Connect with us


Apple, Google, And Microsoft Started Protecting You From ZombieLoad Threat



Although the security issue in intel chips aren't something to be worried about, it's still wise to get the latest update. Explain why it's not a threat that you need to panic.List manufacturers and how to get the update

If you’re reading this from a PC, or at least own one, odds are you’re affected by this problem and it’s best that you update yours immediately.

Big tech companies like Apple, Google, Amazon, Microsoft, and Mozilla have all made patches available to address a security flaw that is currently present in Intel chips dating back to 2011. Apparently, the flaw named ZombieLoad can leak sensitive personal information that’s supposedly stored safely in your computers like passwords, secret keys, and account tokens and private messages.

However, security researchers have said that the threat is something the general public shouldn’t worry about. At least not yet.

According to reports, research on the specific function that hackers can exploit to retrieve data from your PCs is relatively new. Basically, there’s hardly any information about it; that serious threat can easily be mitigated right now with security patches and the like.

Moreover, in order to access your PC, hackers need to have a specific set of skills, knowledge, and effort if they want to push through with trying to get into your computer through ZombieLoad.

In general, there still are easier ways to snoop around your computer other than the latest security flaw that’s posing as a threat. At the time of writing, there weren’t any known reports of any breaches in user security. But nonetheless, it’s still wise to get the latest security patch that manufacturers have started to roll out.


Apple included fixes for ZombieLoad in their latest macOS Mojave 10.14.15 and Security Update 2019-003 for Sierra and High Sierra and the rest of the MacBooks made available after 2011. Though, users should not notice a significant decrease in performance.

However, only a limited number of Macs made from 2009 to 2010 can install the security updates since some of which cannot support the fixes due to a lack of microcode tech from Intel.

For users who believe that they are at high risk from the security vulnerabilities presented, Apple has published that they can opt to disable their hyper-threading processing technology to fully mitigate ZombieLoad bugs. However, they also included that users who opt to install the full version of the security update should expect a decrease in performance up to 40%. They state that “actual results will vary based on the model, configuration, usage, and other factors.”

Instructions in installation and more information here.


Google has also started rolling out their version of security patches on the ZombieLoad threat but still can’t cater to all devices under its platform.

Primarily, not all Google devices use Intel technology. So those are relatively safe against the problem at hand. Secondly, Google says that “the issue has been mitigated in many Google products (or wasn’t an issue in the first place). In some instances, users and customers may need to take additional steps to ensure they’re using a protected version of a product.” Meaning, some further security updates that users can opt for would be required manually.

Meanwhile “for systems running Android on Intel-based Chrome OS devices, updates are handled by Chrome OS,” and “Intel-based systems that are not Chrome OS devices, users should contact their device manufacturer for available updates.”


For Windows updates under Microsoft, the tech giant says that they are pushing updates on their own through updates. These are for both operating software and cloud. But nonetheless, they are available on their website.

For devices using Microsoft apps, they should download updates from their device manufacturers.

Moreover, Microsoft released this alongside their post:

Customers should take the following actions to help protect against the vulnerabilities:

1. Apply all available Windows operating system updates, including the monthly Windows security updates.
2. Apply the applicable firmware (microcode) update that is provided by the device manufacturer.
3. Evaluate the risk to your environment based on the information that is provided on Microsoft Security Advisories: ADV180002ADV180012ADV190013 and information provided in this Knowledge Base article.
4. Take action as required by using the advisories and registry key information that are provided in this Knowledge Base article.

Manufacturers listed above are some of the biggest tech companies who have rolled out their mitigation and security updates. It can be expected that all Intel-based devices would have rolled out as soon as possible.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Are Hackers Friends Of Crypto Industry Or Are They Enemies?

Hackers have been paid more than $30,000 for exposing and fixing security issues in crypto companies but at the same time, hackers are also the reason why some of them lose money. Click To Tweet



Hackers have been paid more than $30,000 for exposing and fixing security issues in crypto companies but at the same time, hackers are also the reason why some of them lose money.
Hackers have been paid by crypto companies to fix bugs. Photo: Christoph Scholz | Flickr | CC BY-SA 2.0

The unregulated universe of cryptocurrencies have found its unlikely allies among hackers in solving systemic problems and fixing bugs, a report reveals.

Crypto companies including crypto exchanges have paid a lump sum of at least $32,150 to different white-hat hackers by fixing the security flaws in popular crypto and blockchain platforms such as TRON, Brave, EOS, and Coinbase.

The data revealed that 15 blockchain and crypto-related firms had made hefty payments as rewards to security researchers between March 28 and May 16. The said rewards were made concerning 30 publicly-released bug reports during the entire duration.

Among all the companies who had the security threats, Omise, the software firm behind cryptocurrency OmiseGo, need the most fixes with six disclosed bugs and security issues. Blockchain-powered prediction market Augur disclosed three reports, as did Brave Software, makers of the Brave browser, which features its own native token.

Crypto and blockchain technology has since been criticized by different financial institutions for being volatile and vulnerable to technology and cyber crimes, making the technology not conducive to become a working technology. It only makes sense that in time when they need help the most, white-hat hackers and security researchers are there to help them – for a price.

According to the study, he payment varies depending on the severity of the bug. They adjust their HackerOne rewards depending on how easy or difficult it is for the white-hat hacker to reolve a security issue. For instance, majority of Omise’s disclosed security flaws were only worth around $100 each, there are other payments that amounted to a lot more, the study suggests.

Both, the company that owns the EOS “blockchain,” and budding network Aeternity paid one hacker with more than $10,000 for a single issue that the hacker paid. TRON also paid $3,100 to the researcher who realized the network was susceptible to being flooded with malicious smart contracts, something thatcould jeopardize the future of the company.

Most of cryptocurrency companies and blockchain firms, just like other tech-based companies, have set up a reward or bounty system that would pay anyone that can point out any form of security issue in their systems; a bigger reward is also provided to those who can fix them.

While hackers who decided to use their skills to improve the technology stratosphere are increasing in number steadily, they could at any time decide to use their skills to exploit the vulnerabilities they have discovered for bigger take home money.

Just like how last week, cryptocurrency exchange Binance announced that hackers had successfully stolen 7,000 BT (then $40 million, now $55 million) from its own wallets.

Similarly crypto exchange company Cryptopia announced last week that the company is going into liquidation following the attack that lost the company millions of dollars worth of crypto money in January.

According to a blockchain data analytics firm, their investigation allowed them to estimate the loss caused by the cyber attack to be as much as $16 million in ether and ERC-20 tokens. While the company has restarted their trading services in March, no one is still certain of the actual damages that the cyber attacked caused the company. Until now, the company is still recovering from the aftermath of the breach and still having banking issues.

According to the liquidation firm, Grant Thornton, since the damages caused by the hacking was too “severe” and has impacted the company massively in terms of trade, and amidst the effort of its management to regain composure by reducing costs and returning the business to profitability, they have decided that liquidation is the best option for the company and all stakeholders moving forward.

It is still unclear whether or not Cryptopia is running its own bounty program but coincidentally, Binance has a bounty reward of $100,000 for anyone who can solve the mystery of their stolen crypto money, but until now, the perpetrator is still at large and unidentified.

“At Binance, the security of our users is our number one priority. As such, we strive to provide the most secure platform possible. We will evaluate reported security issues based on the security impact to our users and the Binance ecosystem.”

In the end, the question still remains: Are hackers friends of the crypto industry or are they the enemy?

Continue Reading


Cloud Computing Drives Taiwan & HK Organizations To Encrypt Data As “Employee Mistakes” Are The #1 Data Security Threat

Rising trend in cloud computing seen as the key driver of organizations setting up encryption strategies in Hong Kong and Taiwan. Click To Tweet



Rising trend in cloud computing seen as the key driver of organizations setting up encryption strategies in Hong Kong and Taiwan.
Cloud Computing. Photo: Jane Boyko | Flickr | CC BY 2.0

Erring employees are the most prolific cause of data breaches and not cyber attacks by hackers in Hong Kong and Taiwan, according to businesses, an independent cybersecurity study reveals.

According to a study conducted by nCipher Security, a B2B applications provider, nearly half of the organization in Hong Kong and Taiwan cite “employee mistakes” as their biggest data security threat. 48% of the organization from the study said that their employees’ mistakes are more likely the case when a data breach happens; only 22% cite external hackers and 17% cite malicious hackers.

The data was revealed by 2019 Hong Kong and Taiwan Encryption Trends study from the Ponemon Institute. The annual review is conducted to capture how organizations, businesses, and institutions around the world are dealing with “compliance, increased threats, and the implementation of encryption to protect their business-critical information and applications.”

With the acknowledgment that human error is most likely to cause a data breach, nCipher says, and the prevalence of data breaches and data security issues around the world, organizations in both Hong Kong and Taiwan have started to realize the value of protecting themselves from data security breaches through data encryption.

“With corporate data breaches making headlines globally, encryption is vital in protecting data by making it unreadable to anyone other than those holding the corresponding encryption key,” reads a press release by nCipher.

A hopeful future awaits most of the organizations globally, with 45% of the respondents to the said study said that their organizations have a comprehensive and holistic encryption plan applied throughout their entire business. The trend was also observed to be continuously rising. However, the study notes that only 39% of organizations in both Hong Kong and Taiwan already have an encryption plan already in place; this is of direct contrast to Germany, which at 67% has the highest number of organization with encryption strategy being implemented.

“Organizations are under relentless pressure to protect their business-critical information and applications, but the proliferation of data, concerns around data discovery and policy enforcement, together with lack of cybersecurity skills makes this a challenging environment,” notes Michael Tai, head of sales, Greater China at nCipher Security.

But it is still not late for Hong Kong and Taiwan to catch up with implementing encryption policies throughout their industries as an overwhelming number of organizations have recognized the importance of protecting customer information and their intellectual property. Seventy-four percent of respondents see protecting customer personal information a priority – highest among all the regions surveyed and is 20% higher than the global average.

The most common type of data encrypted by organizations in Hong Kong and Taiwan is employee or human resources data (63%) and intellectual property (53%). The least common type of data to be encrypted is healthcare information (17%), which is 7% below the global average.

Furthermore, Hong Kong and Thailand leads the world in cloud adaptation with 80% of respondents either currently using cloud computing services or planning to do so within the year. This is another reason, nCipher says, that organizations in both Asian countries are driven to have a robust data security policy and to implement a sound encryption strategy.

“Enterprises are increasingly turning to cloud environments to help them save time and money. While these technologies are digitally transforming businesses, there are potential security risks associated with them,” says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

“Consequently the use of encryption to protect cloud data in Hong Kong and Taiwan is high just as it is elsewhere around the globe. Encryption usage is a clear indicator of a strong security posture. Organizations that deploy encryption are more aware of threats to sensitive and confidential information and making a greater investment in IT security.”

However, amidst the recognition of the need for encryption plans, organization cite data discovery as the most common factor that stops them from setting up encryption systems. Other factors cited by the respondents include classifying which data to encrypt and the ease of time with deploying encryption technologies.

“nCipher empowers customers by providing a high assurance security foundation that ensures the integrity and trustworthiness of their data, applications and intellectual property,” added Tai, encouraging organizations to treat data security as a priority and set up their data encryption systems.

Continue Reading


Hackers-For-Hire Are Ineffective And Expensive, Google Study Says

Researchers from Google and University of California said that hackers-for-hire services are frauds and expensive. They also said that they are not threats to individual accounts. Click To Tweet



Researchers from Google and University of California said that hackers-for-hire services are frauds and expensive.
Researchers says they are not threats to individual Google accounts. Photo: Richard Patterson | Flickr | CC BY 2.0

Researchers from Google have yet again found a new and compelling reason why people should not hire hackers online, even if their offers are enticing enough for some people to fall for. New research published last week by Google, and researchers from the University of California, San Diego reveals that hackers-for-hire services available online are scams and ineffective.

The research methodology includes contracting 27 hacking services, and as expected, a considerable chunk of them did not respond to the inquiries made by the researchers, while 12 of them responded but never actually attempted to launch an attack. The researchers noted that only five service providers ended up launching assaults against the test Gmail accounts.

“Using unique online buyer personas, we engaged directly with 27 such account hacking service providers and asked them with compromising victim accounts of our choosing,” researchers said.

“These victims, in turn, were ‘honey pot’ Gmail accounts, operated in coordination with Google, and allowed us to record key interactions with the victim as well as with other fabricated aspects of their online persona that we created (e.g., business web servers, email addresses of friends or partner).”

Additionally, out of the 12 who responded to the inquiries of the researchers, nine of them have said that they are no longer working in the hacking business and it turned out that the rest are straight up scams.

The services offered online was said to be charged between $100 and $500 and interestingly, none of the service providers used automated tools for the attacks that they promise their clients.

The attacks are instead involving social engineer, with the hackers using spear-phishing techniques to target attacks for each intended victim. Researchers highlighted that while some of the hackers have asked them for information about the intended victims of the supposed attacks, others didn’t even bother and chose to employ a “re-usable email phishing templates.”

Interestingly, one of the five hackers who ended up launching an attack to the test Gmail account tried to infect the victim with malware rather than straightforwardly phish for account credentials. Once the malware infected email was opened and the malware installed in the victim’s system, the hacker will have virtual remote control of the entire system and would have been able to recover passwords and authentication cookies from local browsers.

Another hacker was able to bypass two-factor authentication ((2FA), the safety mechanism that requires the account holder to use another verification process independent from password authentication such as through a code sent to the connected SMS number in the account. Researchers reveal that the hacker was able to direct the decoy victim to a spoofed Google login page and successfully scraped for both passwords as well as SMS coded while effectively checking the validity of both in real time.

The hacker, says the researchers, who know that he needs to bypass a 2FA actually (and usually) double his prices citing the complexity of the task. An increase in the prices for hacking Gmail accounts have been observed to grow throughout the years with $125 per account in 2017 to $400 today. Researchers posit that the improved security protocol causes the price hike by Google.

“As a whole, however, we find that the commercialized account hijacking ecosystem is far from mature,” the research team said. “We frequently encountered poor customer service, slow responses, and inaccurate advertisements for pricing.

“Further, the current techniques for bypassing 2FA can be mitigated with the adoption of U2F security keys,” they added.

In the end, the researchers concluded that while there are capable hackers, most of those who offer hacking services are either ineffective or just plain frauds. As a consequence, they said that ignoring scam sites, they didn’t view hacker-for-hire services as an actual danger for user accounts. The researchers cited high prices for hacking each account and the low quality of services the service providers provide as reasons.

“However, despite the ability to successfully deliver account access, the market exhibited low volume, poor customer service, and had multiple scammers. As such, we surmise that retail email hijacking has yet to mature to the level of other criminal market segment,” the researchers wrote in their study’s abstract.

Continue Reading

Today’s Latest

Our Voices

Apple2 days ago

Privacy-Centered Web Browsers, A Marketing Strategy?

[bctt tweet="Privacy is a great thing to invest in, but the moment it becomes a selling point rather than an...

Silicon Valley Silicon Valley
Our Voice4 days ago

How Tech Companies Affect Communities In Places They Call ‘Home’

Tech companies are today’s driving forces in the economic world, mostly because of the introduction of the Internet. It allows...

We reviewed RingCentral's VoIP offers We reviewed RingCentral's VoIP offers
Our Voice1 week ago

RingCentral VoIP Review

VoIP has had a significant shift from a technology exclusively used by the early adopters or hobbyist to a widely...

April Fools April Fools
Our Voice2 months ago

April Fools Jokes Aren’t Just “Jokes”

April Fools is undoubtedly a fun day, exceptionally if you have crafted the most elaborate prank on your friends and...

Facebook Facebook
Facebook2 months ago

Facebook Should Do Better At Processing Community Standard Violations, And They Should Do It Fast

A few months ago, I saw a photo of myself used by another Facebook account with a “R.I.P. (Rest in...

With reports of artists committing harassments, should you separate the art from the artist? With reports of artists committing harassments, should you separate the art from the artist?
Our Voice2 months ago

Supporting Problematic Artists And Their Arts, An Opinion

As the world becomes swarmed by reports of famous artists – musicians, comedians, actors, painters – being alleged or in...

How to regulate facial recognition without possible risks How to regulate facial recognition without possible risks
Our Voice2 months ago

Ethical Regulation Of ‘Facial Recognition’ Is A Shared Responsibility

There is an ongoing discussion both in online and offline spaces regarding the growth of facial recognition technology and its...

Solving Data Breachs, must focus on SMBs Solving Data Breachs, must focus on SMBs
Cybersecurity2 months ago

Data Breach Epidemic: Solving The Problem In SMBs Will Solve The Problem For All

In the last two weeks, we’ve witnessed a vast amount of data breaches and information leaks, and the issue has...

Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects
Our Voice2 months ago

We Agree To PM Ardern Of Keeping Christchurch Murderer Nameless, And The Media Should Listen

In the wake of Christchurch mosques shooting in New Zealand that killed 50 people at two mosques, the shooter is...

Apple Anti-Snooping Paten Apple Anti-Snooping Paten
Apple2 months ago

Apple vs. Police Authorities; A Cold War Against iPhone’s Anti-Snooping Patent

To protect its customers from hackers and illegal surveillance, Apple is developing an anti-snooping technology that would impede police and...

Fighting misinformation over measles outbreak Fighting misinformation over measles outbreak
Our Voice3 months ago

An Epidemic: Measles Or Misinformation?

2018 was the year when people started asking the question: ‘should I get my child vaccinated?’ Most people answered yes,...

Join us as we delve into the future of the VoIP industry Join us as we delve into the future of the VoIP industry
Our Voice3 months ago

Take A Look At The Predicted Future Of The VoIP Industry

For the past 20 years, VoIP has become an integral part of the lives of millions of people around the...

Contact Center Solutions Contact Center Solutions
Business3 months ago

Choose The Right Call Center And The Best Contact Center Solutions of 2019

The Ins And Outs Of Business Communication Management For your business to exist in today’s world, you must know how...

Instagram poses as a threat to some of the world's most famous location Instagram poses as a threat to some of the world's most famous location
Our Voice3 months ago

How Instagram Corrupts Famous Locations In The World

Is Instagram corrupting the beauty of breathtakingly beautiful locations and sucking all the joy out of traveling? With the era...

How one can earn crypto How one can earn crypto
Our Voice4 months ago

Ways To Earn Cryptocurrency

Cryptocurrency is one of the growing medium for exchange in most countries as it offers a more convenient and safer...

Ending Payday Loans Ending Payday Loans
Our Voice4 months ago

Can We End Payday Loans?

We can’t neglect the fact that debt is one of the pressing problems in the country, especially in today’s economy....

How will 5G change our lives -- Our Voice How will 5G change our lives -- Our Voice
Our Voice4 months ago

Jumping From 4G To 5G: Here’s What 5G Can Do For You

One of the most awaited advancements in technology is the cellular industry. With its monthly updates on software, model and...

VoIP vs Traditional Telephones: Cost Factors to consider VoIP vs Traditional Telephones: Cost Factors to consider
Our Voice4 months ago

What are the cost factors of VoIP?

In the next few years, we might be saying goodbye to traditional telephone systems in exchange for Voice over Internet...

Manufacturing Firms Investment on Technology Manufacturing Firms Investment on Technology
Our Voice5 months ago

Manufacturing Firms are Investing More on Technology

Based on the recent research on how manufacturing companies are coming up in the market industry, they have been increasing...

How to properly take Technology Innovation in companies How to properly take Technology Innovation in companies
Our Voice5 months ago

Technology innovation in companies—for the better or the worse?

Technology has significantly impacted both homes and workplaces in the last years. As much as we want to keep our...