Wednesday, January 31, 2018

Meltdown and Spectre mitigation efforts stumble with faulty updates

Security Digest
Information security news and advice from TechTarget's network |January 31, 2018
TechTarget
FEATURED STORY
Microsoft rushes Spectre patch to disable Intel's broken update
by Michael Heller, Senior Reporter

Microsoft was forced to release an out-of-band Spectre patch designed not to mitigate the vulnerability but to protect users from Intel's broken fix. (SearchSecurity.com)

Advertisement
NEWS
 
Critical Cisco ASA vulnerability patched against remote attacks

Experts urge users to patch a new Cisco ASA vulnerability that earned the most critical CVSS score of 10.0 and could lead to remote code execution and denial of service attacks. (SearchSecurity.com)

 
 
 
FBI encryption argument draws fire from senator

Sen. Ron Wyden challenged the FBI encryption argument and asked the FBI director to be transparent about claims that lawful access could be provided securely. (SearchSecurity.com)

 
A series of new IoT botnets plague connected devices
News roundup: New IoT botnets compromise tens of thousands of devices worldwide. Plus, Kaspersky Lab filed an injunction against DHS, mobile POS gets a PCI standard, and more. (SearchSecurity.com)
 

Intel Spectre vulnerability memo raises questions of OEM disclosures

Intel first learned of the Spectre vulnerabilities on June 1, but a confidential document shows the chip maker didn't inform OEM partners until almost six months later. (SearchSecurity.com)

 
Comodo calls out Symantec certificate issues, applauds Google
Bill Conner and Bill Holtz, who recently joined Comodo CA as chairman and CEO, respectively, discuss Symantec's certificate issues and their effect on the certificate market. (SearchSecurity.com)
 
Risk & Repeat: Backdoor access, strong encryption debate rolls on
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the FBI's continued criticism of encrypted devices and the risks of vendor-created backdoor access points. (SearchSecurity.com)
 
 
 
EXPERT ADVICE
 
Cryptojacking: How to navigate the bitcoin mining threat

Due to the rising value of bitcoin and other cryptocurrency, hackers have started to use cryptojacking to mine bitcoin. Learn what this means for end users with expert Nick Lewis. (SearchSecurity.com)

 
Top five cloud security applications for infosec pros
The top five cloud security applications for infosec pros cover a wide range of security issues. Expert Frank Siemons outlines the security reasons to use cloud services. (SearchCloudSecurity.com)
 
 
 
 

How are middleboxes affecting the TLS 1.3 release date?

Despite fixing important security problems, the official TLS 1.3 release date keeps getting pushed back, in part due to failures in middlebox implementations. (SearchSecurity.com)

 
 
Devil's Ivy vulnerability: How does it put IoT devices at risk?

A gSOAP flaw was found in an Axis Communications security camera and branded the Devil's Ivy vulnerability. Learn how it threatens IoT devices with expert Nick Lewis. (SearchSecurity.com)

About This E-Newsletter
This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for.

TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com

Copyright 2017 TechTarget. All rights reserved.
TechTarget

No comments: