Intel, Cisco, Facebook, & Twitter – Paul’s Security Weekly #554

April 11, 2018
In the news, Intel drops plans to develop Spectre microcode for ancient chips, Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking, VirusTotal launches 'Droidy' sandbox to detect malicious Android apps, Facebook and Twitter may be forced to identify bots, and more on this episode of Paul’s Security Weekly!

Paul's Stories

  1. Intel drops plans to develop Spectre microcode for ancient chips - Core 2 processors are no longer scheduled to receive updates, and, while some first generation Core products have microcode updates available already, others have had their update cancelled.
  2. Critical remote code execution vulnerabilities impact Natus medical devices - The firm's electroencephalogram (EEG) offerings are described as "leading-edge features you want in critical care." The systems include amplifier ports compatible with USB and TCP/IP cables, while the NeuroWorks software connects to monitoring equipment to record data in SQL databases.
  3. Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking - The stack-based buffer overflow vulnerability (CVE-2018-0171) resides due to improper validation of packet data in Smart Install Client, a plug-and-play configuration and image-management feature that helps administrators to deploy (client) network switches easily.
  4. VirusTotal launches 'Droidy' sandbox to detect malicious Android apps - Android Sandbox performs both static and dynamic analysis to automatically detect suspicious applications by executing and monitoring applications in a simulated Android OS environment.
  5. Cloudflares 1.1.1.1 promises to make DNS more secure
  6. Facebook and Twitter may be forced to identify bots - according to California lawmakers. They’ve introduced a bill that would give online platforms such as Facebook and Twitter three days to investigate whether a given account is a bot, to disclose that it’s a bot if it is in fact auto-generated, or to remove the bot outright.
  7. Four Gas Pipeline Firms Hit in Attack on Their EDI Service Provider
  8. How Security Can Bridge the Chasm with Development - I believe we need to move past the old way of thinking about this problem (for example, just go have some beers with your developers, etc...). Devops, at its core, blends development with IT and with security into value streams. Once more organizations implement this model, we'll stop seeing development, IT and security working in silos.
  9. A new Mirai-style botnet is targeting the financial sector
  10. Hooray! Facebook ditches searching for people by phone number or email
  11. Python Regex Cheat Sheet
  12. New Android Malware Secretly Records Phone Calls and Steals Private Data

Joff's Stories

  1. Critical Cisco Switch Vulnerability
Full Show Notes Subscribe to YouTube Channel [audio src="http://traffic.libsyn.com/pauldotcom/Intel_Cisco_Facebook__Twitter_-_Pauls_Security_Weekly_554_converted.mp3" ]
prestitial ad