Free Republic

Lenovo, and possibly other PC vendors, is exposed to a UEFI bug that can be exploited to disable firmware write-protection. If the claims made by Dmytro Oleksiuk at Github are correct, an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise.” The reason Oleksiuk believes other vendors are also vulnerable is that the buggy code is inherited from Intel. He writes that the SystemSmmRuntimeRt was copied from Intel reference code.

Motorists on Interstate 95 during the Democratic National Convention should be prepared for weight restrictions and ramp closures. PennDot has outlined what drivers on the interstate should expect before, during and after the DNC, which will be held July 25-28 at the Wells Fargo Center in South Philadelphia. Here's what you need to know: Open to passenger vehicles Like other highways in the area, I-95 will be open to passenger vehicles. No vehicles weighing more than 5 tons Vehicles that weigh more than five tons won't be permitted on I-95 between Exit 13 (for Interstate 76 West/Route 291/Valley Forge) and...

John Kerry called the Istanbul airport attack a sign of desperation on the part of ISIS. The following observations suggest American leaders are the ones desperately clinging to failed strategies.1. Choosing symbolism over substance: Whether or not expressed explicitly, the administration demands uniformity of thought and diversity in appearance. As a result, upwards of 200 military officers have been “purged” for failing to acquiesce to a rudderless national security strategy that, among other things, subjects the military to costly and fruitless social engineering projects. A dangerous future awaits a country that diverts defense spending to that which offers no measurable...

Getting through the line at the TSA can be a long and uncomfortable process. For one Chattanooga teen and her mother, the process turned into a scary nightmare. 19-year-old Hannah Cohen was returning home from St. Jude's Hospital with her mother for treatment of her brain tumor (a trip they had made for 17 years), when Hannah somehow set off the metal detector at the security checkpoint. TSA wanted to do a further scan on Hannah, but she was reluctant. Hannah's mother, Shirley Cohen, tried to inform the agents that her daughter was disabled. She is partially deaf and blind...

Show your ID, take off your shoes, hand over the carry-on and maybe, just maybe, get a pat-down! TSA checkpoints are a hassle travelers have come to accept, but new layers of security could further test your patience.

Microsoft officials said late on June 27 that the new update experience -- with clearer "upgrade now, schedule a time, or decline the free offer" -- will start rolling out this week. Microsoft will also revert to making clicking on the Red X at the corner of the Windows 10 update box dismiss the update, rather than initiate it, as it has done for the past several weeks. Microsoft officials said they are making the change "in response to customer feedback". Update: Here's the full, updated statement from Microsoft about the coming change, attributable to Executive Vice President of Windows...

Hackers are stealing credit card information in Europe with malware that can spoof the user interfaces of Uber, WhatsApp and Google Play. The malware, which has struck Android users in Denmark, Italy and Germany, has been spreading through a phishing campaign over SMS (short message service), security vendor FireEye said on Tuesday. Once downloaded, the malware will create fake user interfaces on the phone as an “overlay” on top of real apps. These interfaces ask for credit card information and then send the entered data to the hacker.

A Donald Trump campaign spokeswoman sparred with a CNN anchor Monday over the process for vetting Syrian refugees, and when the journalist cited a fact-checking website’s assessment of the process the spokeswoman retorted, “We’re not going to base national security off PolitiFact, or even the United Nations.” CNN’s Brianna Keilar questioned Trump spokeswoman Katrina Pierson about how the presumptive Republican candidate would like to change the existing process used to vet refugees ahead of resettlement in the U.S. In doing so, Keilar paraphrased an excerpt from a recent PolitiFact article, which examined Trump’s claim that there was “no system to...

Recent Intel x86 processors implement a secret, powerful control mechanism that runs on a separate chip that no one is allowed to audit or examine. When these are eventually compromised, they'll expose all affected systems to nearly unkillable, undetectable rootkit attacks. I've made it my mission to open up this system and make free, open replacements, before it's too late. The Intel Management Engine (ME) is a subsystem composed of a special 32-bit ARC microprocessor that's physically located inside the chipset. It is an extra general purpose computer running a firmware blob that is sold as a management system for...

A new family of malicious apps, most of which were available on the Google Play Store, all containing malicious codes have been detected by a group of security researchers. The Godless apps are believed to be able secretly to root 90 percent of all Android phones. AntiVirus provider, Trend Micro wrote in a recent blog post that they had discovered a new family of malicious apps. The apps called, Godless, contains a collection of the rooting exploits that can work on any device which is running the Android version 5.1 and below. This means that close to 90 percent of...

Federal Judge Strikes Down Security Buffer Zone for GOP Convention A federal judge found unconstitutional a heightened-security area proposed to surround the Republican National Convention in Cleveland, Ohio on Thursday, saying the 3.5 square mile “event zone” unfairly restricted free speech.

A study from GeoEdge, an ad scanning vendor, reveals that Flash has been wrongly accused as the root cause of today's malvertising campaigns, but in reality, switching to HTML5 ads won't safeguard users from attacks because the vulnerabilities are in the ad platforms and advertising standards themselves. The evidence exists to proclaim Flash as one of today's most vulnerable and insecure software applications. Targeted in cyber-espionage and malvertising campaigns, Flash has gotten a bad reputation, and for a good reason. HTML5 ads are replacing Flash ads in the industry Security researchers have discovered vulnerabilities in Flash almost every month, and...

Federal Judge Throws Out Cleveland’s GOP Convention Security Plan Byron Tau June 23, 2016 1:37 p.m. ET CLEVELAND—A federal judge on Thursday struck down the city of Cleveland’s rules limiting protests during next month’s Republican National Convention, finding the city’s strict security regulations violated the U.S. Constitution. U.S. District Court Judge James Gwin ruled the city’s establishment of a large zone around the July convention site within which protesters’ ability to demonstrate would be strictly limited contravened the Constitution’s guarantees of the freedom of speech and assembly. “Under the First Amendment, I do find that the city hasn't sufficiently, narrowly...

State Department staffers wrestled for weeks in December 2010 over a serious technical problem with then-Secretary Hillary Clinton's home email server, causing them to temporarily disable security features that left the server more vulnerable to hackers, according to emails released Wednesday. Just weeks later, according to previously disclosed emails, hackers attacked the server, forcing Clinton's staff to shut it down. The next day, one of Clinton's closest aides, Huma Abedin, wrote to other high ranking staff: "Don't email hrc (Clinton) anything sensitive. I can explain more in person." The emails were released under court order Wednesday to the conservative legal...

<p>WASHINGTON (AP) -- Newly released emails show State Department staffers wrestled in December 2010 over a serious technical problem with then-Secretary of State Hillary Clinton's home email server. They temporarily disabled security features, which left the server more vulnerable to hackers. Weeks later, hackers attacked the server so seriously it was shut down.</p>

Online backup company Carbonite is the latest firm to have issued a warning that hackers are attempting to break into its users accounts, and are prompting all users to change their passwords as a result. An email has been sent to Carbonite users explaining that the attackers are thought to be using passwords gleaned from other recent mega-breaches. ... Nobody is keen for a hacker to break into their online accounts, but it's especially important when what's being protected by your account is your computer backup. If a hacker were able to gain access to your online backup they could...

Software vendor Citrix is asking all customers to reset their passwords for the GoToMyPC remote access service after it suffered what appears to be a full credentials compromise. In its advisory, Citrix said the GoToMyPC service had "unfortunately" been targeted by "a very sophisticated password attack". Citrix provided no further details of the hack, but apologised "for the frustration this is causing".

Adobe has released an update for Flash that addresses three dozen CVE-listed vulnerabilities. The update includes a fix for the CVE-2016-4171 remote code execution vulnerability that is right now being exploited in the wild to install malware on victims' computers. Adobe is recommending that users running Flash for Windows, macOS, Linux, and ChromeOS update the plugin as quickly as possible, giving the update the "Priority 1" ranking, a designation reserved for flaws that are, according to Adobe, "being targeted, or which have a higher risk of being targeted." Adobe credited security researchers at Cisco Talos, Google Project Zero, FireEye, Microsoft...

Searched in Google for G4S "nuclear power plant" and came back with a list of open slots. What's next? Below is an excerpt from one of the open positions (security officer at a nuclear power plant)... I wonder what they've already filled. The world’s leading private security organization, G4S, has an immediate job opportunity for a Custom Protection Officer. G4S is a security provider for the United States government, fortune 500 companies, nuclear power plants, oil and gas companies, airport, ports, banks, hospitals, factories, warehouses, commercial facilities, residential communities and much more. G4S offers job security, excellent pay and benefits,...

Full title: New Homeland Security Records Reveal Top Officials Were Exempted from Strict Ban Placed on Web-Based Personal Email Accounts Despite Heightened Security Concerns Jeh Johnson granted special waiver on first day of official ban. Practice Continued Even After Clinton Email Revelations. (Washington, DC) – Judicial Watch today announced it obtained 693 pages of Department of Homeland Security records revealing that Secretary Jeh Johnson and 28 other agency officials used government computers to access personal web-based email accounts despite an agency-wide ban due to heightened security concerns. The documents also reveal that Homeland Security officials misled Rep. Scott Perry (R-PA)...