Security News > 2020

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised. Intel CSME is a separate security micro-controller incorporated into the processors that provides an isolated execution environment protected from the host opening system running on the main CPU. It is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components, root of trust based secure boot, and also cryptographically authenticates the BIOS, Microsoft System Guard, BitLocker, and other security features.

The really bad news is the CPU row, which has only three green squares, and tells you that the Sandcastle builds will only work on iPhone 7 devices for now. If you happen to have a surplus-to-requirements iPhone 7 lying around, and you decide to give this Android thing a spin please let us know in the comments how you got along.

The CNAME points to a subdomain on a hosting service like Azure, which allows users to create websites using subdomains of. No verification, no alert to Microsoft that one of their old subdomains has been taken over, and no easy way for enterprise security systems to detect that this apparently legit domain is anything but.

Cryptocurrency security company Ledger has warned users about a rogue Chrome extension that dupes its victims into giving up the keys to their crypto wallets. Cryptocurrency owners need a wallet just like users of regular cash do.

File this one under "Well, duh." Consumer mag Which? today published research estimating that over a billion Android devices are vulnerable to hackers and malware as they are not receiving security updates. The most current version of Android is version 10, while Android 9.0 Pie and Android 8.0 Oreo continue to receive updates.

The UK's Information Commissioner's Office said on Wednesday that it's fined Cathay Pacific Airways £500,000 for failing to secure passengers' personal details, leading to malware being installed on its server that harvested millions of people's names, passport and identity details, dates of birth, postal and email addresses, phone numbers and historical travel information. Once it found that its database had been rifled through in 2018, Cathay Pacific hired a cybersecurity firm and subsequently reported the incident to the ICO. Investigations found that the airline lacked appropriate security to secure customers' data from October 2014 to May 2018.

Boots, a UK pharmacy chain, has suspended payments on the loyalty cards of 14.4 million active customers after its security team spotted "Unusual" activity on a number of Boots Advantage Card accounts. If Boots wasn't hacked, then where did crooks get the credentials that they've evidently used to try to get into people's Advantage Card accounts so they can make fraudulent purchases on what we refer to in the States as "Somebody else's dime?".

Microsoft has released PowerShell 7, the latest major update to its popular task automation tool and configuration management framework that can be used on various operating systems. PowerShell was initially a Windows component, but was open-sourced in 2016 and made available for Windows, macOS and various Linux distributions.

UK-based phone, TV and broadband services provider Virgin Media on Thursday admitted that it exposed the personal information of roughly 900,000 people. Virgin Media said the exposed database did not include any passwords or financial information, such as payment card details or bank account numbers.

The latest edition of the ISMG Security Report discusses the developing definition of "Insider Risk." Plus, Former DHS Secretary Michael Chertoff on U.S. 5G rollout plans; Cloud Security Alliance...