Posts

Showing posts from August, 2019

Intel, IBM, Google, Microsoft & others join new security-focused industry group

Image
  New Confidential Computing Consortium will promote the use of TEEs (trusted execution environments). Some of the biggest names in the cloud and hardware ecosystem have agreed to join a new industry group focused on promoting safe computing practices. Founding members include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent. Named the  Confidential Computing Consortium , this industry group's goals will be to come up with strategies and tools to accelerate the adoption of "confidential computing." By confidential computing, the group is referring to hardware and software-based technical solutions for isolating user data inside a computer's memory while it's being processed, to avoid exposing it to other applications, the operating system, or other cloud server tenants. The easiest way of supporting confidential computing practices is through the use of  trusted execution environments (TEEs) , also known as enclaves. These a

Citrix Managed Desktops moves into general availability

Image
  The Desktop as a Service offering simplifies the delivery of Windows apps and desktops from Azure to devices. Citrix Managed Desktops  will be generally available on August 26, Citrix said Tuesday. The desktop-as-a-service offering simplifies the delivery of Microsoft Windows apps and desktops from Microsoft Azure to devices.  Compared with  Citrix Virtual Apps and Desktops , Citrix Managed Desktop is designed to offer a "turnkey service" for any organization, regardless of their size or IT expertise. Customers can provision Windows-based applications and desktops from the cloud to any device, and the service can be purchased on a monthly or term basis.  It's designed to streamline provisioning for internal or external users, such as a contract or seasonal workers, or to scale virtual desktops to respond to changing demands, like an influx of workers from an acquisition. Users should be able to easily integrate Azure-hosted virtual desktops with on-premises Active Direc

This new cryptojacking malware uses a sneaky trick to remain hidden

Image
  'Norman' cryptomining malware was found to have infected almost every system in one organisation during an investigation by security researchers. A newly-discovered form of  cryptocurrency-mining malware  is capable of remaining so well-hidden that researchers investigating it found that it had spread to almost every computer at a company that had become infected. Dubbed 'Norman' due to references in the backend of the malware, the cryptojacker has been detailed by cybersecurity researchers at Varonis. The Monero-cryptomining campaign was uncovered after Varonis' security platform spotted suspicious network alerts and abnormal file activity on systems within organisations that had reported unstable applications and network slowdown. Cryptojacking malware exploits the processing power of an infected computer to mine for cryptocurrency – which can cause the system to slow down, even to the point of becoming unusable. Researchers found that several variants of crypto

Apple offers $1 million if you can hack an iPhone

Image
  The iPhone-maker will also began offering a 50 percent bonus for bugs discovered in Apple’s pre-release builds. Tech giant Apple has confirmed that the company is offering hackers $1 million reward if they manage to hack into their iPhones and explain to the tech how they did it. The bounty was announced by the company at the annual Black Hat hacker convention in Las Vegas last week. It is said to be the biggest ever payout by the iPhone-maker. Apple had rolled out its bug bounty programme in 2016 with rewards up to $200,000 for finding vulnerabilities on the iOS platform which would let an attacker gain full control of the device, without needing the user’s consent. Expanding its bug bounty program to all Apple’s platforms such as iOS, iCloud, iPadOS, macOS, tvOS andwatchOS Apple’s $1 million reward is five times larger than the previous one and is open to everyone. However, those wanting to win the top prize must note that that the prize will be given only for the very specific hac

Google discovered several iPhone security flaws, and Apple still hasn’t patched one

Image
  A further five vulnerabilities were patched last week Google security researchers have discovered a total of six vulnerabilities in Apple’s iOS software, one of which the iPhone manufacturer has yet to successfully patch. Tech News reports  that the flaws were discovered by two Google Project Zero researchers, Natalie Silvanovich and Samuel Groß, and five of them were patched with  last week’s iOS 12.4 update , which contained several security fixes. All of the vulnerabilities discovered by the researchers are “interactionless,” meaning they can be run without any interaction from a user, and they exploit a vulnerability in the iMessage client. Four of them (including the as-yet-unpatched vulnerability) rely on an attacker sending a message containing malicious code to an unpatched phone and can execute as soon as a user opens the message. The remaining two rely on a memory exploit. Details of the five patched bugs have been published online, but the final bug will remain confidentia