By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.

Today Intel announced two new additions to the 8th Gen Intel® Core™ processor family: The U-series (formerly code-named Whiskey Lake) and Y-series (formerly code-named Amber Lake) are optimized for connectivity in thin, light laptops and 2 in 1s for the first time, while also providing ultimate mobile performance and long battery life. Intel says the new 8th Gen Intel Core U-series and Y-series processors raise the bar for connectivity, performance, entertainment, and productivity for today’s laptops and 2 in 1s. The 8th Gen Intel Core U-series processors bring integrated Gigabit Wi-Fi to thin and light mainstream laptops for the first time, delivering up to 12-times1 faster connectivity speeds. They also offer up to 2-times better performance, compared with a 5-year-old PC, and double-digit gains in office productivity for everyday web browsing and light content creation over the previous generation. “The new 8th Gen Intel Core processors extend once again our leadership in delivering exceptional performance. Now with Gigabit Wi-Fi, we’ve enabled faster PC connectivity, added more intuitive voice experiences and enabled longer battery life needed for the next wave of mobile computing,” said Chris Walker, vice president of the Client Computing Group and general manager of Intel Mobile Client Platform. 8th Gen Intel Core Y-series processors also deliver fast connectivity options, including fast Wi-Fi and LTE capabilities with unprecedented performance, to the some of the thinnest and lightest laptops and 2 in 1s in the market with double-digit gains in performance compared with the previous generation6, enabling fresh innovations in sleek and compact form factor designs with extended battery life. Both the U-series and Y-series processors have new and improved platform capabilities for more intelligent interactions with PCs, such as support for multiple voice services on the U-series and refinements to improve natural input options like touch and stylus for the Y-series. Full details posted on OUR FORUM.

According to reports, a security researcher has discovered an unpatched vulnerability in the Windows 10 operating system. The security researcher reportedly revealed the vulnerability on Twitter. It’s a zero-day flaw that exists in Windows 10 and it could allow an attacker to gain system privileges on an affected computer, according to CERT/CC vulnerability analyst Phil Dormann. The vulnerability was disclosed in a tweet by @SandboxEscaper and the account has been removed. It appears that vulnerability exists in task scheduler on Windows 10 but there’s no easy way to exploit the security flaw. The successful exploitation of the vulnerability requires the user to download a malicious app on a machine. “Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges,” the advisory reads. “Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. A local user may be able to gain elevated (SYSTEM) privileges.” “A local user may be able to gain elevated (SYSTEM) privileges,” the advisory explains. Another report claims that the patch for the said vulnerability may land soon. There’s a chance that Microsoft will deploy updates to address this vulnerability on next Patch Tuesday, which takes place on September 11. For more stop by OUR FORUM.

Current versions of Ubuntu and CentOS are disabling a security feature that was added to the GNOME desktop environment last year. The feature's name is Bubblewrap, which is a sandbox environment that the GNOME Project added to secure GNOME's thumbnail parsers in July 2017, with the release of GNOME 3.26. Thumbnail parsers are scripts that read files inside a directory and create thumbnail images to be used with GNOME, KDE, or other Linux desktop environments. This operation takes place every time a user navigates to folders, and the OS needs to display thumbnails for the files contained within. In recent years, security researchers have proven that thumbnail parses can be an attack vector when hackers trick a user into downloading a boobytrapped file on their desktop, which is then executed by the thumbnail parser. It's for this reason that the GNOME team added Bubblewrap sandboxes for all GNOME thumbnail parser scripts last year. But according to German security researcher and journalist Hanno Boeck, the Ubuntu operating system is disabling Bubblewrap support inside GNOME for all recent OS versions. Furthermore, Google security researcher Tavis Ormandy also discovered that GNOME Bubblewrap sandboxes were also missing in the default version of CentOS 7.x. But there's a valid explanation for what Ubuntu is doing, according to Alex Murray, Ubuntu Security Tech Lead at Canonical. Murray says the Ubuntu team opted to disable GNOME's Bubblewrap because they did not have the time and resources to audit the feature. Learn more by visiting OUR FORUM.

Google security researchers have revealed this week that the immensely popular Fortnite Android app is vulnerable to so-called man-in-the-disk (MitD) attacks. This vulnerability allows low-privileged malicious apps already installed on a users' phone to hijack the Fortnite app's installation process and install other malicious apps that have a higher permissions level. Epic Games, the Fortnite game developer, has released version 2.1.0 that patches this attack vector. The concept of man-in-the-disk attacks has been recently detailed in more depth by security researchers from Israel-based cyber-security firm Check Point. In a simplified explanation, MitD attacks are possible when an Android app stores data on External Storage mediums, outside its highly-secured Internal Storage space. An attacker can watch a specific app's External Storage space and tamper with the data stored in this storage space because this space is shared by all apps. The Fortnite app is vulnerable to this attack because the app does not contain the actual game, but is merely an installer. Once users install the app, this installer uses the device's External Storage space to download and install the actual game. "Any app with the WRITE_EXTERNAL_STORAGE permission can substitute the APK immediately after the download is completed and the fingerprint is verified. "Any app with the WRITE_EXTERNAL_STORAGE permission can substitute the APK immediately after the download is completed and the fingerprint is verified. This is easily done using a FileObserver. The Fortnite Installer will proceed to install the substituted (fake) APK," a Google researcher wrote in a bug report recently made public.Complete details are posted on OUR FORUM.

Millions of mobile devices from eleven smartphone vendors are vulnerable to attacks carried out using AT commands, a team of security researchers has discovered. AT (ATtention) commands or the Hayes command set, is a collection of short-string commands developed in the early 1980s that were designed to be transmitted via phone lines and control modems. Different AT command strings can be merged together to tell a modem to dial, hang up, or change connection parameters. Unknown to the common user is that modern smartphones include a basic modem component inside them, which allows the smartphone to connect to the Internet via its telephony function, and more. While international telecommunications bodies have standardized basic AT commands, dictating a list that all smartphones must support, vendors have also added custom AT command sets to their own devices —commands which can control some pretty dangerous phone features such as the touchscreen interface, the device's camera, and more. In massive and groundbreaking research, a team of eleven scientists from the University of Florida, Stony Brook University, and Samsung Research America, have looked into what types of AT commands are currently supported on modern Android devices. The research team analyzed over 2,000 Android firmware images from eleven Android OEMs such as ASUS, Google, HTC, Huawei, Lenovo, LG, LineageOS, Motorola, Samsung, Sony, and ZTE. They say they discovered that these devices support over 3,500 different types of AT commands, some of which grant access to very dangerous functions. Videos and more are posted on OUR FORUM.

T-Mobile USA announced a security breach late last night. The company says its cyber-security team discovered and shut down unauthorized access to its customers' data on Monday, August 20. The telco says an attacker was exfiltrating personal data such as customer names, billing ZIP codes, phone numbers, email addresses, account numbers, and account types (prepaid or postpaid). T-Mobile said the hacker (or hackers) did not gain access to passwords, social security numbers, or any financial information. Impacted customers will receive an SMS, letter in the mail, or a phone call to notify them. The US telco says it informed law enforcement authorities about the breach. A T-Mobile spokesperson told Motherboard that less than 3% of its customer base was affected. T-Mobile reported 75.62 million customers at the end of Q2 2018. That would put the breach at around 3.9 million customers, still, a considerable number. As some T-Mobile users have pointed out, even if the hackers did not get their hands on any financial data or passwords, the breach makes it easier for the attacker to port  (SIM swap) numbers. More details posted on OUR FORUM.