Cybersecurity

Cyber security news in July 2019

This posting is here to collect cyber security news in July 2019. I post links to security vulnerability news to comments of this article. If you are interested in cyber security trends, read my Cyber security trends 2019 posting. You are also free to post related links.  

Linux TCP SACK and PTP vulnerabilities

Linux PCs, Servers, Gadgets Can Be Crashed by ‘Ping of Death’ Network Packets writes that it is possible to crash and slow-down network-facing Linux servers, PCs, smartphones and tablets, and gadgets, by sending them a series of maliciously crafted packets. Netflix has published a security paper with many details. There are four vulnerabilities, three of

Blame the user game

Earlier it was said “customer is always right” but now the in digitak world it seems to have turned to “always claim it is user’s fault”. “The simple act of using Facebook, Snyder claimed, negated any user’s expectation of privacy. An outside party can’t violate what you yourself destroyed, Snyder seemed to suggest.” IN COURT,

Power grid hacking in USA and Russia

Electrical power grid hacking meets cyber war politics talk? Or just fear-mongering and fake news? What would happen if someone switches off the power fron your country? Russian hackers behind ‘world’s most murderous malware’ probing U.S. power grid https://www.digitaltrends.com/cool-tech/russian-hackers-us-power-grid/?amp Kremlin Warns of Cyberwar After Report of U.S. Hacking Into Russian Power Grid https://www.nytimes.com/2019/06/17/world/europe/russia-us-cyberwar-grid.html

Encryption won’t work if it has a back door only the ‘good guys’ have keys to | Technology | The Guardian

https://www.theguardian.com/technology/2015/may/01/encryption-wont-work-if-it-has-a-back-door-only-the-good-guys-have-keys-to- This article from few years back is still relevant, because this same stupid idea becomes re-introduced as proposed “solution” in different countries again and again. It’s impossible to overstate how bonkers the idea of sabotaging cryptography is. Use deliberately compromised cryptography, that has a back door that only the “good guys” are supposed to

RAMBleed vulnerability

A team of researchers representing several universities has disclosed the details a new type of side-channel attack: Researchers show with RAMBleed that it’s possible to use Rowhammer-style side-channel attacks to read protected memory. RAMBleed takes Rowhammer in a new direction. Rather than using bit flips to alter sensitive data, the new technique exploits the hardware

Cyber security news in June 2019

This posting is here to collect cyber security news in June 2019. I post links to security vulnerability news to comments of this article. If you are interested in cyber security trends, read my Cyber security trends 2019 posting. You are also free to post related links.  

Deep Dive: Intel Analysis of Microarchitectural Data Sampling

https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling This technical deep dive expands on the information in the Microarchitectural Data Sampling (MDS) guidance. Be sure to review the disclosure overview for software developers first and apply any microcode updates from your OS vendor. Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws https://techcrunch.com/2019/05/14/intel-chip-flaws-patches-released/ Intel MDS Vulnerabilities: What You Need