Meltdown and Spectre mitigation efforts stumble with faulty updates

Security Digest Information security news and advice from TechTarget's network |January 31, 2018 FEATURED STORY Microsoft rushes Spectre patch to disable Intel's broken update by Michael Heller, Senior Reporter Microsoft was forced to release an out-of-band Spectre patch designed not to mitigate the vulnerability but to protect users from Intel's broken fix. (SearchSecurity.com) Advertisement NEWS   Critical Cisco ASA vulnerability patched against remote attacks Experts urge users to patch a new Cisco ASA vulnerability that earned the most critical CVSS score of 10.0 and could lead to remote code execution and denial of service attacks. (SearchSecurity.com)   FBI encryption argument draws fire from senator Sen. Ron Wyden challenged the FBI encryption argument and asked the FBI director to be transparent about claims that lawful access could be provided securely. (SearchSecurity.com)   A series of new IoT botnets plague connected devices News roundup: New IoT botnets compromise tens of thousands of devices worldwide. Plus, Kaspersky Lab filed an injunction against DHS, mobile POS gets a PCI standard, and more. (SearchSecurity.com)   Intel Spectre vulnerability memo raises questions of OEM disclosures Intel first learned of the Spectre vulnerabilities on June 1, but a confidential document shows the chip maker didn't inform OEM partners until almost six months later. (SearchSecurity.com)   Comodo calls out Symantec certificate issues, applauds Google Bill Conner and Bill Holtz, who recently joined Comodo CA as chairman and CEO, respectively, discuss Symantec's certificate issues and their effect on the certificate market. (SearchSecurity.com)   Risk & Repeat: Backdoor access, strong encryption debate rolls on In this week's Risk & Repeat podcast, SearchSecurity editors discuss the FBI's continued criticism of encrypted devices and the risks of vendor-created backdoor access points. (SearchSecurity.com) EXPERT ADVICE   Cryptojacking: How to navigate the bitcoin mining threat Due to the rising value of bitcoin and other cryptocurrency, hackers have started to use cryptojacking to mine bitcoin. Learn what this means for end users with expert Nick Lewis. (SearchSecurity.com)   Top five cloud security applications for infosec pros The top five cloud security applications for infosec pros cover a wide range of security issues. Expert Frank Siemons outlines the security reasons to use cloud services. (SearchCloudSecurity.com)   How are middleboxes affecting the TLS 1.3 release date? Despite fixing important security problems, the official TLS 1.3 release date keeps getting pushed back, in part due to failures in middlebox implementations. (SearchSecurity.com)   Devil's Ivy vulnerability: How does it put IoT devices at risk? A gSOAP flaw was found in an Axis Communications security camera and branded the Devil's Ivy vulnerability. Learn how it threatens IoT devices with expert Nick Lewis. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2017 TechTarget. All rights reserved.