ICYMI: Intel CPU flaw; HR Ransomware; Schools ransomed; Android tops CVE, Meters explode?
ICYMI: Intel CPU flaw; HR Ransomware; Schools ransomed; Android tops CVE, Meters explode?

Debugging mechanism in Intel CPUs allows seizing control via USB port

Researchers from Positive Technologies have revealed that some new Intel CPUs contain a debugging interface, accessible via USB 3.0 ports, that can be used to obtain full control over a system and perform attacks that are undetectable by current security tools.

An attacker could use this to bypass all security systems for the embedding of code over a certain period of time, reading all possible data and even making the machine inoperative, for instance by re-writing its BIOS. More...

German HR departments are being targeted in effort to spread ransomware

According to Check Point Software Technologies, German HR departments are being targeted by criminals posing as job applicants in a bid to infect company machines with GoldenEye, the latest strain of ransomware variant Petya.

When contacting HR professionals, the criminals send two files: one is a cover letter designed to assure the person opening it that the application is real and legitimate, the other is an excel spreadsheet which contains the ransomware payload, a variant of Petya which Check Point researchers named GoldenEye. More...

Fraudsters demand £8000 from UK schools to unlock encrypted data

UK police have issued warnings that fraudsters are cold calling schools claiming to be from the “Department of Education”, and asking for personal email addresses of the headteacher or financial administrator, claiming they need to send documents containing sensitive information.

The crooks then send damaging files to the personal email addresses rather than a generic school inbox in the hope it will bypass standard security measures. More...

Android tops 2016 vulnerability list. Security industry says "meh!"

The Common Vulnerabilities and Exposures (CVE) statistics for 2016 are in and Android tops the CVE charts for most insecure product (ahead of Debian, Ubuntu and Adobe Flash) and Google comes second (behind Oracle but ahead of both Adobe and Microsoft) in the insecure vendor listings.

That's according to a summation of the stats for 2016.  If we dig a little deeper than the headline figures, and take the last couple of years into account, things don't get any the rosier for Google. Both Apple products, and Apple as a vendor, have become ‘more secure' over time using this metric whereas Google has gone in the opposite direction. More... 

Can smart meters be blown up? We'll let you decide....

Cyber-researcher and self-described hacker Netanel Rubin, speaking at the 33rd Chaos Communications Congress in Hamburg in December, warned of serious security vulnerabilities in smart meters which are being rolled out around the world, claiming that in certain circumstances they can be made to explode.

Describing the devices as “dangerously insecure”, the researcher claims they use weak encryption and protocols, and can be programmed to explode. "An attacker who controls the meter also controls its software, allowing them to literally blow the meter up," said Rubin. Rubin claims blowing a smart meter up is trivially easy. More...