A flaw in Intel AMT can leave your laptop exposed to attackers

Friday, January 12th, 2018

Following on the heels of the revelations of the Meltdown and Spectre vulnerabilities plaguing decades of Intel's processors, a new flaw in the Active Management Technology (AMT) has left Intel in even more hot water among the cybersecurity community. The new flaw targets laptops, especially those powered by Intel's enterprise-focused vPro ...

Extended Validation Is Broken

Wednesday, December 13th, 2017

Extended validation ("EV") certificates are a unique type of certificate issued by certificate authorities after more extensive validation of the entity requesting the certificate. In exchange for this more rigorous vetting, browsers show a special indicator like a green bar containing the company name, or in the case of Safari ...

New “Quad9” DNS service blocks malicious domains for everyone

Thursday, November 16th, 2017

The Global Cyber Alliance (GCA)—an organization founded by law enforcement and research organizations to help reduce cyber-crime—has partnered with IBM and Packet Clearing House to launch a free public Domain Name Service system. That system is intended to block domains associated with botnets, phishing attacks, and other malicious Internet hosts—primarily ...

Google Just Made Gmail the Most Secure Email Provider on the Planet

Wednesday, October 18th, 2017

Anyone with a Gmail account can now activate what the company calls "Advanced Protection," a set of features that make it harder to hack into your Google account. These are aimed specifically at "high-risk" users, as Google puts it. That is political campaign staffers, activists, journalists, or people in abusive ...

KRACK Attack Devastates Wi-Fi Security

Monday, October 16th, 2017

A devastating weakness plagues the WPA2 protocol used to secure all modern Wi-Fi networks, and it can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty. Not only can attackers peek at supposedly encrypted traffic to steal credentials and payment card data, for example, but ...