F-Secure researchers have demonstrated a way to exploit Intel's Active Management Technology that enables them to bypass BIOS and BitLocker passwords. Exploitation could let an attacker take control of a device quickly (in "under thirty seconds").
IOActive and Embedi have identified one-hundred-forty-seven vulnerabilities in thirty-four mobile applications that are widely used to interact with industrial control systems.
AMD yesterday revised its estimate of how susceptible its chips are to Spectre. The company now believes they're severely affected by both Spectre vulnerabilities. AMD promises to make a patch available as soon as possible.
Intel, Microsoft, and other vendors continue to work on fixing Spectre and Meltdown. The performance penalty the patches will impose is now becoming clearer: troublesome, but less alarming than initially feared.
Security experts expect Fancy Bear to continue to make itself felt during the present Olympiad. Doxing in retaliation for drug disqualifications is thought unlikely to be the end of it.
Google ejects more malign apps from the Play Store. One, a phony Telegram app, is a spamming tool. The others—some sixty—are infected with "AdultSwine" malware that serves up indecent, graphic ads to, among others, children.
Monero miners are being installed in unpatched Oracle WebLogic servers.
Responding to public and official concerns, Facebook and Google continue to experiment with content moderation.
The US Congress considers legislation that would bar Federal contractors from using Huawei equipment.
EU officials say companies could have been fined under GDPR for Spectre and Meltdown if they'd come to light this May.