Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4

The new hardware-based protections Intel announced earlier in March it was embedding into new chips will only protect against Spectre and Meltdown – but not the newly disclosed Variant 4, sources said.

Schneider Electric Patches XXE Vulnerability In Software

Schneider Electric on Tuesday issued fixes for a vulnerability its SoMachine Basic software that could result in disclosure and retrieval of arbitrary data.

FBI Releases Article on Building a Digital Defense with Credit Reports

Original release date: May 23, 2018 FBI has released an article on using credit reports to build a digital defense against identify theft. FBI explains how identity theft can deal a devastating blow to consumers’ credit history. However, regularly checking the accuracy of credit reports can help consumers minimize risk. NCCIC encourages consumers to review the FBI Article and NCCIC’s Tip on Preventing and Responding to Identity Theft. This product is provided subject to this Notification and this Privacy & …
Read More »

Comcast Patches Router Bug That Leaked Some Wi-Fi Passwords

A bug in Comcast’s activation website for its Xfinity routers leaked sensitive customer data.

Six Vulnerabilities Found in Dell EMC’s Disaster Recovery System, One Critical

A pen-tester has found five vulnerabilities in Dell EMC RecoverPoint devices, including a critical RCE that could allow total system compromise.

Researchers Say More Spectre-Related CPU Flaws On Horizon

Yet another speculative execution side channel flaw has been disclosed in processors – and security experts warn that more may be out there.

VPNFilter Destructive Malware

Original release date: May 23, 2018 NCCIC is aware of a sophisticated modular malware system known as VPNFilter. Devices known to be affected by VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link networking equipment, as well as QNAP network-attached storage (NAS) devices. Devices compromised by VPNFilter may be vulnerable to the collection of network traffic (including website credentials), as well as the monitoring of Modbus supervisory control and data acquisition (SCADA) protocols. VPNFilter has a destructive capability that can make the …
Read More »

Intel Responds to Spectre-Like Flaw In CPUs

Intel on Monday acknowledged that its processors are vulnerable to another Spectre-like speculative execution side channel flaw that could allow attackers to access information.

Tragedy-Related Scams

Original release date: May 21, 2018 In the wake of the recent Texas school shooting, NCCIC advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic …
Read More »

TA18-141A: Side-Channel Vulnerability Variants 3a and 4

Original release date: May 21, 2018 Systems Affected CPU hardware implementations Overview On May 21, 2018, new variants—known as Spectre 3A and 4—of the side-channel central processing unit (CPU) hardware vulnerability were publically disclosed. These variants can allow an attacker to obtain access to sensitive information on affected systems. Description CPU hardware implementations—known as Spectre and Meltdown—are vulnerable to side-channel attacks. Meltdown is a bug that “melts” the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud …
Read More »