It was discovered and reported on by Cisco. It has infected over 500.000 devices from Linksys, MikroTik, Netgear, TP-Link and QNAP. It can listen to traffic, fully brick the router in question, scan for SCADA systems and receive other payloads. It also survived reboots, however the FBI put a stop to that by seizing their C&C server.
It's called "Speculative Store Bypass", or Variant 4. Fixes are underway but are expected to slow down performance.
They'll instead only show something when the site is insecure rather than secure. First the 'secure' text will disappear, then the green padlock will be phased out.
Can't comment anything really except a slow clap. It only applies to Office 365 though, not Office 2016 and others.
The issues were discovered during a year-long project by Chinese researchers, the same that previously discovered vulnerabilities in Tesla. They are complex to exploit but can be chained together to completely take over a vehicle.
They created (and open-sourced) a tool where PM's and devs can enter what they're about to make and receive a customised checklist of security and privacy related items. Reported security bugs went down as adoption went up. Pretty neat.
Very nice and thorough checklist of things to be mindful off when developing secure web applications.
A nice little walk down memory lane where someone describes from start to finish what made Stuxnet, the worm that targeted Iran's nuclear facilities, so impressive.
The availability of web applications is critical nowadays, more than ever. But it's also at risk because of very complex application-level denial of service attacks. Read this guide that highlights the different DoS techniques used so you know what to look for.
Fleetsmith is a fantastic solution for keeping your macOS devices managed and secure. If you sign up today you can manage 10 devices for free, and Fleetsmith's new zero-touch deployment allows you to ship devices without needing IT to set up WiFi and other apps.