Chrome Now Features Site Isolation to Defend Against Spectre

Google introduced new security mitigations for its Chrome browser to defend against recently discovered Spectre variants. The new security feature, called site isolation, essentially isolates different browser work processes between various browser tabs. That means one tab’s webpage rendering and...

Fresh Spectre Variants Come to Light

Two new speculative execution bugs have earned researchers a $100,000 bug bounty from Intel. MIT’s Vladimir Kiriansky and independent researcher Carl Waldspurger uncovered what they call Spectre1.1 and a subset, Spectre1.2, collectively referred to as Variant 4 of Spectre by Intel and ARM. Like t...

July 10, 2018—KB4338820 (Security-only update)

July 10, 2018—KB4338820 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections from an additional subclass of speculative execution side-channel...

July 10, 2018—KB4338830 (Monthly Rollup)

July 10, 2018—KB4338830 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4284852 released June 21, 2018 and addresses the following issues: Provides protections from an additional subclass of speculative execution side-channel...

New Virus Decides If Your Computer Good for Mining or Ransomware

Security researchers have discovered an interesting piece of malware that infects systems with either a cryptocurrency miner or ransomware, depending upon their configurations to decide which of the two schemes could be more profitable. While ransomware is a type of malware that locks your comput...

Delving deep into VBScript

In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that was picked up by our sandbox. The vulnerability uses a well-known technique from the proof-of-concept exploit CVE-2014-6332 that essentially "corrupts" two memory objects and...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 25, 2018

I have never reverse engineered anything, but I did dismantle a Betamax VCR and put it back together without an instruction manual. My little brother liked to use the tape slot as a garage for his Hot Wheels® toy cars. We were usually able to take out the cars without any issues, but one day, he...

Google Android Device RAMpage Vulnerability

Rowhammer is a hardware reliability issue for the new generation of DRAM chips. rampage is a variant of the Rowhammer attack. Google Android devices suffer from the RAMpage vulnerability. An attacker can gain root privileges on the target device by exploiting the previously publicized Drammer...

SUSE SLES11 Security Update : kernel modules packages (SUSE-SU-2018:1784-1) (Spectre)

The following kernel modules were rebuild with 'retpoline' enablement to allow full mitigation of the Spectre Variant 2 CVE-2017-5715, bsc1068032 OFED was adjusted to add an entry to control the loading/unloading of cxgb4 to /etc/sysconf/infiniband bsc926856. Note that Tenable Network Security ha...

SUSE-SU-2018:1784-1 Security update for kernel modules packages

The following kernel modules were rebuild with 'retpoline' enablement to allow full mitigation of the Spectre Variant 2 CVE-2017-5715, bsc1068032 OFED was adjusted to add an entry to control the loading/unloading of cxgb4 to /etc/sysconf/infiniband bsc926856...

CVE-2018-6211

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...

SUSE SLES12 Security Update : xen (SUSE-SU-2018:1699-1) (Meltdown) (Spectre)

This update for xen fixes several issues. This feature was added : - Added support for qemu monitor command These security issues were fixed : - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass SSB, Varia...

SUSE SLES12 Security Update : xen (SUSE-SU-2018:1658-1) (Meltdown) (Spectre)

This update for xen fixes several issues. These security issues were fixed : - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass SSB, Variant 4 bsc1092631. - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754:...

June 12, 2018—KB4284874 (OS Build 15063.1155)

June 12, 2018—KB4284874 OS Build 15063.1155 Note This release also contains updates for Windows 10 Mobile OS Build 15063.1154 released June 12, 2018. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes...

June 12, 2018—KB4284860 (OS Build 10240.17889)

June 12, 2018—KB4284860 OS Build 10240.17889 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides support to control usage of Indirect Branch Prediction Barrier IBPB on some AMD...

June 12, 2018—KB4284826 (Monthly Rollup)

June 12, 2018—KB4284826 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4103713 released May 17, 2018 and addresses the following issues: Provides support to control use of Indirect Branch Prediction Barrier IBPB on some AMD...

June 12, 2018—KB4284867 (Security-only update)

June 12, 2018—KB4284867 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides support to control use of Indirect Branch Prediction Barrier IBPB on some AMD...

SUSE SLES11 Security Update : xen (SUSE-SU-2018:1603-1) (Meltdown) (Spectre)

This update for xen fixes several issues. These security issues were fixed : - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass SSB, Variant 4 bsc1092631. - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754:...

openSUSE: Security Advisory for kernel (openSUSE-SU-2018:1502-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES12 Security Update : oracleasm kmp (SUSE-SU-2018:1503-1) (Spectre)

This update provides rebuilt kernel modules for SUSE Linux Enterprise 12 SP3 products with retpoline enablement to address Spectre Variant 2 CVE-2017-5715 bsc1068032. Following modules have been rebuilt : - drbd - oracleasm - crash - lttng-modules Note that Tenable Network Security has extracted...