---

Researchers Develop New Side-Channel Attacks on Intel CPUs

Load Value Injection (LVI) takes advantage of speculative execution processes just like Meltdown and Spectre, say security researchers from Bitdefender and several universities.

---

Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu

SMB vulnerability is currently not patched, but now everyone knows it's there.

---

Popular ThemeREX WordPress Plugin Opens Websites to RCE

The bug has been under active attack as a zero-day.

---

Microsoft Patches Over 100 Vulnerabilities

Patch Tuesday features several remote code execution flaws in Microsoft Word.

---

Bitsight and Microsoft Disrupt Necurs Botnet

But roughly 2 million infected systems remain in the wild, and infected systems could be reactivated at any time.

---

Expiration Date Extended for PTS POI v.3 Devices

 

Due to supply-chain disruptions related to the coronavirus, the PCI Council has extended the expiration date for PIN Transaction Security Point-of-Interaction (PTS POI) version 3 devices from April 30, 2020 to April 30, 2021.

---

Firefox Bug Opens iPhone AirPods to Third-Party Snooping

Mozilla Foundation snuffs out bugs with the introduction of Firefox 74 and ESR 68.6.

---

High-Severity Flaws Plague Intel Graphics Drivers

Intel patched six high-severity flaws in its graphics drivers, as well as other vulnerabilities in its NUC firmware, and a load value injection vulnerability that could allow attackers to steal sensitive data.

---

3 Tips to Stay Secure When You Lose an Employee

Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.

---

Microsoft orchestrates coordinated takedown of Necurs botnet

Microsoft and partners in 35 countries move to bring down Necurs, today's largest malware botnet.

---

Paradise Ransomware Variant Hides in Office IQY Files

The uncommon Internet Query file format lets attacks slip past defenses to effectively break into target networks.

---

Intel CPUs vulnerable to new LVI attacks

Researchers say Intel processors will need another round of silicon chip re-designs to protect against new attack.

---

Flaw in popular VPN service may have exposed customer data

NordVPN praised its bug bounty program and said that a fix had been shipped within two days

The post Flaw in popular VPN service may have exposed customer data appeared first on WeLiveSecurity

---

What Should I Do About Vulnerabilities Without Fixes?

With better tools that identify potential threats even before developers address them, a new problem has arisen.

---

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io, a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. Kirill V. Firsov was arrested Mar. 7 after arriving at New York's John F. Kennedy Airport, according to court documents unsealed Monday. Prosecutors with the U.S. District Court for the Southern District of California allege Firsov was the administrator of deer.io, an online platform that hosted more than 24,000 shops for selling stolen and/or hacked usernames and passwords for a variety of top online destinations.

---

How Network Metadata Can Transform Compromise Assessment

Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret

---

Avast AntiTrack certificate bug allowed others to snoop on your online activities

The vulnerability opened up PCs to browser hijacking and more.

---

Over 80% of Medical Imaging Devices Run on Outdated Operating Systems

New data on live Internet of Things devices in healthcare and other organizations shines a light on security risks.

---

Variant of Paradise Ransomware Targets Office IQY Files

Threat actors can easily infiltrate networks because attacks evade detection by typical security protections.

---

Keys to Hiring Cybersecurity Pros When Certification Can't Help

There just aren't enough certified cybersecurity pros to go around -- and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.