BF-SIRT Newsletter 2018-11

AMD Vulnerabilities

This week, CTS-Labs sent out an advisory regarding AMD Vulnerabilities.
What’s worth noting about this is that the vulnerabilities all require local administrator access to exploit, and if an attacker already got that access it means that it’s basically game over in either case. There are also concerns that this was done in order to manipulate stock prices, and the fact that CTS-Labs only gave AMD a one day heads up before going public (instead of the regular 30 – 90 days) have set off red flags for some parties.

 

Top 5 Security links
Let’s have a sober look at these ‘ere annoying AMD chip security flaws
APT Hackers Infect Routers to Covertly Implant Slingshot Spying Malware
ISPs Caught Injecting Cryptocurrency Miners and Spyware In Some Countries
Pre-Installed Malware Found On 5 Million Popular Android Phones
Update Samba Servers Immediately to Patch Password Reset and DoS Vulnerabilities