Kernel memory leak
A flaw in Intel’s processor chips is forcing a significant redesign of the Linux and Windows kernels. To read more: https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
Apple
Apple has confirmed that all Mac systems and iOS devices are affected by the Meltdown and Spectre vulnerabilities. Apple has said that there are no known exploits impacting customers at this time, and that is has already released mitigations. To read more: http://www.zdnet.com/article/apple-confirms-iphone-mac-affected-by-meltdown-spectre-vulnerabilities/
Qualcomm
Qualcomm has confirmed that its processors have the same security vulnerability as the Intel and IBM cores. To read more: https://www.theregister.co.uk/2018/01/06/qualcomm_processor_security_vulnerabilities/
US Homeland Security
More than 240,000 current and former employees of the US Department of Homeland Security have had their personal details exposed. The breach could affect anyone employed between 2002 and 2014. To read more: https://www.theregister.co.uk/2018/01/04/us_homeland_security_breach_exposed_personal_info_of_200000_staff/
Spectre and Meltdown
To protect your Linux, MacOS or Windows PC, patch immediately. Learn more about how to protect your devices and how the security vulnerabilities will affect you: http://www.zdnet.com/article/how-the-meltdown-and-spectre-security-holes-fixes-will-affect-you/
Spectre and Meltdown: Origins
An article outlining how three researchers discovered the 20-year-old Spectre and Meltdown vulnerabilities simultaneously. To read more: https://www.wired.com/story/meltdown-spectre-bug-collision-intel-chip-flaw-discovery/
vSphere Data Protection
VMware identified three vulnerabilities and published a security advisory for its Data Protection product. The critical flaw could allow a remote unauthenticated attacker to bypass authentication protections and gain root control of the server. To read more: https://www.theregister.co.uk/2018/01/03/vmware_vsphere_vdp/
MacOS LPE Exploit
A researcher released details of a local privilege escalation attack against MacOS that dates back to 2002. However, the attack requires a pre-existing foothold in the targeted systems to execute. To read more: https://threatpost.com/macos-lpe-exploit-gives-attackers-root-access/129282/
Dell EMC Data Protection Suite
Security researchers have discovered zero-day vulnerabilities within its Data Protection Suite products. These enable attackers to compromise the Dell EMC Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance. To read more: http://www.zdnet.com/article/zero-day-vulnerabilities-hijack-full-dell-emc-data-protection-suite/
LightsOut Apps
Almost two dozen Android flashlight and related utility apps were removed from the Google Play marketplace after researchers found a malicious advertising component inside them. The apps were downloaded between 1.5 and 7.5 million times. To read more: https://threatpost.com/google-play-removes-22-malicious-lightsout-apps-from-marketplace/129328/
Sign up below and receive weekly breach reports directly in your inbox.