[…] We’re told mitigations put in place at the software and silicon level by the x86 giant to thwart Spectre-style exploitation of its processors’ speculative execution can be bypassed, allowing malware or rogue users on a vulnerable machine to steal sensitive information – such as passwords and keys – out of kernel memory and other Read more about Intel CPUs still vulnerable to Spectre attack[…]

A handful of bugs in LG smart TVs running WebOS could allow an attacker to bypass authorization and gain root access on the device. Once they have gained root, your TV essentially belongs to the intruder who can use that access to do all sorts of nefarious things including moving laterally through your home network, Read more about Critical bugs in LG TVs could allow complete device takeover[…]

Ethiopia’s biggest commercial bank is scrambling to recoup large sums of money withdrawn by customers after a “systems glitch”. The customers discovered early on Saturday that they could take out more cash than they had in their accounts at the Commercial Bank of Ethiopia (CBE). More than $40m (£31m) was withdrawn or transferred to other Read more about Commercial Bank of Ethiopia glitch lets customers withdraw millions[…]

Intermittenty checks your installed extensions to see if the developer information listed on the Chrome Web Store or Firefox Addons store has changed. If anything is different, the extension icon will display a red badge, alerting you to the change. Why is this needed? Extension developers are constantly getting offers to buy their extensions. In Read more about Under New Management Detects when your extensions have changed owners[…]

[…] Even after Microsoft patched the vulnerability last month, the company made no mention that the North Korean threat group Lazarus had been using the vulnerability since at least August to install a stealthy rootkit on vulnerable computers. The vulnerability provided an easy and stealthy means for malware that had already gained administrative system rights Read more about Hackers exploited Windows 0-day for 6 months after Microsoft knew of it[…]

The Vietnamese government will begin collecting biometric information from its citizens for identification purposes beginning in July this year. Prime minister Pham Minh Chinh instructed the nation’s Ministry of Public Security to collect the data in the form of iris scans, voice samples and actual DNA, in accordance with amendments to Vietnam’s Law on Citizen Read more about Vietnam to collect biometrics – even DNA – for new ID cards. Centralised databases never leak.[…]

Oklahoma-based WinStar bills itself as the “world’s biggest casino” by square footage. The casino and hotel resort also offers an app, My WinStar, in which guests can access self-service options during their hotel stay, their rewards points and loyalty benefits, and casino winnings. The app is developed by a Nevada software startup called Dexiga. The Read more about ‘World’s biggest casino’ app Winstar exposed customers’ personal data: developer Dexia didn’t secure the db.[…]

Mercedes-Benz accidentally exposed a trove of internal data after leaving a private key online that gave “unrestricted access” to the company’s source code, according to the security research firm that discovered it. Shubham Mittal, co-founder and chief technology officer of RedHunt Labs, alerted TechCrunch to the exposure and asked for help in disclosing to the Read more about Mercedes-Benz source code exposed by leaving private key online[…]

Close to a million records containing personally identifiable information belonging to donors that sent money to non-profits were found exposed in an online database. The database is owned and operated by DonorView – provider of a cloud-based fundraising platform used by schools, charities, religious institutions, and other groups focused on charitable or philanthropic goals. Infosec Read more about 1M non-profit donors PII exposed by unsecured DonorView database[…]

A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps. The vulnerability, dubbed “AutoSpill,” can expose users’ saved credentials from mobile password managers by circumventing Android’s secure autofill mechanism, according to university researchers at the IIIT Hyderabad, who discovered the vulnerability and Read more about Your mobile password manager might be exposing your credentials because of Webview[…]

A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers. We’re told the attacks – which are usable against servers running the default configuration of Microsoft Dynamic Host Configuration Protocol (DHCP) servers – don’t Read more about Attacks abuse Microsoft DHCP to spoof DNS records and steal secrets[…]

“Researchers have identified a large number of bugs to do with the processing of images at boot time,” writes longtime Slashdot reader jd. “This allows malicious code to be installed undetectably (since the image doesn’t have to pass any validation checks) by appending it to the image. None of the current secure boot mechanisms are Read more about Nearly Every Windows and Linux Device Vulnerable To New LogoFAIL Firmware Attack[…]