.png?width=950&height=450&name=OneSafePlaceGlowandOutline%20(1).png "OneSafePlaceGlowandOutline (1)")
Nov
28
Cryptocurrency Miners: How to Shield Browsers From Bad Guys
Earlier this week, keen spotters discovered more than 4,200 websites were suddenly delivering cryptomining code to their visitors (see Government Websites Deliver Cryptocurrency Mining Code).
But the websites weren't hacked. Instead, all had simply been using well-intended accessibility software called Browsealoud from Texthelp that helps people with disabilities, such as by reading websites out loud or magnifying text.
Miscreants somehow managed to slip a JavaScript tool called Coinhive into Browsealoud. When websites pulled Browsealoud's code, Coinhive started running in a browser tab. The incident lasted just four hours until Texthelp temporarily shut down Browsealoud, identified the problem and excised the Coinhive code.
...
Nov
28
Microsoft Patch Nukes Bad Intel Firmware Fix
How bad does a third-party fix have to be for Microsoft to issue a rare, weekend update that helps IT administrators disable it?
Intel issued a firmware fix for variant 2 of the trio of chip security vulnerabilities known as Meltdown and Spectre (see Expect More Cybersecurity 'Meltdowns').
Then on Saturday, Microsoft released a security update enabling users and IT administrators to disable Intel's mitigation for Spectre variant 2, a branch target injection flaw designated CVE-2017-5715.
"Intel noted that this microcode can cause 'higher than expected reboots and other unpredictable system behavior' and then noted that situations like this may result in 'data loss or corruption,'" Microsoft says in its security update (see Intel:...
Nov
28
Saks, Lord & Taylor Suffer Payment Card Data Breach
Department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor have suffered a data breach that apparently exposed details on 5 million payment cards for customers in North America, Toronto-based parent organization Hudson's Bay Company said on Sunday.
Details of the data breach were first announced Sunday by cybersecurity firm Gemini Advisory. "Based on the analysis of records that are currently available, it appears that all [51] Lord & Taylor and 83 U.S.-based Saks Fifth Avenue locations have been compromised," Gemini Advisory says in a breach alert.
The firm estimates that the breach began in May 2017 and has continued until the present.
Stolen card data first appeared for sale last Wednesday. "On March 28, 2018, a...
