Meltdown and Spectre: Critical chip vulnerabilities found to put enterprise data at risk

Security Digest Information security news and advice from TechTarget's network |January 10, 2018 FEATURED STORY Meltdown and Spectre patches and mitigations released by Michael Heller, Senior Reporter Vendors released the vulnerability disclosures and patches for the new Meltdown and Spectre CPU attacks as the infosec industry begins mitigating risks. (SearchSecurity.com) Advertisement NEWS   Huge coordinated vulnerability disclosure needed for Meltdown Unprecedented Spectre and Meltdown CPU flaws required a vast coordinated vulnerability disclosure effort over six months and across dozens of organizations. (SearchSecurity.com)   NIST botnet security report recommendations open for comments Federal agencies opened public comments on a draft botnet security report born from the 2017 White House cybersecurity executive order and experts are generally favorable. (SearchSecurity.com)   Risk & Repeat: The TLS 1.3 clock continues to click In this week's Risk & Repeat podcast, SearchSecurity editors discuss the long wait for TLS 1.3 and the effects -- positive and negative -- the delays have had for enterprise security.  (SearchSecurity.com)   Intel keynote misses the mark on Meltdown and Spectre vulnerabilities With CEO Brian Krzanich's keynote at the 2018 Consumer Electronics Show, Intel missed an opportunity for the Meltdown and Spectre vulnerabilities. (SearchSecurity.com)   A DHS data breach exposed PII of over 250,000 people News roundup: A DHS data breach exposed PII of 250,000 federal employees, as well as investigative data from 2002 to 2014. Plus, a new bill aims to nix paperless voting, and more. (SearchSecurity.com)   Intel CPU flaw gets third-party patch but no details Release of a third-party patch for a mysterious Intel CPU flaw led to many questions but few answers, and details on the issue may not be imminent. (SearchSecurity.com) EXPERT ADVICE   Mobile app risks: Five things enterprises should consider Just like any other risk in the enterprise, mobile app risks need to be a top priority. Join Kevin Beaver as he explains the dangers that unsecure mobile apps pose. (SearchSecurity.com)   The ROCA vulnerability: How it works and what to do about it The ROCA vulnerability is a serious flaw in cryptographic keys. Expert Michael Cobb explains how the flaw works and what can be done to lessen the risk to enterprises. (SearchSecurity.com)   Improve Kubernetes security to protect cloud instances Strong Kubernetes security is important to keep out attackers looking to use compromised containers for malicious activities, like bitcoin mining. Expert Dave Shackleford explains. (SearchCloudSecurity.com)   How can a BGP vulnerability in Cisco products be fixed? A BGP vulnerability in some Cisco products enabled denial-of-service attacks. Expert Judith Myerson explains the vulnerability and how Cisco fixed the problem. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2017 TechTarget. All rights reserved.