All about Security, News, Events and Incidents

Discussion in 'Security and Anti-Virus Software' started by Dr. AMK, Apr 26, 2018.

  1. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    28,282
    Messages:
    25,438
    Likes Received:
    45,643
    Trophy Points:
    931
    You mean with help from Micro$lopes Update servers?:D I have closed the door:)
     
    jclausius, jc_denton and Mr. Fox like this.
  2. Mr. Fox

    Mr. Fox BGA Filth-Hating Elitist

    Reputations:
    31,767
    Messages:
    36,117
    Likes Received:
    58,893
    Trophy Points:
    931
    It's getting pretty old listening to the frequent media hype and hoopla about all the vulnerabilities and exploits, but this is ridiculous. If you give a stranger with specialized hardware physical access/possession of your PC the real vulnerability it the idiot that owns the computer, not the CPU or any other part of the computer.

    Here's another security bulletin: If you point a loaded gun at your head and pull the trigger, you're going to die.

    They should just issue one security bulletin that says, "News Flash: There is no such thing as a secure computer" and be done with it.
     
    Last edited: Mar 6, 2020
  3. Mr. Fox

    Mr. Fox BGA Filth-Hating Elitist

    Reputations:
    31,767
    Messages:
    36,117
    Likes Received:
    58,893
    Trophy Points:
    931
    The issue is the executable driver package arbitrarily installs the NVMe controller drivers for ALL Samsung drives, including those for which it is not compatible and that renders the system unbootable if it is an OS drive. If you have Device Manager open and watch, you can see that. Everything is just peachy until you reboot. Then you're screwed. The installer should not behave that way. It should only install the driver where it is applicable.

    The only way to do it without messing up your system is to do an INF installation using the "Have Disk" method manually for only the PCIe ports with a compatible Samsung consumer NVMe drive installed.
     
    jclausius and Papusan like this.
  4. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    28,282
    Messages:
    25,438
    Likes Received:
    45,643
    Trophy Points:
    931
    It's holes everywhere. But all those known Intel security flaws isn't what will hit you. Much easier ways steal your info.

    Microsoft: 99.9% of compromised accounts did not use multi-factor authentication
    "In most cases, the account hacks happen after rather simplistic attacks. The primary sources of most hacks of Microsoft accounts was password spraying, a technique during which an attacker picks a common and easy-to-guess password, and goes through a long list of usernames until they get a hit and can access an account using said password".

    Brazilian security firm leaks more than 25 GB of client and staff data
    A home and business security business with several subsidiaries has exposed hundreds of thousands of client and employee files, an investigation by ZDNet in partnership with The Hack has found.

    Virgin Media exposes data of 900,000 users via unprotected marketing database
    UK telephone, television, and internet provider Virgin Media discloses data leak.

    Backdoor malware is being spread through fake security certificate alerts
    Victims of this new technique are invited to install a malicious "security certificate update" when they visit compromised websites.

    Vulnerability (CVE-2020-9054) also in Zyxel firewall
    Published on March 6, 2020 by Günter Born
    [​IMG]
    Zyxel's USG / ATP firewalls are also affected by the CVE-2020-9054 vulnerability, like their NAS. The manufacturer has released a firmware update to close the vulnerability.
     
    Last edited: Mar 6, 2020
    jc_denton and Mr. Fox like this.
  5. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    28,282
    Messages:
    25,438
    Likes Received:
    45,643
    Trophy Points:
    931
    Exactly. Have something for the AMD folks as well.
    [​IMG]
    New AMD Side Channel Attacks Discovered, Impacts Zen Architecture tomshardware.com | Mar 7, 2020

    A new paper released by the Graz University of Technology details two new attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from 2011 to 2019, meaning that the Zen microarchitecture is also impacted. (PDF)
     
    Mr. Fox and jc_denton like this.
  6. jc_denton

    jc_denton V̖̟en̰g̻̼̰̩͙ea̲n̪c̭e̼ ͍̘̤͓̟̤Is̙͔ ̤Mi̻̭̣͎͍ͅn̰ḙ

    Reputations:
    5,242
    Messages:
    2,118
    Likes Received:
    3,222
    Trophy Points:
    281
    Plot twist
    everybody loses
     
    Papusan likes this.
  7. Mr. Fox

    Mr. Fox BGA Filth-Hating Elitist

    Reputations:
    31,767
    Messages:
    36,117
    Likes Received:
    58,893
    Trophy Points:
    931
    Totally expected. We can expect more. It is not a bad reflection on AMD, just I as have never viewed it as being a bad reflection on Intel. It was only a matter of time before efforts to uncover AMD-specific vulnerabilities would become a point of emphasis. This will make some folks that wanted to believe AMD was more secure really upset, but there really is no such thing as a secure phone, tablet or computer. They need to stop being silly and realize that believing that is just living in fantasy land.

    Nothing that connects to the internet is secure. The only products that do not have vulnerabilities are those that the hackers are not paying attention to. Anyone that thinks anything is secure is just living in denial. The reason Intel CPUs have more *known* (key word) vulnerabilities is that it is where all of the focus on discovering them has been concentrated.

    Remember how Linux and crApple fanboys used to chirp about how "secure" their crap was? I know I do. It was only because those operating systems were not popular enough for hackers to burn any calories on them. The more popular they become, the more their weaknesses are revealed.

    So, the only thing that has changed is AMD has joined the rest of us the 21st Century. Welcome to the big time, Team Red. I'm not casting any stones their way. It is what it is. Que sera sera.
     
    Last edited: Mar 6, 2020
    jclausius, Papusan and jc_denton like this.
  8. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    28,282
    Messages:
    25,438
    Likes Received:
    45,643
    Trophy Points:
    931
    Android security warning: One billion devices no longer getting updates zdnet.com | Mar 6, 2020
    If you're running version 6.0 of Android or earlier you're vulnerable to malware, says consumer watchdog.

    More than one billion Android devices around the world are no longer supported by security updates, leaving them potentially vulnerable to attack.

     
    jclausius, jc_denton and Mr. Fox like this.
  9. Mr. Fox

    Mr. Fox BGA Filth-Hating Elitist

    Reputations:
    31,767
    Messages:
    36,117
    Likes Received:
    58,893
    Trophy Points:
    931
    Uh-huh... yup... just starting to scratching the surface...
    AMD processors from 2011 to 2019 vulnerable to two new attacks | ZDNet
    By Catalin Cimpanu for Zero Day | March 7, 2020

     
    Last edited: Mar 9, 2020
    Papusan likes this.
  10. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    28,282
    Messages:
    25,438
    Likes Received:
    45,643
    Trophy Points:
    931
    [​IMG]
    Intel CPUs vulnerable to new LVI attacks zdnet.com | Today 10th Mar 2020
    Researchers say Intel processors will need another round of silicon chip re-designs to protect against new attack.

    ONLY INTEL CPUS CONFIRMED TO BE AFFECTED -- FOR NOW
    Currently, only Intel CPUs have been confirmed to be impacted by the new LVI attacks in real-world tests. However, researchers don't rule out that CPUs from AMD and ARM could also be affected.

    "In principle, any processor that is vulnerable to Meltdown-type data leakage would also be vulnerable to LVI-style data injection," researchers wrote on a website dedicated to the LVI attacks.

    "Some non-Intel processors have been shown to be affected by some variants of Meltdown and Foreshadow," they added.

    "We maintain an up-to-date overview on the website Transient.fail website. Select Meltdown + vendor ARM or AMD."

    Researchers suggest that the Meltdown variations listed on the website, of which there are few, could be used for theoretical injection points for an LVI attack on other vendors' CPUs; although they have not verified any such claims in practice, so far.
     
    Fire Tiger and jc_denton like this.
Loading...

Share This Page