F-Secure reports a security issue affecting most corporate laptops that allows an attacker with physical access to backdoor a device in less than 30 seconds. The issue allows the attacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation. It exists Read more about All Intel laptops open to unlocking with ctrl-P and “admin”. Another fatal flaw in Intel Management Engine.[…]

Let’s Encrypt – a SSL/TLS certificate authority run by the non-profit Internet Security Research Group (ISRG) to programmatically provide websites with free certs for their HTTPS websites – on Thursday said it is discontinuing TLS-SNI validation because it’s insecure in the context of many shared hosting providers. TLS-SNI is one of three ways Let’s Encrypt’s Read more about Let’s Encrypt plugs hole that let miscreants grab HTTPS web certs for strangers’ domains[…]

Researchers at the firm Digital Interruption on Tuesday warned that an adult-themed virtual reality application, SinVR, exposes the names, email and other personal information via an insecure desktop application – a potentially embarrassing security lapse. The company decided to go public with the information after being frustrated in multiple efforts to responsibly disclose the vulnerability Read more about Adult Themed Virtual Reality App spills Names, Emails of Thousands[…]

Spare a thought for Jasper Spaans, who hosts the Linux Kernel Mailing List archive from a single PC that lives in his home. And since things always happen this way the home machine died while he was on holiday. The archive was therefore unavailable for much of the weekend, although Linux developers could still use Read more about Wait, what? The Linux Kernel Mailing List archives lived on ONE PC? One BROKEN PC?[…]

While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell’s EMC and VMware units. A trio of critical, newly reported vulnerabilities in EMC and VMware backup and recovery tools—EMC Avamar, EMC NetWorker, EMC Integrated Data Protection Read more about EMC, VMware security bugs throw gasoline on cloud security fire[…]

Wi-Fi router vendors have started issuing patches to defend their products against Google Chromecast devices.TP-Link and Linksys were first out of the blocks with firmware fixes, and TP-Link has posted this explanation of the issue. The bug is not in the routers, but in Google’s “Cast” feature, used in Chromecast, Google Home, and other devices. Read more about Okay, Google: why does Chromecast clobber Wi-Fi connections?[…]