Chrome OS 75 Adds More Mitigations for Intel MDS Flaws

Chrome OS version 75, which Google released on Wednesday in the stable channel, adds more mitigations for recently disclosed Microarchitectural Data Sampling (MDS) vulnerabilities affecting most Intel processors made in the last decade. The researchers who discovered the security holes have named them ZombieLoad, RIDL (Rogue In-Flight Data Load), Fallout, and Store-to-Leak Forwarding. Intel has assigned them the following names and CVEs: Microarchitectural Store Buffer Data Sampling (MSBDS, CVE-2018-12126), Microarchitectural…

June 27, 2019
Read More >>

Critical Flaws Found in Cisco Data Center Network Manager

Cisco on Wednesday informed customers that its Data Center Network Manager (DCNM) product is affected by several vulnerabilities, including ones described as “critical” and “high severity.” According to Cisco, the web-based interface of the DCNM data center network management platform is affected by two critical security holes. One of them, tracked as CVE-2019-1620, allows a remote, unauthenticated attacker to upload arbitrary files to the impacted device and execute code with…

June 27, 2019
Read More >>

French Consumer Group Launches Class Action Against Google

A French consumer rights group said Wednesday that it has launched a class action lawsuit against US tech giant Google for violating the EU’s strict data privacy laws. The UFC-Que Choisir group said in a statement that the goal of its class action is to “end the insidious exploitation of users’ personal data, particularly those using Android devices with a Google account, and compensate them for up to 1,000 euros…

June 27, 2019
Read More >>

Email Security Firm GreatHorn Raises $13 Million

Waltham, MA-based email security firm GreatHorn has raised an additional $13 million in a new funding round technically filed as a Series A-1. The round was co-led by new investor RRE Ventures and existing investor .406 Ventures, with participation from other existing investors including Techstars Ventures, V1.VC and Uncork Capital. It brings the total raised to date to almost $22 million. GreatHorn describes itself as “the only 100 percent cloud-native…

June 26, 2019
Read More >>

Vulnerability Remediation Firm Vulcan Cyber Raises $10 Million

Vulcan Cyber, an Israel-based startup that specializes in vulnerability remediation solutions, on Wednesday announced that it raised $10 million in a Series A funding round. The investment, obtained from Ten Eleven Ventures and original seed backer YL Ventures, brings the total raised by the firm to $14 million. The company plans on using the money to expand commercial operations in North America and extend its development and support capabilities. The…

June 26, 2019
Read More >>

Presidential Phone Alerts Can Be Spoofed, Researchers Say

Presidential Alerts that all modern cell phones in the United States are required to receive and display as part of the Wireless Emergency Alert (WEA) program can be spoofed, researchers have discovered.  Issued via the Integrated Public Alert and Warnings System (IPAWS) along with AMBER alerts and imminent threat alerts, the Presidential Alerts are intended to inform the public of imminent threats and cannot be blocked.  In a recently published…

June 26, 2019
Read More >>

Six Arrested in $27 Million Cryptocurrency Theft

European authorities this week announced the arrest of 6 individuals in connection with a €24 million ($27.2 million) cryptocurrency theft. Five men and one woman were arrested in simultaneous warrants at their homes in the UK (Charlcombe, Lower Weston and Staverton), and the Netherlands (Amsterdam and Rotterdam). The authorities also seized a large number of electronic devices, equipment and valuable assets. The arrested individuals are believed to have committed computer…

June 26, 2019
Read More >>

Swimming Upstream: What the Salmon Run Teaches Us About Security

A Successful Security Organization Knows to be on the Lookout for Predators and to Navigate the Troubled Waters Around Them There are certain natural phenomena that I find to be simply breathtaking.  One of them is the salmon run.  For those unfamiliar with it, Wikipedia describes the salmon run as “the time when salmon, which have migrated from the ocean, swim to the upper reaches of rivers where they spawn…

June 26, 2019
Read More >>

Google Allows G Suite Users to Log In With Security Codes

Google on Tuesday announced that G Suite users can now log in on platforms that don’t directly support security keys using security codes generated by their security keys. Security keys, which are two-factor authentication (2FA) devices, are considered highly efficient for protecting accounts against phishing and other types of threats. However, they often don’t work on legacy platforms that do not support FIDO protocols or applications such as Internet Explorer,…

June 26, 2019
Read More >>

EA Games Login Flaw Exposed Accounts of 300 Million Gamers

Researchers have discovered a chain of flaws in EA Games’ login process that could allow an attacker to take over the accounts of any or multiple EA gamers — and there are 300 million of these around the globe. Stolen gaming credentials are valuable and frequently sold on the internet. The flaws were discovered in EA’s Origin platform and worked into a proof of concept by Check Point Research and…

June 26, 2019
Read More >>