers free coffee to settle mobile app class action lawsuits. Russia tried to hijack some of Apple's internet traffic for 12 hours. Details from FBI Raid of U.S. Private Vaults Being Kept from Public. Why One Critical Second Can Wreak Havoc on the Internet. HBO Max will begin streaming 'Game of Thrones' in 4K HDR next month. Ultiworld on Twitter: "Marques Brownlee (@MKBHD) with the MASSIVE sky for @PrideofNY at the World Ultimate Club Championships" NASA on Twitter: "We celebrate the life of Nichelle Nichols, Star Trek actor, trailblazer, and role model, who symbolized to so many what was possible." Host: Leo Laporte Guests: Jason Snell, Shoshana Weissmann, and Dan Patterson Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: UserWay.org/twit Melissa.com/twit kolide.com/twit go.newtek.com/twit-tv
The UEFI Rootkit that has been discovered has been in the wild since 2016, with it only now being discovered is an absolute disaster primarily at this point for Windows users! How something so sinister can go undetected for this long is a tragedy. We had some boosts to the show from the fountain podcast app thank you to those early adopters. The post Discovery of new UEFI Rootkit is bad news! #1614 appeared first on Geek News Central.
In the Security News FreeBSD and the software supply chain, open-source implies that its open, hardcoded passwords are always bad, on-again, off-again, on-again, privilege escelation defined, preparing for quantum, so many vulnerabilities, CosmicStrand another UEFI firmware rootkit, & reviving ancient computers! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw749
Alphabet misses on earnings and revenue for second quarter. Google earnings signal company weathering slowdown better than expected. Mark Zuckerberg braces Meta employees for 'intense period'. Instagram Admits It's 'Not Good' After Kardashians Beg It to Stop Copying TikTok. Introducing Home and Feeds on Facebook. Zuck Turns Up the Heat. Sunset of the social network. @elonmusk: The media is a click-seeking machine dressed up as a truth-seeking machine. Inside TikTok's Attempts to 'Downplay the China Association'. Google Fires Blake Lemoine, Engineer Who Called Its AI Sentient. Google, like Amazon, will let police see your video without a warrant. TikTok's Pink Sauce chef defends her viral condiment. Today's TikTok culinary horror: pizza sacrilege. Why Does the Prison-Life Content on TikTok Feel So Familiar? A Fond Farewell to the Chaotic Italian Sandwich Man of TikTok. Google is adding Flyover-like aerial views to Maps. Google Photos website starts showing the backup quality of every image. Google Play gets a new logo for its 10-year anniversary. Hangouts on Air is back as Google Meet brings YouTube livestreaming to free Gmail. Pixel's At a Glance widget starts showing Air Quality (AQI) alerts. Google Drive, Docs, and other Workspace apps getting optimized for Android tablets. Chromecast with Google TV finally supports streaming live video from new Nest Cams, Doorbell. Chromebooks are getting a new, more advanced Google Photos movie editor. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us. Coding Mistake Made Intel GPUs 100X Slower in Ray Tracing. The drive to save Choco Taco. Chess robot grabs and breaks finger of a seven-year-old opponent. Russia to drop out of International Space Station after 2024. Why One Critical Second Can Wreak Havoc on the Internet. How to Use BeReal, the 'Unfiltered' Social Media App. Why Big Tech Is Making a Big Play for Live Sports. Why Amazon is buying a little-known medical provider for $3.9 billion. Frankfurt airport boss blames travel chaos on black suitcases. Picks: Stacey - @secengineer on TikTok. Jeff - @jeffjarvis: Well, damn, now I'm crying all over again. Newport put up two high-quality and complete videos from @jonimitchell's set. Ant - Mac Arnold's 80th birthday celebrated with blues jam. Hosts: Leo Laporte, Jeff Jarvis, Stacey Higginbotham, and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/this-week-in-google. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: ClickUp.com use code TWIG
Alphabet misses on earnings and revenue for second quarter. Google earnings signal company weathering slowdown better than expected. Mark Zuckerberg braces Meta employees for 'intense period'. Instagram Admits It's 'Not Good' After Kardashians Beg It to Stop Copying TikTok. Introducing Home and Feeds on Facebook. Zuck Turns Up the Heat. Sunset of the social network. @elonmusk: The media is a click-seeking machine dressed up as a truth-seeking machine. Inside TikTok's Attempts to 'Downplay the China Association'. Google Fires Blake Lemoine, Engineer Who Called Its AI Sentient. Google, like Amazon, will let police see your video without a warrant. TikTok's Pink Sauce chef defends her viral condiment. Today's TikTok culinary horror: pizza sacrilege. Why Does the Prison-Life Content on TikTok Feel So Familiar? A Fond Farewell to the Chaotic Italian Sandwich Man of TikTok. Google is adding Flyover-like aerial views to Maps. Google Photos website starts showing the backup quality of every image. Google Play gets a new logo for its 10-year anniversary. Hangouts on Air is back as Google Meet brings YouTube livestreaming to free Gmail. Pixel's At a Glance widget starts showing Air Quality (AQI) alerts. Google Drive, Docs, and other Workspace apps getting optimized for Android tablets. Chromecast with Google TV finally supports streaming live video from new Nest Cams, Doorbell. Chromebooks are getting a new, more advanced Google Photos movie editor. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us. Coding Mistake Made Intel GPUs 100X Slower in Ray Tracing. The drive to save Choco Taco. Chess robot grabs and breaks finger of a seven-year-old opponent. Russia to drop out of International Space Station after 2024. Why One Critical Second Can Wreak Havoc on the Internet. How to Use BeReal, the 'Unfiltered' Social Media App. Why Big Tech Is Making a Big Play for Live Sports. Why Amazon is buying a little-known medical provider for $3.9 billion. Frankfurt airport boss blames travel chaos on black suitcases. Picks: Stacey - @secengineer on TikTok. Jeff - @jeffjarvis: Well, damn, now I'm crying all over again. Newport put up two high-quality and complete videos from @jonimitchell's set. Ant - Mac Arnold's 80th birthday celebrated with blues jam. Hosts: Leo Laporte, Jeff Jarvis, Stacey Higginbotham, and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/this-week-in-google. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: ClickUp.com use code TWIG
We've heard about the recent abuses for Apple's AirTags used in tracking and stalking issues in recent months. While tools exist for detection under the Apple ecosystem, limited options exist for Android and none under Linux. We'll explore the AirTag beacons and showcase some tools for detecting beacons and creating our own for testing under Linux. We'll also show some ways to take our methods even further as an exercise left unto the reader. In the Security News FreeBSD and the software supply chain, open-source implies that its open, hardcoded passwords are always bad, on-again, off-again, on-again, privilege escelation defined, preparing for quantum, so many vulnerabilities, CosmicStrand another UEFI firmware rootkit, & reviving ancient computers! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw749
Alphabet misses on earnings and revenue for second quarter. Google earnings signal company weathering slowdown better than expected. Mark Zuckerberg braces Meta employees for 'intense period'. Instagram Admits It's 'Not Good' After Kardashians Beg It to Stop Copying TikTok. Introducing Home and Feeds on Facebook. Zuck Turns Up the Heat. Sunset of the social network. @elonmusk: The media is a click-seeking machine dressed up as a truth-seeking machine. Inside TikTok's Attempts to 'Downplay the China Association'. Google Fires Blake Lemoine, Engineer Who Called Its AI Sentient. Google, like Amazon, will let police see your video without a warrant. TikTok's Pink Sauce chef defends her viral condiment. Today's TikTok culinary horror: pizza sacrilege. Why Does the Prison-Life Content on TikTok Feel So Familiar? A Fond Farewell to the Chaotic Italian Sandwich Man of TikTok. Google is adding Flyover-like aerial views to Maps. Google Photos website starts showing the backup quality of every image. Google Play gets a new logo for its 10-year anniversary. Hangouts on Air is back as Google Meet brings YouTube livestreaming to free Gmail. Pixel's At a Glance widget starts showing Air Quality (AQI) alerts. Google Drive, Docs, and other Workspace apps getting optimized for Android tablets. Chromecast with Google TV finally supports streaming live video from new Nest Cams, Doorbell. Chromebooks are getting a new, more advanced Google Photos movie editor. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us. Coding Mistake Made Intel GPUs 100X Slower in Ray Tracing. The drive to save Choco Taco. Chess robot grabs and breaks finger of a seven-year-old opponent. Russia to drop out of International Space Station after 2024. Why One Critical Second Can Wreak Havoc on the Internet. How to Use BeReal, the 'Unfiltered' Social Media App. Why Big Tech Is Making a Big Play for Live Sports. Why Amazon is buying a little-known medical provider for $3.9 billion. Frankfurt airport boss blames travel chaos on black suitcases. Picks: Stacey - @secengineer on TikTok. Jeff - @jeffjarvis: Well, damn, now I'm crying all over again. Newport put up two high-quality and complete videos from @jonimitchell's set. Ant - Mac Arnold's 80th birthday celebrated with blues jam. Hosts: Leo Laporte, Jeff Jarvis, Stacey Higginbotham, and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/this-week-in-google. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: ClickUp.com use code TWIG
Alphabet misses on earnings and revenue for second quarter. Google earnings signal company weathering slowdown better than expected. Mark Zuckerberg braces Meta employees for 'intense period'. Instagram Admits It's 'Not Good' After Kardashians Beg It to Stop Copying TikTok. Introducing Home and Feeds on Facebook. Zuck Turns Up the Heat. Sunset of the social network. @elonmusk: The media is a click-seeking machine dressed up as a truth-seeking machine. Inside TikTok's Attempts to 'Downplay the China Association'. Google Fires Blake Lemoine, Engineer Who Called Its AI Sentient. Google, like Amazon, will let police see your video without a warrant. TikTok's Pink Sauce chef defends her viral condiment. Today's TikTok culinary horror: pizza sacrilege. Why Does the Prison-Life Content on TikTok Feel So Familiar? A Fond Farewell to the Chaotic Italian Sandwich Man of TikTok. Google is adding Flyover-like aerial views to Maps. Google Photos website starts showing the backup quality of every image. Google Play gets a new logo for its 10-year anniversary. Hangouts on Air is back as Google Meet brings YouTube livestreaming to free Gmail. Pixel's At a Glance widget starts showing Air Quality (AQI) alerts. Google Drive, Docs, and other Workspace apps getting optimized for Android tablets. Chromecast with Google TV finally supports streaming live video from new Nest Cams, Doorbell. Chromebooks are getting a new, more advanced Google Photos movie editor. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us. Coding Mistake Made Intel GPUs 100X Slower in Ray Tracing. The drive to save Choco Taco. Chess robot grabs and breaks finger of a seven-year-old opponent. Russia to drop out of International Space Station after 2024. Why One Critical Second Can Wreak Havoc on the Internet. How to Use BeReal, the 'Unfiltered' Social Media App. Why Big Tech Is Making a Big Play for Live Sports. Why Amazon is buying a little-known medical provider for $3.9 billion. Frankfurt airport boss blames travel chaos on black suitcases. Picks: Stacey - @secengineer on TikTok. Jeff - @jeffjarvis: Well, damn, now I'm crying all over again. Newport put up two high-quality and complete videos from @jonimitchell's set. Ant - Mac Arnold's 80th birthday celebrated with blues jam. Hosts: Leo Laporte, Jeff Jarvis, Stacey Higginbotham, and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/this-week-in-google. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: ClickUp.com use code TWIG
Alphabet misses on earnings and revenue for second quarter. Google earnings signal company weathering slowdown better than expected. Mark Zuckerberg braces Meta employees for 'intense period'. Instagram Admits It's 'Not Good' After Kardashians Beg It to Stop Copying TikTok. Introducing Home and Feeds on Facebook. Zuck Turns Up the Heat. Sunset of the social network. @elonmusk: The media is a click-seeking machine dressed up as a truth-seeking machine. Inside TikTok's Attempts to 'Downplay the China Association'. Google Fires Blake Lemoine, Engineer Who Called Its AI Sentient. Google, like Amazon, will let police see your video without a warrant. TikTok's Pink Sauce chef defends her viral condiment. Today's TikTok culinary horror: pizza sacrilege. Why Does the Prison-Life Content on TikTok Feel So Familiar? A Fond Farewell to the Chaotic Italian Sandwich Man of TikTok. Google is adding Flyover-like aerial views to Maps. Google Photos website starts showing the backup quality of every image. Google Play gets a new logo for its 10-year anniversary. Hangouts on Air is back as Google Meet brings YouTube livestreaming to free Gmail. Pixel's At a Glance widget starts showing Air Quality (AQI) alerts. Google Drive, Docs, and other Workspace apps getting optimized for Android tablets. Chromecast with Google TV finally supports streaming live video from new Nest Cams, Doorbell. Chromebooks are getting a new, more advanced Google Photos movie editor. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us. Coding Mistake Made Intel GPUs 100X Slower in Ray Tracing. The drive to save Choco Taco. Chess robot grabs and breaks finger of a seven-year-old opponent. Russia to drop out of International Space Station after 2024. Why One Critical Second Can Wreak Havoc on the Internet. How to Use BeReal, the 'Unfiltered' Social Media App. Why Big Tech Is Making a Big Play for Live Sports. Why Amazon is buying a little-known medical provider for $3.9 billion. Frankfurt airport boss blames travel chaos on black suitcases. Picks: Stacey - @secengineer on TikTok. Jeff - @jeffjarvis: Well, damn, now I'm crying all over again. Newport put up two high-quality and complete videos from @jonimitchell's set. Ant - Mac Arnold's 80th birthday celebrated with blues jam. Hosts: Leo Laporte, Jeff Jarvis, Stacey Higginbotham, and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/this-week-in-google. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: ClickUp.com use code TWIG
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Why Entrust being ransomwared is good news UEFI bootkits turn hardware into landfill Microsoft resumes macro blocking rollout Pat and Adam talk about why plugging your IDP into legacy apps is a dreadful idea Much, much more This week's sponsor guest is Paul “The Voice” Lanzi of Remediant. He's popping along to talk about the emergence of a new product category – Identity Threat Detection and Response, or ITDR. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Italy investigating ransomware attack on tax agency - The Record by Recorded Future IT security giant Entrust says it's investigating alleged June data breach - The Record by Recorded Future Microsoft resuming default block of Office VBA macros - The Record by Recorded Future Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us | Ars Technica China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors | Federal Public Service Foreign Affairs Cyber Command shares bevy of new malware used against Ukraine - The Record by Recorded Future Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelensky's health Congress goes after spyware purveyors. Will it make a difference? Report: Mercenary spyware exploited Google Chrome zero-day to target journalists - The Record by Recorded Future TSA unveils updated cybersecurity regulations of oil and gas pipelines - The Record by Recorded Future Congress Might Actually Pass ADPPA, the American Data Privacy and Protection Act | WIRED Federal privacy legislation progresses, but concerns about data brokers loom China cybersecurity agency fines ride-hailing giant Didi $1.2 billion for data issues - The Record by Recorded Future T-Mobile reaches historic $350 million settlement in 2021 data breach - The Record by Recorded Future Former Coinbase Manager Arrested by Feds for Alleged Insider Trading Cisco patches dangerous bug trio in Nexus Dashboard | The Daily Swig Atlassian patches batch of critical vulnerabilities across multiple products | The Daily Swig Hardcoded password in Confluence app has been leaked on Twitter | Ars Technica
I'll wrap up the earnings from Microsoft, Alphabet, Spotify and Shopify. Proof that the cost of a data breach for companies is skyrocketing. What ever happened to the legislative crackdown on Big Tech? Inflation comes to the Metaverse as Meta is jacking up the prices on Quest headsets. And a big update to Google Maps.Sponsors:Storyblok.com/ridehomeLinks:Techmeme headlines from this morning running down earnings (Techmeme, 8:25am eastern today)IBM Security report finds data breaches are costlier than ever before (SiliconAngle)Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us (ArsTechnica)Senate's Antitrust Crackdown Sputters as Schumer Signals Doubts (Bloomberg)Quest 2 Price Jumps To $399 As Meta Costs Rise (UploadVR)Google Maps rolls out location sharing notifications, immersive views and better bike navigation (TechCrunch)See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Killer Robots, UEFI, LinkedIn, Ducktail, Costa Rica, Tmobile, Prestashop, we also have a special guest, David Monnier from Team Cymru. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn226
LockBit gets an upgrade. CosmicStrand firmware rootkit is out in a new and improved version. Are thieves being treated like white hats? AV-Test's Twitter account is hijacked. Joe Carrigan considers the mental health effects of the online scam economy. Mr. Security Answer Person John Pescatore ponders the cybersecurity talent gap. And ongoing speculation on the cyber phase of the hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/138 Selected reading. LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities (Trend Micro) CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit (Securelist) Crypto Firms Make Thieving Hackers an Offer: Keep a Little, Give Back the Rest (Wall Street Journal) Phishers' Favorites Top 25, H1 2022: Microsoft Is the Most Impersonated Brand in Phishing Attacks (Vade Secure) Testing times for AV-Test as Twitter account hijacked by NFT spammers (Graham Cluley) Ukraine fall-out and new ransomware tactics elevate cyber risks (Strategic Risk Europe) Ed's note: The Ukrainian-Russian cyber war no one speaks about (Smart Energy)
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
PowerShell Script with Fileless Capability https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878 With Management Comes Risk: Finding Flaws in Filewave MDM https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/ CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
A daily look at the relevant information security news from overnight - 25 July, 2022Episode 272 - 25 July 2022Entrust Breached- https://www.bleepingcomputer.com/news/security/digital-security-giant-entrust-breached-by-ransomware-gang/UEFI Rootkit - https://thehackernews.com/2022/07/experts-uncover-new-cosmicstrand-uefi.htmlUrgent SonicWall Patch - https://www.securityweek.com/sonicwall-warns-critical-gms-sql-injection-vulnerabilityCisco Nexus Patches Three- https://portswigger.net/daily-swig/cisco-patches-dangerous-bug-trio-in-nexus-dashboard Racoon Gets Buff - https://thehackernews.com/2022/07/racoon-stealer-is-back-how-to-protect.htmlHi, I'm Paul Torgersen. It's Monday July 25th, 2022, this is a look at the information security news from overnight. From BleepingComputer.com:Identity and access management company Entrust has confirmed that it was the victim of a cyberattack. Threat actors were able to breach their network and steal data from internal systems. The company says they have found no indication that the breach has impacted their operation or their products and services. No word on malware strain or threat actor involved. More to come I'm sure. From TheHackerNews.com:An unknown Chinese-speaking threat actor has been attributed with a new kind of UEFI firmware rootkit called CosmicStrand. The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and are related to designs using the H81 chipset. Victims identified so far are just individuals in China, Vietnam, Iran and Russia, with no discernable ties to business or government agencies. A link to the Kaspersky research in the article. From SecurityWeek.com:SonicWall has issued urgent patches for a critical flaw in its Global Management System software, warning that the issue exposes businesses to remote attacks. The 9.4 severity flaw provides a pathway for a remote attacker to execute arbitrary SQL queries in the database. The vulnerability exists due to insufficient sanitization of user-supplied data. From PortSwigger.net:Serious vulnerabilities in Cisco Nexus Dashboard give attackers a viable path to executing arbitrary commands as root, uploading container image files, or performing cross-site request forgery attacks. Cisco has issued patches for the three bugs, one of them carrying a 9.8 severity rating. The company said it was not aware of any of these bugs being exploited in-the-wild. Get your patch on kids. And last, from TheHackerNews.com:The new and vastly improved version of Raccoon Stealer has hit the scene. Not only can it steal browser passwords, cookies, and auto-fill data, it can now also steal credit card numbers, cryptocurrency and crypto wallets, harvest file data, drop files onto the system, list apps installed on the machine, and take screenshots. Fortunately, just like with the real world rodents, basic precautions should keep the varmint at bay: beware of spoofed messages and don't click any links you didn't know were specifically coming. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
The Technado team was back together in the studio this week to discuss the new Intel Core i9-12900K benchmarks, Microsoft's shift in Windows development cycles, Unbreakable Oracle Linux 9's Btrfs support, Lenovo patching UEFI code execution vulnerabilities, and a phishing campaign that can get around MFA. Finally, the team talked about CIA hacker Joshua Shulte's conviction and how it compared to the Edward Snowden leak.
The Technado team was back together in the studio this week to discuss the new Intel Core i9-12900K benchmarks, Microsoft's shift in Windows development cycles, Unbreakable Oracle Linux 9's Btrfs support, Lenovo patching UEFI code execution vulnerabilities, and a phishing campaign that can get around MFA. Finally, the team talked about CIA hacker Joshua Shulte's conviction and how it compared to the Edward Snowden leak.
Thinkpads that won't boot Linux by default, Lennart moves to Microsoft, the Firefox Snap is finally a lot faster, Reddit shows its true colours, KDE Korner, and more. News London Meetup 5th August near The Eye Lenovo Secured-core PC unable to boot Linux from a USB stick Responsible stewardship of the UEFI secure boot... Read More
Thinkpads that won't boot Linux by default, Lennart moves to Microsoft, the Firefox Snap is finally a lot faster, Reddit shows its true colours, KDE Korner, and more. News London Meetup 5th August near The Eye Lenovo Secured-core PC unable to boot Linux from a USB stick Responsible stewardship of the UEFI secure boot... Read More