Spectre And Meltdown Still Haunting Intel/AMD

Spectre And Meltdown Still Haunting Intel/AMD

/
The ongoing saga of the Spectre and Meltdown vulnerabilities has just taken a new turn. Discovered by Google Project Zero (GPZ) with the help of others, the attacks affected everything from desktops, laptops and mobile devices to infrastructure-as-a-service. These flaws are present in nearly all modern microprocessors and could allow ... Read More
Advisory: Red Hat DHCP Client Command Injection Trouble

Advisory: Red Hat DHCP Client Command Injection Trouble

/
On May 15, Red Hat disclosed a critical vulnerability in a script included in NetworkManager for the Dynamic Host Configuration Protocol (DHCP) client on Red Hat Enterprise Linux (RHEL). The vulnerability was discovered by Google engineer Felix Wilhelm. The proof of concept for the command injection vulnerability CVE-2018-1111 is so ... Read More
ADVISORY: Efail...PGP Has an Email Problem?

ADVISORY: Efail…PGP Has an Email Problem?

/
Email continues to be one of the most popular ways to communicate in the world today. And given the rapidly evolving threat landscape, email encryption has never been more critical. Pretty Good Privacy (PGP) has long been a trusted platform for encrypted messaging and remains a popular method of sending ... Read More
ADVISORY: Intel...Simply Misunderstood?

ADVISORY: Intel…Simply Misunderstood?

/
To close numerous security gaps, Microsoft, Adobe, Apple, Red Hat, Xen, VMware and other vendors have released a number of patches in the first 10 days of May. We discussed some of these in our recent blog post, Microsoft May Madness. However, one issue that stands out because it impacts ... Read More
Why Are You Still Using IE? Double Kill Is Just the Latest Issue

Why Are You Still Using IE? Double Kill Is Just the Latest Issue

/
Microsoft's legacy browser Internet Explorer (IE) has been used for almost three decades, but not without issues. IE has been so plagued with security problems that Microsoft built a new, more secure browser called Edge. But there are still some issues. Edge’s forward-leaning technology doesn’t support some of IE’s legacy ... Read More
Cisco Smart Install - How to Prevent Attacks on Switches

Cisco Smart Install – How to Prevent Attacks on Switches

/
There’s been a flurry of activity around the Cisco Smart Install feature recently. Last week, we posted a tech blog about CVE-2018-0171, a critical vulnerability in Cisco’s Smart Install feature that called for immediate mitigation as proof-of-concept code was released publicly. Now, a wave of attacks has moved through data ... Read More
Microsoft Defends Windows Defender from Remote Code Execution: CVE-2018-0986

Microsoft Defends Windows Defender from Remote Code Execution: CVE-2018-0986

/
Over the years, Microsoft has developed an anti-virus and anti-malware suite of security tools for the Windows environment. However, recently, a critical flaw has been found, which affects Microsoft Malware Protection Engine, or mpengine.dll, the core of Windows Defender in all Windows Defender supported versions of Windows and Windows Server ... Read More
Proof of Concept (and Patch) for Critical Cisco IOS Vulnerability: CVE-2018-0171

Proof of Concept (and Patch) for Critical Cisco IOS Vulnerability: CVE-2018-0171

/
Embedi, a security firm, has discovered a major security flaw in the Cisco Smart Install code. According to Embedi and Cisco, “A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected ... Read More