ICYMI: Intel bug; early disclosure; counter-terror expo; Kaspersky; Macron

News by SC Staff

In Case You Missed It: Intel AMT bug; MS early disclosure spat; counter-terror expo; Kaspersky accused; Macron's DP.

     Remote access bug in Intel AMT worse than we thought, says researcher

Intel is warning users of its chips that an attacker could gain remote access to PCs or devices that have its manageability firmware.  Intel described it as a critical escalation of privilege vulnerability while other commentators said the simplicity and severity put it more in the category of a backdoor.

According to an Intel Vulnerability Tracking Page set up by SSH Communications Security, Intel has provided OEM partners with a fix, though none of the OEMs has yet released updated firmware.  Specifically, the flaw was found in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology, firmware versions 6 through 11.6. More...

Ormandy criticised for revealing too much in Windows malware bug report

Graham Cluley has criticised Google's Project Team Zero for releasing proof of concept code along with details of a freshly discovered vulnerability in the Microsoft Malware Protection Engine.

Microsoft has issued an emergency patch ahead of its usual Patch Tuesday release because of the seriousness of the flaw.  According to Tavis Ormandy, who works for Project Team Zero and discovered the vulnerability along with Natalie Silvanovich, it is “the worst Windows remote code exec in recent memory. This is crazy bad.”

Discussing the vulnerability on Twitter, he said: “Attack works against a default install, don't need to be on the same LAN, and it's wormable.” More....

Security & Counter Terror Expo: Integrating cyber and physical security

The high wall between physical and cyber-security was a recurring theme at this year's Security and Counter Terror Expo at London's Olympia centre provided delegates from all over the security industry with one dedicated stream of talks on cyber security and three others in which the topic figured heavily. There was one particular theme which figured heavily at the expo: the high wall around cyber-security.

The IoT takes information security into the physical world, and with it, a dramatic reevaluation of the priorities that traditional cyber security has held so close for so long. Jennifer Ellis of IoT security practice at Symantec, pointed out that the holy trinity of security - confidentiality, integrity and availability - is upended when meeting with the problems of IoT. Confidentiality, perhaps the most important of those principles in pure information security, no longer exists when it comes to IoT. More...

US Senate committee examines Kaspersky Lab links to Russian government

Kaspersky Lab is under investigation by US authorities for possible links to the Russian government, according to a report on ABC News in America.

The company, which is based in Russia, has faced these allegations in the past and has always strongly denied them.  A secret memorandum, described to ABC News by congressional sources, says red flags have been raised by the Senate Intelligence Committee about Kaspersky Lab. More...

What do data protection and privacy look like in Macron's republique?

Centrist outsider Emmanuel Macron has just been elected France's new president in a landslide victory over his nationalist opponent, Marine LePen, but what could that mean for data protection and privacy within France?

Neither candidate said much on the topic in an election marked mostly by a confrontation between liberal centrism and anti-immigrant populism. Now that Macron will be thrust into the seat of power, many will be wondering what will become of the policy area as the new president enters the Élysée Palace in the wake of allegations of hacking of his organisation prior to the election. More...

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews