Select Page
NetSpectre – New Remote Spectre Attack Steals Data Over the Network

NetSpectre – New Remote Spectre Attack Steals Data Over the Network

A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system.

Dubbed “NetSpectre,” the new remote side-channel attack, which is related to Spectre variant 1, abuses speculative execution to perform bounds-check bypass and can be used to defeat address-space layout randomization on the remote system.

If you’re unaware, the original Spectre Variant 1 flaw (CVE-2017-5753), which was reported earlier this year along with another Spectre and Meltdown flaws, leverages speculative stores to create speculative buffer overflows in the CPU store cache.

images from Hacker News

Google Bans Cryptocurrency Mining Android Apps From the Play Store

Google Bans Cryptocurrency Mining Android Apps From the Play Store

Following Apple’s lead in banning cryptocurrency mining apps, Google has also updated its Play Store policy this week to ban apps that mine cryptocurrencies on users’ devices in the background.

However, there are countless cryptocurrency mining apps, including MinerGate, AA Miner, NeoNeonMiner, and Crypto Miner, still available on the Play Store.

Cryptocurrency mining is not a new concept, but the technology has recently been abused in the past year after hackers found it a great way to make millions of dollars by hijacking PCs to secretly mine cryptocurrency in the background without their users’ knowledge or consent.

Due to this practice, cryptocurrency mining has emerged as one of the biggest threats, raising negative sentiments towards this alternative revenue scheme, and big tech giants like Apple and Google took strict measures to put restrictions on such apps.

images from Hacker News

Apple Transfers Chinese Users’ iCloud Data to State-Controlled Data Centres

Apple Transfers Chinese Users’ iCloud Data to State-Controlled Data Centres

There’s terrible news for Apple users in China.

Apple’s Chinese data center partner has transferred iCloud data, belonging to 130 million China-based users, to a cloud storage service managed by a state-owned mobile telecom provider—raising concerns about privacy.

Back in February this year, Apple moved the encryption keys and data of its Chinese iCloud users from its US servers to local servers on Chinese soil to comply with the new regulation of the Chinese government, despite concerns from human rights activists.

images from Hacker News

Microsoft Releases PowerShell Core for Linux as a Snap Package

Microsoft Releases PowerShell Core for Linux as a Snap Package

Microsoft’s love for Linux continues…

Microsoft has released its command-line shell and scripting language PowerShell Core for Linux operating system as a Snap package, making it easier for Linux users to install Microsoft PowerShell on their system.

Yes, you heard me right.

Microsoft has made PowerShell Core available to the Ubuntu Snap Store as a Snap application.

PowerShell Core is a cross-platform version of Windows PowerShell that is already available for Windows, macOS, and Linux OS and has been designed for sysadmins who manage assets in hybrid clouds and heterogeneous environments.

images from Hacker News

Google Launches ‘Data Transfer Project’ to Make it Easier to Switch Services

Google Launches ‘Data Transfer Project’ to Make it Easier to Switch Services

A lot of new online services are cropping up every day, making our life a lot easier.

But it is always harder for users to switch to another product or service, which they think is better because the process usually involves downloading everything from one service and then re-uploading it all again to another.

Thanks to GDPR—stands for General Data Protection Regulation, a legal regulation by European Union that sets guidelines for the collection and processing of users’ personal information by companies—many online services have started providing tools that allow their users to download their data in just one click.

But that doesn’t completely simplify and streamline the process of securely transferring your data around services

images from Hacker News