Davey Winder’s Security Spotlight – part 3

We present you with a fresh bulletin from NetReporter Senior Contributor Davey Winder. Davey is one of the leading global authorities on cybersecurity issues. A Senior Contributor to forbes.com and many leading IT magazines, Davey is the only three-time winner of the ‘Security Journalist of the Year’ award.

Davey Winder, cybersecurity writer

 

August has been predictably unpredictable for me. Not only have we torrential rain and scorching hot weather in West Yorkshire where my office is based, but a second ‘local’ lockdown is also in place. You might say that the cybersecurity stories perking my interest over this fortnight have been equally out of the ordinary.

 

Without doubt the two biggest, and somewhat unexpected, stories I’ve written have been about the BootHole secure boot vulnerability and a Qualcomm Snapdragon smartphone chip bug.

 

BootHole I’m taking a slight liberty with as I published that story on July 29, but it’s too big not to mention here. Why so? Well, if I tell you the headline for my breaking news article was “‘BootHole’ Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10”, that should give you some idea. Security researchers from Eclypsium discovered the bootloader vulnerability, affecting most every laptop, desktop and server around. Virtually every Linux distro, almost every Windows device using Secure Boot since Windows 8 as well.

 

As for the smartphone story, oh boy that was another big one and I broke it hours before anyone else which was nice. If you own an Android smartphone I hope you are sitting down for this one. Check Point researchers found more than 400 code section vulnerabilities in the Qualcomm Snapdragon digital signal processor (DSP) chip found in almost every Android smartphone, around 40% of the world’s total smartphones in fact. The consequences of a successful exploit could be threefold: spying, data theft and device bricking.

 

So, that’s the big ones out of the way, how about the rest? Well, my inner Sheldon Cooper always goes into ‘Bazinga’ mode when there’s a chance to write about quantum key distribution. Throw in the fact that this QKD story also included lasers and outer space and, well, you’ve guessed the rest. Read about the scrappy space startup taking quantum security into space here.

 

Do you still use Windows 7? Not as silly a question as many appear to think it is. After all, approximately a quarter of all desktop and laptops, by market share, are running the long since end-of-life operating system. Which is a problem, and even the FBI is telling people to stop using it now. I added a little spice into the soup by explaining how it’s still possible to get an upgrade to Windows 10 free of charge through Microsoft, even though the official offer expired along with the year 2016.

 

And finally, and most recently as I write, I’ve published the odd tale of how Google called out Microsoft over a Patch Tuesday fix that, erm, didn’t. Which could be problematical for enterprises as it’s a Windows local security authority subsystem service (LSASS) elevation of privilege vulnerability that has the potential to give a remote attacker a network enterprise authentication pass.

 

I’ll be back at the end of the month, it can’t get any more odd out there, can it?

Recent Posts

Categories

Share on facebook
Share on twitter
Share on email
Share on linkedin