Intel Patches CPU Bugs Impacting Millions of PCs, Servers

Intel released eight patches for vulnerabilities in remote management software and firmware that could allow local adversaries to elevate privileges, run arbitrary code, crash systems and eavesdrop on communications. Source: Threadpost

Threat Predictions for Connected Life in 2018

ul li {margin-bottom:2.4rem;}  Download the Kaspersky Security Bulletin: Threat Predictions for Connected Life in 2018 Introduction: To be awake is to be online The average home now has around three connected computers and four...

US-CERT Warns of ASLR Implementation Flaw In Windows

US-CERT is warning of a vulnerability in Microsoft’s implementation of Address Space Layout Randomization that affects Windows 8, Windows 8.1 and Windows 10. Source: Threadpost

CENTCOM Says Massive Data Cache Found on Leaky Server is Benign

Pentagon contractor left 1.8 billion mostly benign publicly accessible social-media posts scraped from the internet on a publicly accessible Amazon storage bucket. Source: Threadpost

The First Threatpost Alumni Podcast

With Mike Mimoso leaving Threatpost, it was high time to get many of the people responsible for the site's success throughout the years together for a podcast. Founding editors Ryan Naraine...

Multiple Vulnerabilities in LibXL Library Open Door to RCE Attacks

Hackers using a specially crafted XLS files can trigger several remote code execution vulnerabilities in the LibXL library. Source: Threadpost

Amazon Promises Fix to Stop Key Service Hack

Amazon said it will offer a fix for its Amazon Key delivery service that allows hackers to tamper with a home security camera. Source: Threadpost

Kaspersky Lab – Beyond Black Friday Threat Report, November 2017

Introduction The festive holiday shopping season, which covers Thanksgiving, Black Friday and Cyber Monday in late November as well as Christmas in December, now accounts for a significant share of annual sales...

Oracle Issues Emergency Patches for ‘JoltandBleed’ Vulnerabilities

Oracle pushed out an emergency update for vulnerabilities dubbed 'JoltandBleed' affecting five of its products that rely on its proprietary Jolt protocol. Source: Threadpost

White House Releases VEP Disclosure Rules

The White House released a charter document on Wednesday outlining how the U.S. government will disclose cyber security flaws and when it will keep them secret. Source: Threadpost