Tag Archives: Foreshadow

August 22nd resources update

Updates to Cryptocurrency/Crypto-mining News and Resources

Next Web: Arrested BitConnect kingpin is connected to yet another cryptocurrency scam – “Something is cooking up in the Indian state of Gujarat”

Updates to GDPR page

Catalin Cimpanu for Bleeping Computer: Number of Third-Party Cookies on EU News Sites Dropped by 22% Post-GDPR  “Researchers looked at 200 news sites in total, from seven countries —Finland, France, Germany, Italy, Poland, Spain, and the UK.” Sadly, there seem to be an awful lot of sites outside the EU that regard GDPR as avoidable simply by saying “We use cookies: live with it or live without us.” Sigh…

The Register takes a slightly broader view: That’s the way the cookies crumble: Consent banners up 16% since GDPR – “While news sites cut cookies by 22% – but Google retains omnipresence”

Updates to Meltdown/Spectre and other chip-related resources

Foreshadow web page resource:


The Register: Fix for July’s Spectre-like bug is breaking some supers – “RDMA-Lustre combo swatted, HPC admins scramble”

Updates to Specific Ransomware Families and Types

GandGrab:

Trend Micro: .EGG Files in Spam Delivers GandCrab v4.3 Ransomware to South Korean Users Apparently the otherwise obscure .EGG file compression format is widely used in South Korea.

Commentary by Graham Cluley: Rotten EGGs spread ransomware in South Korea – “RANSOMWARE CHANGES FILE EXTENSION TO .KRAB.”

Commentary by David Bisson for Tripwire: Spam Campaign Targeting South Korean Users With GandCrab v4.3 Ransomware


Ryuk:

Catalin Cimpanu for Bleeping Computer: Ryuk Ransomware Crew Makes $640,000 in Recent Activity Surge – “There have been several reports from victims regarding infections with Ryuk in the past week, including one on the Bleeping Computer forums.”

David Harley

Advertisements

I’m being followed by a Foreshadow…

Updates to Meltdown/Spectre and other chip-related resources

Dave Lee for the BBC: Foreshadow’ attack affects Intel chips – “Researchers have found another serious security flaw in computer chips designed by Intel…Nicknamed Foreshadow, this is the third significant flaw to affect the company’s chips this year.”

For more details, see the advisory on Intel’s web site. Also:


The Register: Three more data-leaking security holes found in Intel chips as designers swap security for speed “Apps, kernels, virtual machines, SGX, SMM at risk from attack…The operating system and hypervisor-level flaws – CVE-2018-3620 and CVE-2018-3646 – were discovered by Intel’s engineers after they were tipped off about CVE-2018-3615, the SGX issue, by the university researchers.”


Thomas Claburn for The Register: The off-brand ‘military-grade’ x86 processors, in the library, with the root-granting ‘backdoor’ – “Dive into a weird and wonderful ‘feature’ of Via’s embedded hardware chips … A forgotten family of x86-compatible processors still used in specialist hardware, and touted for “military-grade security features,” has a backdoor that malware and rogue users can exploit to completely hijack systems.”

David Harley