The big news in security (or lack thereof) recently has been the Meltdown and Spectre issues that have plagued Intel, AMD, and Apple. Those aren’t the only security issues that computer users are facing. Security research firm F-Secure has found a new security flaw that it says affects Intel Active Management Technology or AMT. AMT is an Intel proprietary solution that allows remote access or monitoring and management of personal computers in a corporate setting.
The tech was meant to allow IT departments in these large organizations or managed service providers to control fleets of computers. F-Secure Senior Security Consultant Harry Sintonen found a flaw in AMT in July of 2017 (it has only now been disclosed) that surprised him. He said, “The attack is almost deceptively simple to
Read more at: https://hothardware.com/news/researcher-exploits-intel-remote-management-security
Over the past month or so we’ve written a few times about security research Justin Shafer. As you may recall, he first came to our attention, when the Justice Department decided to subpoena the identities of five Twitter users because Shafer had tweeted a smiley emoji at them. No, really. I’m not exaggerating. That’s literally what happened. Shafer saw some Twitter users discussing a case totally unrelated to his own, tweeted an emoji, and the DOJ is demanding the identity of those he tweeted the emoji at.
That then got us more interested in what the hell happened to Shafer — where it appears that the DOJ had a weird vendetta against him. His house was raided three separate times — mainly because he had helped expose security problems with some software. The company complained that Shafer had violated the CFAA, and thus his house got raided and all
Read more at: https://www.techdirt.com/articles/20171201/23474838723/security-researcher-held-jail-8-months-because-he-wrote-angry-blog-post-released-now.shtml
TORONTO — There is a mysterious Cyber-Army allegedly built by North Korea, that has been attacking targets in South Korea and around the world for the last several years. That army is a little less mysterious to security researcher Ashley Shen, who gave a deep dive talk on the tactics and tools used by the North Korean hackers, in a session at the SecTor security conference here.
Shen is an independent security researcher working with Team T5 Inc and is the founder of HITCON GIRLS which is the first security community for women in Taiwan.
Shen noted that there have been multiple publicly reported incidents in recent years, including the WannaCry ransomware attack, the attack against the Swift bank transfer system in Bangladesh and the attack against Sony Pictures, which all can be tied to threat actors based in North Korea. She emphasized that what has been reported in the media is
Read more at: http://www.eweek.com/security/researcher-provides-insight-into-north-korea-cyber-army-tactics
Intel Corp.’s McAfee Labs raised some eyebrows in the security community in November with its prediction that “the volume and effectiveness of ransomware attacks will go down in the second half of 2017.” The security firm based its prediction on improvements in preventive technology, better industry coordination, education and stepped-up law enforcement pressure for its optimism.
But Allan Liska doesn’t agree. Liska, who’s an intelligence architect at threat intelligence firm Recorded Future Inc., last week penned a lengthy forecast of ransomware trends for 2017, in which he asserted that its growth will continue unchecked for the foreseeable future. “We saw quarter-over-quarter growth in ransomware attacks in 2015 and 2016, and will continue to see this type of growth in 2017,” he said in an interview with SiliconANGLE. “We’re probably looking at a 50 percent increase.”
Read more at: http://siliconangle.com/blog/2017/01/11/threat-researcher-sees-no-end-ransomwares-growth/