This week, AV-TEST's census of samples of circulating malware that attempt to exploit the Meltdown and Spectre bugs hit 139, up from 77 on January 17.
AV-TEST CEO Andreas Marx says that the different strains of malware mostly contain recompiled versions of the same proof-of-concept code released with the initial report on the bugs.
It doesn't appear that any of the exploits work yet, but it's clear that malware authors are working to actively exploit Meltdown and Spectre.
Early reports suggested that mitigating Meltdown and Spectre would be easy, but in practice, attempts to mitigate the defects have been a catastrophe.
Marx believes different groups are working on the PoC exploits to determine if they can be used for some purpose. “Most likely, malicious purposes at some point,” he said.
The expert believes the current malware samples are still in the “research phase” and attackers are most likely looking for ways to extract information from computers, particularly from web browsers. He would not be surprised if we started seeing targeted and even widespread attacks in the future.
Malware Exploiting Spectre, Meltdown Flaws Emerges [Eduard Kovacs/Securityweek]
Fingerprint locks are catastrophically awful, part LXVII: the software security on the crowdfunded Tapplock "is basically nonexistent" -- the lock broadcasts its own unlock code over Bluetooth, and if you send it back to the lock, it pops open.
A team of computer scientists, psychologists and neuroscientists used eye-tracking and fMRI to measure how users perceived security warnings, such as warnings about app permissions and browser warnings about insecure pages and plugin installations.
Konrad Rieck has data-mined the nine top security conferences, compiling a decade-by-decade list of the papers most often cited in the presentations delivered at these events: top of the pile is Random Oracles are Practical: A Paradigm for Designing Efficient Protocols (Sci-Hub mirror), from the 1993 ACM Conference on Computer and Communications Security. Rieck has […]
The Adobe Creative Cloud is home to a suite of editing tools today’s creatives count on to produce their content. Whether you’re an aspiring photographer, animator, or graphic designer, Adobe’s programs can help you in your creative pursuits, and with the Complete Adobe CC Training Bundle, you can come to grips with six of them for […]
Your pet might be photogenic, but getting them to stare long enough at your camera to snap that Instagram-worthy photo isn’t as simple as telling them to sit. Bribing your pets with their favorite treat, however, might just do the trick, and with the Adjustable Pet Selfie Smartphone Attachment, you can do just that while getting […]
The cybersecurity landscape is changing, and now one of the most effective ways to counter hacking threats is to employ another hacker against them. Commonly referred to as ethical hackers, these professionals use a cybercriminal’s tools against them, checking networks for vulnerabilities and patching them up before they can be exploited. The Certified Ethical Hacker Bootcamp […]