Intel needs more time and it could be Q3 before all the patches for OSes and VMs land

Linux, Windows, macOS, FreeBSD, and some implementations of Xen have a design flaw that could allow attackers to, at best, crash Intel and AMD-powered computers.

At worst, miscreants can, potentially, "gain access to sensitive memory information or control low-level operating system functions,” which is a fancy way of saying peek at kernel memory, or hijack the critical code running the machine.

The vulnerabilities can be exploited by malware running on a computer, or a malicious logged-in user. Patches are now available to correct the near-industry-wide programming blunders.

As detailed by CERT on Tuesday, the security cockup, labeled CVE-2018-8897, appears to have been caused by developers at Microsoft, Apple, and other organizations misunderstanding the way Intel and AMD processors handle one particular special exception.

By B.N. Frank

The Internet of Things (IoT) is technology that can connect multiple Internet-enabled devices together in order to collect and exchange data.

For the last few years, countless security experts and tech experts have been referring to it as “The Internet of Shitty Things,” “The Internet of Vulnerable Things,” etc. because of the huge security risks associated with it and its current almost 75% failure rate...

Some users have since found that the feature has been malfunctioning and it has emerged that a fault in the device's rear camera is responsible.

Apple is now offering replacement handsets to customers if the fault can't be fixed by a technician from the firm.

The US tech firm is now actively trying to rectify the issue, according to MacRumours who broke the news.

A leaked internal document obtained by the site revealed Tim Cook's company is authorising stores to replace entire handsets if the FaceID feature isn't working and can not be fixed.

Late last week, the company gave the numbers in letters to the various US congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America's financial watchdog.

As well as the – take a breath – 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers' licenses and 3,200 passport details lifted, too.

It is being spread by messages sent via the popular app and comes in two varieties. One reads: 'This is very interesting' with a crying while laughing emoji, followed by 'Read more'. Tapping on 'read more' causes your handset to freeze.

Another features a black dot and contains the words ‘if you touch the black point then your WhatsApp will hang’. Clicking on the black dot causes the crash to occur.

The code powering the messages is being shared on Pastebin, meaning anyone can find it online, copy and paste it, then spread the text bomb via WhatsApp.

Anyone who is sent the text bomb is advised to delete the message in question. The safest way to do this is to delete the conversation thread it is part of, rather than clicking on the message itself.

YouMail, a company that collects and analyzes calls through its robocall blocking service, reported an estimated 3.4 billion of the calls in April, up 900 million from this time last year.

Researcher Troy Mursch of Bad Packets Report has spotted hundreds of compromised Drupal sites being used to host "cryptojacking" malware that uses the CPUs of visitors to mine cryptocurrency via CoinHive.

Mursch says the sites all appear to have been compromised via their Drupal CMS software, all of which were outdated and vulnerable to the 'Drupalgeddon2' remote code execution flaws.

While the first compromised pages were spotted on the websites of the San Diego Zoo and the Chihuahua, Mexico government site, the researcher quickly found the attack to be far more widespread.

"After I analysed the IoCs, I was able to locate over 300 additional websites in this cryptojacking campaign," Mursch wrote. "Many discovered were government and university sites from all over the world."

In total Mursch said, around 348 individual sites had been compromised by this specific malware operation.

You may not be on social media yourself, but chances are your friends and family are. Some of us are on there for work purposes and some so we can keep in touch with loved ones who live far away. There are valid reasons we have accounts on Facebook, Twitter, and Instagram. But things are getting ugly out there in Internetland and it begs the question of whether social media is destroying humanity.

And even worse, is social media destroying humanity on purpose, because it was engineered to do?

Your lack of privacy is just a drop in the bucket.

By Nicholas West

In the wake of tragedies like the Las Vegas shooting, we’ve seen a justification emerge for using drone surveillance of large public events. Most recently we saw drones being used at the 2018 Coachella music festival with very little if any public outcry. However, the use of drones for public protests is also being pursued, which finally has drawn the attention of civil liberties advocates in Chicago...

The US Food and Drug Administration (FDA) last month approved a firmware patch for pacemakers made by Abbott’s (formerly St Jude Medical) that are vulnerable to cybersecurity attacks and which are at risk of sudden battery loss.

Some 465,000 patients are affected. The FDA is recommending that all eligible patients get the firmware update “at their next regularly scheduled visit or when appropriate depending on the preferences of the patient and physician.”

Following an internal audit, Twitter admitted today that due to a bug in its password storage mechanism it accidentally logged some users' passwords in internal logs.

Today's disclosure comes after GitHub made a similar announcement earlier this week, describing a similar incident.

Just like in the GitHub incident, the passwords were recorded in Twitter's internal server logs in their plaintext format.

Facebook has helped introduce thousands of Islamic State of Iraq and the Levant (Isil) extremists to one another, via its 'suggested friends' feature, it can be revealed.

The social media giant - which is already under fire for failing to remove terrorist material from its platform - is now accused of actively connecting jihadists around the world, allowing them to develop fresh terror networks and even recruit new members to their cause.

The message from government officials is basically this: as long as phone records exist, there will be ways for the NSA to acquire them.

A newly uncovered form of sophisticated Android malware is being distributed via compromised websites and Telegram channels, apparently with cyber espionage in mind.

The malware has a wide range of abilities and is capable of snooping on any activity carried out on an infected smartphone and is said to bear the hallmarks of a state-backed campaign.

It can steal information about contacts, call logs, pictures, messages and browser data, as well as making audio records of calls made using the phone, and silently making calls and executing shell commands.

The malware contains a keylogging function which allows attackers to steal sensitive information such as usernames and passwords, as well as the ability to capture photos and screenshots.

By Catherine J. Frompovich

A Class Action was filed in Superior Court, Province of Quebec, District of Montreal, Canada, Case No. 500-06-000760-153 against 50 Respondents including the Attorneys General of Quebec and Canada, the City of Sainte-Anne-Des-Lacs, Hydro-Quebec, and approximately 40 corporations involved in the manufacture, production, servicing and transmission of Electromagnetic Frequencies (EMFs) and Radiofrequencies (RFRs), for their contributory roles in the transmissions, products and services that emit...

Ever worked late into the night on your computer and found yourself blinded by the light from the monitor? Yes, all of us have experienced it at some point or another.

So what do you do then? Get down and dirty and adjust the screen’s brightness to be a little easy on the eyes, only to find it ineffective and then find yourself adjusting it again the next morning? There’s definitely got to be a better way to automate this. And surely there is – “F.lux“.

A no fuss application that doesn’t bother you too much and sits quietly in the system tray adjusting the screen for the better.

Two new London-based companies, Firecrest Technologies and Emerdata, have been set up with the same registered address, same purpose and same directors.

Researchers have unearthed a fresh new set of ways attackers could potentially exploit data-leaking Spectre CPU vulnerabilities in Intel chips.

German publication Heise reported that eggheads are preparing to disclose at least eight new CVE-listed vulnerability reports describing side-channel attack flaws in Chipzilla's processors.

"So far we only have concrete information on Intel's processors and their plans for patches. However, there is initial evidence that at least some ARM CPUs are also vulnerable," Jürgen Schmidt reported.

"Further research is already underway on whether the closely related AMD processor architecture is also susceptible to the individual Spectre-NG gaps, and to what extent."

“Fake news” was a propaganda term designed to destroy and discredit alternative media – but we are sticking it right to the real propagandists – the very fake mainstream media that told us there was WMDs in Iraq and chemical weapons in Syria.

During 2017, the utility conducted 129,922 residential and commercial cutoffs, up 29 percent from 100,533 the previous year and a 44 percent increase from the 90,099 reported in 2015.

Several factors account for the increase, including mild weather last year that resulted in fewer days when MLGW observed a moratorium on cutoffs because of extremely hot or cold temperatures.

But a significant reason for the increase is that smart meters make it much cheaper, quicker and easier for MLGW to disconnect services when customers fail to pay their bills. Instead of sending a truck and employee to manually cut off services -- a process that can be delayed by weather and other issues -- the utility is able to do it remotely via smart meter.

Spotify's shares plunged after its first earnings report revealed it lost $49 million (£36 million/41 million euros) in the three months through March.

Twitter is urging all of its users to change their passwords, after the firm discovered a bug that left passwords completely exposed.

While the firm has not revealed how many people could be affected by the glitch, it’s warning its more than 330 million users to create a new password ‘out of an abundance of caution.’

Twitter insists it has since fixed the bug, and found no indication of a breach or misuse of the unprotected information.

The company formerly known as Cambridge Analytica shocked the media today when it announced an immediate shutdown and liquidation of its business.

That "shutdown," however, may be short-lived as official documents indicate those behind the controversial analytics company will be launching as a new firm with a less-toxic brand.

By Aaron Kesel

Facebook CEO Mark Zuckerberg stated Tuesday that his company has begun to implement a system that will rank news organizations based on trustworthiness while suppressing content that doesn’t fit in that metric...

The arms race has started: deep fakes versus tech that exposes them. The only problem is that the technology that will supposedly tell us what is real and what is not… was created by DARPA. DARPA (Defense Advanced Research Projects Agency) is the government agency responsible for the developing things like killer robots, artificial intelligence, swarms of tiny drones, and even experiments with mind reading technology. And those are just the projects we know about.

By MassPrivateI

Not content with surveillance cameras on buses, the police state has now begun adding them to bus stops.

Last month an article in WTVR 6 revealed that the Greater Richmond Transit Center (GRTC) is installing more than one hundred surveillance cameras at bus stops...

Cambridge Analytica, the data company at the center of an international controversy over how it used Facebook to obtain personal data from tens of millions of people, is shutting down.

If you receive a link for a video, even if it looks exciting, sent by someone (or your friend) on Facebook messenger—just don't click on it without taking a second thought.

Cybersecurity researchers from Trend Micro are warning users of a malicious Chrome extension which is spreading through Facebook Messenger and targeting users of cryptocurrency trading platforms to steal their accounts’ credentials.

Dubbed FacexWorm, the attack technique used by the malicious extension first emerged in August last year, but researchers noticed the malware re-packed a few new malicious capabilities earlier this month.

New capabilities include stealing account credentials from websites, like Google and cryptocurrency sites, redirecting victims to cryptocurrency scams, injecting miners on the web page for mining cryptocurrency, and redirecting victims to the attacker's referral link for cryptocurrency-related referral programs.

Facebook CEO Mark Zuckerberg told the establishment media at a conference on Tuesday that Facebook is going to "dial up" its "suppression" of news outlets he deems lacking in "trustworthiness."

The zombie profiles are further proof that data legislation remains ambiguous and the internet is still forever

It looks as though Microsoft has a bit of a security issue on its hands that affects both Windows 7 and Windows 10 operating systems. Back in July 2017, Bitdefender researcher Marius Tivadar discovered an exploit in Windows operating systems that allows anyone with physical access to a computer to invoke a BSOD by simply inserting a USB thumb drive loaded with a bit of software. He reported the issue to Microsoft, but at the time they brushed him off. Now, he's stepping out with details and a demonstration to raise awareness of this vulnerability.

What makes this exploit so intriguing is that Tivadar's proof-of-concept showed that he could force a BSOD even if the Windows machine was locked.

If your smartphones, tablets, smart refrigerators, smart TVs and other smart devices are smart enough to make your life easier, their smart behavior could also be leveraged by hackers to steal data, invade your privacy or spy on you, if not secured properly.

One such experiment has recently been performed by a team of student hackers, demonstrating a new attack method to turn smart devices into spying tools that could track your every move, including inferring sexual activity.

Facebook accidentally went live with their new hate speech flagging system which asks users whether every post made on the website is "hate speech."

By MassPrivateI

All across the country businesses are being encouraged to use facial recognition to identify everyone.

Companies like DeepCam, have been been secretly working for three years, to create a facial recognition customer watch list system...

By Nicholas West

It’s a trend that is quickly becoming accepted reality – biometric identification at U.S. airports. However, until now, it has been marketed either as an elective measure for preferred travelers who wish to expedite clearance or for inbound international travelers...

Earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server.

However, a security researcher, who operates through the Twitter handle @pyn3rd and claims to be part of the Alibaba security team, has now found a way using which attackers can bypass the security patch and exploit the WebLogic vulnerability once again.

By Nicholas West

Like the proverbial canary in the coal mine, China is offering a grim vision of the future as it implements a full-scale technocracy that is still debated as conspiracy theory by many people in the West.

I have been writing for years about the various stories that have emerged about developments in neuroscience that have included the reading of brain waves for a multitude of applications, good and bad. Naturally, for authoritarian control freaks, the idea of being able to directly monitor and analyze the thoughts of your population is a dream come true; and for anyone else who simply wishes to have more data at their disposal for targeted advertising or other economic management schemes, it’s a technology too tempting to refuse.

South China Morning Post covers both aspects of this emerging reality...

Siri has been known to produce some absolutely bizarre answers to requests from time to time, but iPhone users recently discovered perhaps the strangest—and definitely the most explicit—response yet.

Here’s the deal: Summon Siri on your iPhone or Mac and ask it to “define the word mother.” Siri will read off the first definition plain and simple, and then prompt you if you’d like to know the second definition. Say “yes,” and prepare your sensitive little ears for Siri’s R-rated response.

“As a noun,” Siri says, “it means, short for ‘motherfucker.’”

The real threat to the republic, however, lies not in the weapons available but in the unlimited and unaccountable bureaucracy in Washington that deploys them, both at home and abroad. Having broken free of constitutional constraints, America’s political class now directs an all-powerful state that naturally adopts every tool technology has to offer.

The robot revolution is coming but this early step might not be in the direction many expected. A California company and its collaborators will soon roll out a new incredibly life-like sex robot that is run by artificial intelligence.

The group hopes that one day these AI creations will become your friend, lover, companion and even your caregiver.

A Romanian hardware expert has published proof-of-concept code on GitHub that will crash most Windows computers within seconds, even if the computer is in a locked state.

The code exploits a vulnerability in Microsoft's handling of NTFS filesystem images and was discovered by Marius Tivadar, a security researcher with Bitdefender.

The expert's PoC contains a malformed NTFS image that users can take and place it on a USB thumb drive. Inserting this USB thumb drive in a Windows computer crashes the system within seconds, resulting in a Blue Screen of Death (BSOD).

"Auto-play is activated by default," Tivadar wrote in a PDF document detailing the bug and its impact.

"Even with auto-play [is] disabled, [the] system will crash when the file is accessed. This can be done for [example,] when Windows Defender scans the USB stick, or any other tool opening it."