This Week in Security News: Unsecured Servers and Vulnerable Processors
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about vulnerabilities that can allow hackers to retrieve data from CPUs and mine cryptocurrency.
May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
Trend Micro Unveils Cloud-Native Security Customized to the Demand of DevOps
Trend Micro launched container security capabilities added to Trend Micro Deep Security to elevate protection across the entire DevOps lifecycle and runtime stack.
Side-Channel Attacks RIDL, Fallout, and ZombieLoad Affect Millions of Vulnerable Intel Processors
Researchers found a bevy of critical vulnerabilities in modern Intel processors that, when exploited successfully, can leak or let hackers retrieve data being processed by the vulnerable CPUs.
Trump Issues Executive Order Paving Way for Ban on Huawei
President Trump has issued an executive order declaring a national emergency and prohibiting U.S. companies from using telecom services that are solely owned, controlled, or directed by a foreign adversary, clearing the way for a ban on the Chinese-owned Huawei.
Unsecured Server Leaks PII of Almost 90% of Panama Residents
The personally identifiable information of almost 90% of Panama’s population has been divulged due to an unsecured Elasticsearch server that was found without authentication or firewall protection, connected to the internet, and publicly viewable on any browser.
Google Discloses Security Bug in its Bluetooth Titan Security Keys, Offers Free Replacement
Google says that the security bug, which could allow an attacker in close physical proximity to circumvent the security the key is supposed to provide, is due to a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols.”
Jenkins Vulnerability Exploited to Drop Kerberods Malware and Launch Monero Miner
Threat actors were found exploiting CVE-2018-1000861, a vulnerability in the Stapler web framework that is used by the Apache Jenkins open-source software development automation server with versions 2.153 and earlier.
Crypto Exchange Binance Restarting Services After Post-Hack Upgrade
Cryptocurrency exchange Binance has announced that it is back online after completing a security upgrade prompted by a recent hack that saw 7,000 BTC worth $41 million stolen.
Do you worry about your personally identifiable information being divulged to cyber criminals? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
Read More HERE