Security News

The head of the UK's secretive Military Intelligence Section 6 agency - popularly known as MI6 - has delivered a rare speech in which he has warned that China, Iran, and Russia use information technology to destabilise rivals, and that the agency he leads can no longer rely on in-house innovation to develop the technologies the UK needs to defend itself. MI6 boss Richard Moore delivered a speech on Thursday at the International Institute for Strategic Studies, and opened with an explanation of why the normally reclusive agency had taken the unusual step of allowing its leader to speak in public.

Intel's issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. This creates a long tail of old products that remain in widespread use, vulnerable to attacks.

Researchers shed light on hidden root CAsHow widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. universities and Qihoo 360, the company developing the 360 Secure Browser, have collected 5 months worth of certificate data from volunteer users and analyzed certificate chains and verification statuses in web visits. How to achieve permanent server hardening through automationInformation security standards such as PCI DSS and ISO 27001 and regulations such as HIPAA and CMMC mandate system hardening as one of the most basic defenses against cyber intrusions.

Britain's National Cyber Security Centre is prepared to share its cyber defence tech and threat intel feeds with British organisations in need of extra help, it said at the launch of its annual review today. You probably don't want the country's DNS being run by GCHQ! Chief techie Ian Levy highlighted the NCSC's Protective DNS service to The Register as one example of good things the cyber defence organisation has done, with the custom DNS resolver service being used by 1,000 NHS supply chain firms to prevent their devices visiting known malicious web domains.

Microsoft has confirmed a new known issue impacting Windows 11 customers and triggering to blue screens of death on affected systems. The new issue is caused by compatibility issues between Intel Smart Sound Technology audio drivers and Windows 11, version 21H2. Intel SST is an integrated audio DSP that works with the latest Intel Core and Intel Atom processors to handle audio, voice, and speech interactions.

Certain Intel processors can be slipped into a test mode, granting access to low-level keys that can be used to, say, unlock encrypted data stored in a stolen laptop or some other device. This vulnerability, identified by Positive Technologies, a security firm just sanctioned by the US, affects various Intel Atom, Celeron, and Pentium chips that were made in the past few years.

A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content. "[The] hardware allows activation of test or debug logic at runtime for some Intel processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access," according to Intel's advisory, issued last week.

Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device. The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component.

Researchers uncovered a vulnerability in Intel Processors that could affect laptops, cars and embedded systems. The flaw enables testing or debugging modes on multiple Intel processor lines, which could allow an unauthorized user with physical access to obtain enhanced privileges on the system.

AMD alone dropped 50 new CVEs on Thursday, 23 of them rated of "High" concern, meaning they're rated at between 7.0 and 8.9 on the the-point Common Vulnerability Scoring System. Let's start with the 27 flaws in the AMD Graphics Driver for Windows 10 - 18 of them rated High - because at least they're in software and Microsoft and Adobe's patch issuance cadence means readers could be in the mood to fix code.