General Cyber News via Ars Technica Risk Assessment

Intel’s SGX blown wide open by, you guessed it, a speculative execution attack

Speculative execution attacks truly are the gift that keeps on giving.
Publish Date: 8/14/2018
read more -->

Windows 10 to get disposable sandboxes for dodgy apps

Apps will be run in a virtual machine that's discarded after use.
Publish Date: 8/9/2018
read more -->

Heads-up: 2FA provider Duo Security to be acquired by Cisco (ugh)

Both companies insist nothing will change, but this former Cisco customer has doubts.
Publish Date: 8/2/2018
read more -->

New Spectre attack enables secrets to be leaked over a network

It's no longer necessary to run attacker code on the victim system.
Publish Date: 7/26/2018
read more -->

Microsoft offers extended support for Windows, SQL 2008—but with a catch

An extra three years of patches are being offered to in-cloud users.
Publish Date: 7/12/2018
read more -->

New Spectre-like attack uses speculative execution to overflow buffers

Research is continuing to find new attack vectors.
Publish Date: 7/10/2018
read more -->

Hyperthreading under scrutiny with new TLBleed crypto key leak

A new attack prompted OpenBSD's developers to disable hyperthreading by default.
Publish Date: 6/25/2018
read more -->

A host of new security enhancements is coming to iOS and macOS

Coming: FaceTime encryption, protected cam access, and, possibly, USB Restricted Mode.
Publish Date: 6/5/2018
read more -->

New speculative-execution vulnerability strikes AMD, ARM, and Intel

Fortunately, existing fixes should provide the protection we need.
Publish Date: 5/22/2018
read more -->

As the Web moves toward HTTPS by default, Chrome will remove “secure” indicator

The browser is changing to flag the things that are dangerous, not the ones that are safe.
Publish Date: 5/17/2018
read more -->

Microsoft claims to make Chrome safer with new extension

A purported Edge advantage is now available in Chrome.
Publish Date: 4/18/2018
read more -->

Intel, Microsoft to use GPU to scan memory for malware

The company is also using its processors’ performance monitoring to detect malicious code.
Publish Date: 4/17/2018
read more -->

AMD systems gain Spectre protection with latest Windows fixes

Systems will still need updated firmware to get the latest microcode, however.
Publish Date: 4/11/2018
read more -->

Practical passwordless authentication comes a step closer with WebAuthn

Microsoft, Mozilla, and Google are all implementing the new standard.
Publish Date: 4/10/2018
read more -->

Intel drops plans to develop Spectre microcode for ancient chips

Company claims it's too hard, and few systems have exposure to attack.
Publish Date: 4/4/2018
read more -->

Google bans cryptomining Chrome extensions because they refuse to play by the rules

Google continues to try to keep its browser running smoothly in spite of others’ efforts.
Publish Date: 4/3/2018
read more -->

As predicted, more branch prediction processor attacks are discovered

New attack focuses on a different part of the branch prediction system.
Publish Date: 3/26/2018
read more -->

AMD promises firmware fixes for security processor bugs

All bugs require administrative access to exploit.
Publish Date: 3/20/2018
read more -->

Intel outlines plans for Meltdown and Spectre fixes, microcode for older chips

Microcodes for Sandy Bridge and newer are now available.
Publish Date: 3/15/2018
read more -->

Patch Tuesday drops the mandatory antivirus requirement after all

Today’s patches also include an annoying-looking remote code execution bug.
Publish Date: 3/13/2018
read more -->