Blog Archives

May Patch Tuesday

It’s time to patch your PCs and Macs.

WhatsApp Hacked, Update If You Use It.

Someone hacked into WhatsApp hosting servers so that it was distributed with spyware installed.  The latest update fixes the flaw.

Google’s SensorVault Helping the Police Catch the Bad Guys

When the police ask, Google will provide location/tracking info for specific users with a certain area and time frame.

April 2019 Patch Tuesday

Microsoft and Adobe have released patches for April.   Time to patch.

Intel VISA Flaw

Researchers claim to be able to able to manipulate the Visualize Internal Signal Architecture, an undocumented technology that allows capturing of signals moving to and from peripherals, view private or confidential data.  Intel says VISA is disabled on commercial products and a patch was issued in 2017 that negates the attack vector used by the researchers.

ASUS Update Installs Backdoor Malware

If you own an ASUS product, and have used their software update application (“Live Update”) you should perform a full virus scan and update the Live Update application.  Kaspersky estimates 1 million users could be affected.  ASUS servers were compromised and used to host the malicious payload.

Update Chrome, 0-Day Actively Being Exploited

No technical details, but it affects all versions of Chrome.  Update (Help->About Chrome) ASAP.

PDF Signatures Broken

You cannot trust PDF signatures.  Researchers have found a way to forge them.

New Thunderbolt Vulnerability, “Thunderclap”

The flaw allows full read/write access to memory which can be used for code execution.  All modern OSes and most hardwares (including Apple) are affected.

CloudBourne – Take Control of “Baremetal” Servers in the Cloud

By overwriting the server’s controller firmware, and installing their own, hackers can take control of physical servers hosted in vendor “clouds.”