News Posts matching "vulnerability"

Return to Keyword Browsing

Major Intel NUC Security Vulnerability Uncovered

A major security vulnerability got uncovered, affecting Intel NUC (next-unit of computing) compact system boards featuring 5th and 6th generation Core processors. It involves a BIOS-level security hole, with which an attacker with local administrative privileges can make their malware access the "system management mode," a special BIOS-level user-state, and take full control of the platform.

Intel has since released corrective BIOS updates for its 6th generation "Swift Canyon," 6th generation "Grass Canyon" and "Pinnacle Canyon" boards; and 5th generation "Rock Canyon" boards. Even the performance-oriented "Skull Canyon" NUC, which features Intel's powerful onboard graphics core, isn't spared from this vulnerability. The latest BIOS update can be installed on affected platforms using the Intel Driver Update Utility.

Epic Games Forums Hacked; Over 800,000 Passwords Stolen

The official discussion board for Epic Games, frequented by developers and gamers of Unreal Engine, "Unreal Tournament," and soon "Paragon," was hacked, exposing dates of birth, IP addresses, registration dates, registration e-mail addresses, and allegedly passwords, of over 800,000 users, reports The Hacker News. The hackers reportedly got their hands on the data by exploiting a vulnerability in the outdated version of vBulletin that Epic Games uses.

Epic Games, however, denies that the hackers got their hands on passwords. "We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext," the company stated. ZDNet reports that a larger portion of the vBulletin database, which includes user posts and private-messages, could also have been stolen.

Source: The Hacker News

ASUS Settles FTC Charges Involving Insecure Routers and "Cloud" Services

The FTC posted this press release today: Taiwan-based computer hardware maker ASUSTeK Computer, Inc. has agreed to settle Federal Trade Commission charges that critical security flaws in its routers put the home networks of hundreds of thousands of consumers at risk. The administrative complaint also charges that the routers' insecure "cloud" services led to the compromise of thousands of consumers' connected storage devices, exposing their sensitive personal information on the internet. The proposed consent order will require ASUS to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.

"The Internet of Things is growing by leaps and bounds, with millions of consumers connecting smart devices to their home networks," said Jessica Rich, Director of the FTC's Bureau of Consumer Protection. "Routers play a key role in securing those home networks, so it's critical that companies like ASUS put reasonable security in place to protect consumers and their personal information."

ASUS marketed its routers as including numerous security features that the company claimed could "protect computers from any unauthorized access, hacking, and virus attacks" and "protect [the] local network against attacks from hackers." Despite these claims, the FTC's complaint alleges that ASUS didn't take reasonable steps to secure the software on its routers.

Microsoft to Roll Out Four Security Updates Next Week

The first Patch Tuesday of 2014 is less than a week away and it will see Microsoft deliver four updates, all rated 'Important', that tackle vulnerabilities found in Windows, Office, and Dynamics AX.

One of the updates is set to resolve a previously-acknowledged elevation of privilege vulnerability that affects Windows XP and Windows Server 2003 and has already seen limited, targeted attacks. The patches will become available this coming Tuesday, January 14, at about 10:00 AM PST.

For a bit more info check out the Advance Notification found here.

NVIDIA Posts GeForce 310.90 WHQL Drivers

NVIDIA closed its Sunday launch extravaganza by posting a new version of its GeForce software suite, a combination of drivers and software for its GeForce graphics processors. The new GeForce 310.90 introduces a much-needed security update for its driver service manager that patches a recently-discovered vulnerability. In addition, it brings improved stability and performance for the dual-GPU GeForce GTX 690, in 3D production applications. SLI profiles are added or updated for several games.

DOWNLOAD: NVIDIA GeForce 310.90 WHQL for Windows 8/7/Vista 64-bit, Windows 8/7/Vista 32-bit, Windows XP 32-bit, Windows XP 64-bit

The change-log specific to this release follows.

Apple Invites Kaspersky to Improve OS X Security

Weeks after security mogul Eugene Kaspersky opined that Apple is "10 years behind Microsoft on security," Kaspersky Lab revealed that it is collaborating with Apple to investigate security concerns (read: vulnerabilities) of its operating systems, and improve its security. Kaspersky Lab CTO Nikolai Grebennikov in an interview with was quoted saying "Apple recently invited us to improve its security."

Kaspersky Lab maintains that Apple's software is extremely vulnerable, going as far as to claim that Apple doesn't pay enough attention to security. "Our first investigations show Apple doesn't pay enough attention to security. For example, Oracle closed a vulnerability in Java, which was a target for a major botnet several months ago," said Grebennikov. Apple's decision to handle updates of Java runtime environment for OS X by itself, breaking away from Oracle's update cycle, particularly drew flack from Grebennikov. "Apple blocked Oracle from updating Java on Mac OS, and they perform all the udpates themselves. They only released the patch a few weeks ago – two or three months after the Oracle patch. That's far too long," he said. Kaspersky isn't too optimistic about the infinitely more popular iOS platform, either. "Our experience tells us that in the near future, perhaps in a year or so, we will see the first malware targeting iOS," it commented.Source:

Anything that Ends in .com Seizable by US Government

Last week, US authorities shut down a Canadian-run website that ends with the TLD (top-level domain) ".com", raising eyebrows. It appears that the US is staking claim to the ".com" TLD, letting the authorities seize any ".com" domain, even of websites that are not American. Internet infrastructure company EasyDNS, in its latest blog post, said "[the] ramifications of this are no less than chilling and every single organization branded or operating under .com, .net, .org, .biz etc. needs to ask themselves about their vulnerability to the whims of U.S. federal and state lawmakers."

This latest controversy highlights how "the U.S. continues to hold over key components of the global domain name system, and rips a Band-Aid off a historic sore point for other nations," Wired commented. It also strengthens the case for non-American businesses and internet companies to opt for local TLDs (eg: "", ".de", ".in", etc.,). Naming yourself "Dotcom" isn't such a bright idea, either.

Source: Wired, Image Courtesy:

The Pirate Bay Shifts Away From Torrents, Replaces Them With DHT

Famous and very popular media search engine, The Pirate Bay, perpetually in the crosshairs of Big Media to shut it down, is to shift away from torrent files from next month and replace them with Distributed Hash Table (DHT) and Peer Exchange (PEX) technology reports ExtremeTech. They have actually been using these for quite a while now, as this is the technology underlying their Magnet links which have appeared next to the torrent links as an alternative way to download. They have done this, because torrent files are stored centrally on a web server, which makes them vulnerable to aggressive rights holders who want to take them down, while Magnet links are decentralized "trackerless", removing this vulnerability. Also, at the moment, it's impossible for anti-piracy outfits to tell how many files a user is sharing when using Magnet links, or what they are. From next month therefore, only Magnet links will be available. Note that Magnet links are compatible with various anonymizing services, for anonymous downloading, but there can be a significant performance impact on those services. In fact, TPB has been using Magnet links with torrents for some now too, but just did so quietly, without telling anyone.

Popular BitTorrent clients such as uTorrent already use Magnet links as easily as torrent files, so there won't be much difference to the user experience. The main difference, is that they can take a bit longer to get going, but the final download speed isn't any less, due to the cascading exponential pyramid nature of incoming peer connections guaranteed to max out any internet connection, when there are enough peers.

HP Printer Firmware Vulnerability Fixed: Opportunistic Lawsuit's Lost Opportunity?

Three weeks ago, we brought you news that researchers had apparently found serious vulnerabilities in the firmware of HP printers that can allow hackers to cause the fuser to overheat and almost make the paper inside catch fire. HP dismissed these claims as exaggerated, but said that they would look into it. Three days later, we reported that some enterprising New Yorker called David Goldblatt sued HP, alleging that he would not have bought their printers had he known about this problem beforehand, which seems a bit unlikely when you consider that HP is the number one printer brand by a mile. Now HP have released patches for these vulnerabilities and issued the following press release:
Return to Keyword Browsing