By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

A new Microsoft laboratory at the Delft University of Technology is the latest step towards making quantum computing a reality. The Microsoft Quantum Lab Delft, which was opened today by King Willem-Alexander of the Netherlands, is the culmination of a partnership between Microsoft and QuTech to collaboratively research the building blocks for a quantum computer. Leo Kouwenhoven, Scientific Director of Microsoft Quantum Lab Delft as well as Professor at the Delft University of Technology, stated that “With the opening of this Lab, we see what is possible when business, science, and the government unite.  Together, we have built a world-class laboratory in Delft which will enable us to expedite the development of a revolutionary quantum computer. The Netherlands now has the necessary ingredients to develop the type of computer power that could drastically change humankind’s daily lives – from personalized medicine to the development of new renewable energy sources.” Unlike current classical computers, quantum computers will be able to perform calculations and tasks at a far faster rate and a greater level of complexity than even the most powerful of today’s supercomputers. Harnessing this computational power has the potential to revolutionize society and the world that we inhabit. The opening of the new lab strengthens the Netherlands’ standing in quantum research, while also offering opportunities to other parties to become involved. During the opening, the Netherlands’ Secretary of State Mona Keijzer (Economic Affairs and Climate) stressed that science, industry, and the government should join forces to consolidate this leading position. Full story posted on OUR FORUM.

The vulnerability was published earlier today by a group of researchers at the University of Cambridge, Department of Computer Science and Technology, Rice University, and SRI International. The paper presentation happened at the Network and Distributed System Security Symposium (NDSS) in San Diego, California. It describes a set of vulnerabilities in macOS, FreeBSD, and Linux, “which notionally utilize IOMMUs to protect against DMA attackers.” The issue is related to the Direct Memory Access enabled by Thunderbolt and is not properly presented by the existing IOMMU protection system. In 2016, OS vendors added Thunderclap mitigation measures to their platforms but the measures are not 100% effective and security flaws still impact systems protected using IOMMU. While some platform such as Windows 7 doesn’t even come with IOMMU, on the OSs where it is present IOMMU is either limited (Windows 10 Enterprise), disabled out of the box. The only platform where it is enabled is macOS, but even then the users aren’t safe given that Thunderclap vulnerabilities can still circumvent it. The best way to protect is to make sure you disable all the thunderbolt ports and don’t share publicly available hardware such as chargers as they might be altered to target devices. The best practice to stay safe is to make sure you don’t leave your laptop unattended. Further details can be found on OUR FORUM.

Researchers have discovered a malspam campaign that is distributing a malicious RAR archive that may be the first one to exploit the newly discovered WinRAR ACE vulnerability to install malware on a computer. Last week, Checkpoint disclosed a 19-year-old vulnerability in the WinRAR UNACEV2.DLL library that allows a specially crafted ACE archive to extract a file to the Window Startup folder when it is extracted. This allows the executable to gain persistence and launch automatically when the user next logs in to Windows. As the developers of WinRAR no longer have access to the source code for the vulnerable UNACEV2.DLL library, instead of fixing the bug, they removed the DLL and ACE support from the latest version of WinRAR 5.70 beta 1.  While this fixes the vulnerability, it also removes all ACE support from WinRAR. Unfortunately, this does not help the approximately 500 million users who allegedly have WinRAR installed on their computers and that is exactly what malware developers are banking on. Today, 360 Threat Intelligence Center tweeted that they have discovered an email that was distributing a RAR archive that when extracted will infect a computer with a backdoor. Once the DLL is loaded, the attackers will be able to access your computer remotely, execute commands, and spread to other computers on your network. As we expect to see more malware attempt to exploit this vulnerability, whether it be through malspam or other methods, it is important that you upgrade to the latest version of WinRAR. There's more posted on OUR FORUM.

40.8% of smart homes have at least one device vulnerable to remote attacks, a third of them being vulnerable because of outdated software with unpatched security issues, while more than two-thirds are exposed by weak credentials. The security exposure risk is quite significant considering that roughly 40.3% of all smart households come with at least five devices connected to the Internet. As discovered by Avast, out of all devices exposed directly to the Internet, routers are the ones most targeted because they're the ones which act as a central hub for all other Internet-connected electronics in smart homes. Avast says in their report that "a router that is vulnerable to attack poses a risk for the whole home, much like leaving your front door unlocked. Cybercriminals can redirect compromised routers to access exactly what they want, including phones, computers or any other connected device." "It only takes one weak device to let in a bad hacker and once they are on the network, they can access other devices, and the personal data they stream or store, including live videos and voice recordings," said Avast President Ondrej Vlcek. "Simple security steps like setting strong, unique passwords and two-factor authentication for all device access, and ensuring software patches and firmware updates are applied when available, will significantly improve digital home integrity. Complete details posted on OUR FORUM.

Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack. A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and gain access to accounts at other sites. This type of attack works particularly well against users who use the same password at every site. Intuit also states that the breach was discovered during a security review of its systems in the TurboTax data breach notification which was filed with the Office of the Vermont Attorney General. Following the discovery of the security breach, Intuit decided to temporarily disable the TurboTax accounts which were breached in the credential stuffing attack. TurboTax users who had their accounts temporarily deactivated have to contact Intuit using the company's Customer Care department and say "Security" when prompted, after which Intuit employees will walk them through an identity verification procedure designed to help them reactivate their accounts. More details can be found posted on OUR FORUM.

New York Governor Andrew M. Cuomo stated that a number of state agencies including the Department of State and the Department of Financial Services will investigate Facebook health data acquisition practices exposed by The Wall Street Journal. According to the WSJ report, 11 of the most popular 70 applications from the Apple and Google app stores are sending sensitive personal information of tens of millions of users to Facebook, even when they weren't logged into their Facebook accounts. Governor Cuomo's press release condemns the iOS and Android apps' health data mining behavior recently uncovered by the WSJ, calling it "an outrageous abuse of privacy." However, in a statement sent by a Facebook spokesperson to The Hill, the social network says that the ones that should be under investigation are the app developers who haven't properly configured what data their apps share with the social network's mobile advertising platform. As the Facebook spokesperson said, "Sharing information across apps on your iPhone or Android device is how mobile advertising works and is industry standard practice. The issue is how apps use information for online advertising." Additionally, "We require app developers to be clear with their users about the information they are sharing with us, and we prohibit app developers from sending us sensitive data. We also take steps to detect and remove data that should not be shared with us." More trouble for Facebook visit OUR FORUM for more.

 

GTranslate