Security News











             CISA Cuts Deadline For Patching Critical Weaknesses In Half - Time is of the essence in
             cybersecurity, and a new Homeland Security binding operational directive shortens the timeline for
             agencies to patch known weaknesses in their systems. Homeland Security’s Cybersecurity and
             Infrastructure Security Agency issued the binding directive Tuesday ordering agencies to enable
             access for the department’s automated vulnerability scans and to fix critical weaknesses within 15
             days. A previous binding directive issued in 2015 required agencies to patch known critical
             weaknesses within 30 days. CISA—then called the National Protection and Programs Directorate—
             coordinated this process with the National Cybersecurity and Communications Integration Center,
             which sends weekly reports governmentwide about recently discovered vulnerabilities. Once those
             vulnerabilities are identified, the new directive recodifies the 30-day remediation window for high
             vulnerabilities but gives a shorter timeframe—15 days—to patch critical weaknesses.
                    Source: https://www.nextgov.com/cybersecurity/2019/05/cisa-cuts-deadline-patching-
                    critical-weaknesses-half/156683/


             New secret-spilling flaw affects almost every Intel chip since 2011 - Security researchers have
             found a new class of vulnerabilities in Intel chips which, if exploited, can be used to steal sensitive
             information directly from the processor. The bugs are reminiscent of Meltdown and Spectre, which
             exploited a weakness in speculative execution, an important part of how modern processors work.
             Speculative execution helps processors predict to a certain degree what an application or operating
             system might need next and in the near-future, making the app run faster and more efficient. The
             processor will execute its predictions if they’re needed, or discard them if they’re not.
             “ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to
             effectively exploit design flaws rather than injecting malicious code. Intel said ZombieLoad is made
             up of four bugs, which the researchers reported to the chip maker just a month ago. Although no
             attacks have been publicly reported, the researchers couldn’t rule them out nor would any attack
             necessarily leave a trace, they said.
                    Source: https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/

             New research: How effective is basic account hygiene at preventing hijacking - Every day, we
             protect users from hundreds of thousands of account hijacking attempts. Most attacks stem from
             automated bots with access to third-party password breaches, but we also see phishing and
             targeted attacks. Earlier this year, we suggested how just five simple steps like adding a recovery
             phone number can help keep you safe, but we wanted to prove it in practice. Our research shows
             that simply adding a recovery phone number to your Google Account can block up to 100% of
             automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during
             our investigation.

                    Source: https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html











                                                    www.accumepartners.com
                                                                                                                      5