A serious flaw in the Intel Driver Update Utility allows for man-in-the-middle attackers to install malware on user devices. Meanwhile, a Linux kernel vulnerability has been patched. To hear more, just click play!
IT Rewind Featured Stories:
Did our short segment leave you wanting more? Check out the original articles of stories we covered!
, Lucian Constantin, @
Continuum's Must-Read Blog Post This Week
This weekend, news broke that malicious emails requesting payment for licenses were sent in remote management company, Kaseya's, name. This latest security headline is just one of many instances of malware launched through an email phishing scheme. The hackers, who haven't yet been identified, reportedly sent an email with a fake invoice attachment, which once opened, compromises the recipient's device with malware capable of stealing sensitive company data. If you've not yet heard of this latest hack sending tidal waves through the channel, let it serve as a warning. All employees and clients must screen any emails requesting payment for services, even those from a trusted name or company they do business with... Keep reading »
What Else Is New in the IT Channel?
Now that you've seen our top picks for this week, here are some more stories that made the headlines. Have a suggestion for a story that we should cover next week? Let us know by commenting below or tweeting @FollowContinuum or @BenDBarker!
Feds Seek Balance between Privacy and Data Collection
CIO, @, Kenneth Corbin, @
Data center outages:
Companies' Confidence in Their Security Stance Wanes: Cisco Report
eWeek, @, Sean Michael Kerner
Hey everyone welcome back for another edition of IT Rewind. Today is our 64th episode, the same number as former Green Bay Packer, Jerry Kramer. On today’s episode we take a look at an Intel flaw that allowed for possible man in the middle attacks. You’ll hear about this story and more right now on IT Rewind!
An Intel software utility called the “Intel Driver Update Utility” was found to contain a serious flaw that could allow for man in the middle attackers to install malicious malware on user devices. The vulnerability stems from a failure to encrypt HTTP connections that are used to check for driver updates. The tool was designed to provide an easy way to find the latest drivers for chipsets, graphics cards, wireless cards, desktop boards, NUC mini PC’s or the Intel Compute Stick. Since the discovery of the flaw in November, the issue has been fixed and a new version of the tool was released on Tuesday. Those who use the Intel Driver Update Utility are advised to download the latest version immediately.
Another serious vulnerability has been patched, this time involving Linux. The patch is for a critical Linux kernel flaw that affects versions 3.8 and higher and extends to two-thirds of Android devices. The vulnerability exists in the keyring facility, which encrypts and stores login info, encryption keys and certificates. The vulnerability was discovered by a startup called Perception Point. Yevgeny Pats, CEP of Perception Point said, quote – “It’s pretty bad because a user with legitimate or lower privileges can gain root access and compromise the whole machine. With no auto update for the kernel, these versions could be vulnerable for a long time. Every Linux server needs to be patched as soon as the patch is out.” End quote.
Before we go we’d like to give a shout out to Kaeli O’Connell who was featured in this week’s Employee Spotlight. Kaeli is an Interactive Web Marketing Associate here are Continuum and was nominated for her ability to rapidly grow within her team. Do you have a recommendation for next week’s Employee Spotlight? If you know of an employee that has been going above and beyond lately, leave a comment below, or tweet @FollowContinuum using the #EmployeeSpotlight.
That’s all the time that we have for this week’s episode of IT Rewind, As always, read the full stories that we covered today and other tech stories by clicking on the links below.
Of course, you can always find us on Twitter, Instagram and Vine at FollowContinuum. We’re also on Facebook, LinkedIn, Spiceworks, YouTube and Periscope.
Take it easy.
Don't let your clients or employes fall victim to a malware attack!