Drupal Releases Security Updates

Original release date: February 21, 2018

Drupal has released an advisory to address multiple vulnerabilities in Drupal 7.x and 8.4.x. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information.

NCCIC/US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.57 or 8.4.5.


This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Issues Alert on Increase in W-2 Phishing Campaigns

Original release date: February 21, 2018

The Internet Crime Complaint Center (IC3) has issued an alert on the increase in W-2-related phishing campaigns. Fraudsters often use tax-related phishing emails to get victims to provide personally identifiable information, click on a malicious link, or pay a ransom.

NCCIC/US-CERT encourages taxpayers to review the IC3 Alert and refer to the NCCIC/US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of a phishing campaign, report it to IC3 at www.ic3.gov


This product is provided subject to this Notification and this Privacy & Use policy.


Intel ships (hopefully stable) microcode for Skylake, Kaby Lake, Coffee Lake

Enlarge / Intel Core i9 X-series Skylake X. (credit: Intel)

Intel reports that it has developed a stable microcode update to address the Spectre flaw for its Skylake, Kaby Lake, and Coffee Lake processors in all their various variants.

The microcode updates help address Spectre variant 2 attacks. Spectre variant 2 attacks work by persuading a processor's branch predictor to make a specific bad prediction about which code will be executed. This bad prediction can then be used to infer the value of data stored in memory, which, in turn, gives an attacker information that they shouldn't otherwise have. The microcode update is designed to give operating systems greater control over the branch predictor, enabling them to prevent one process from influencing the predictions made in another process.

Intel's first microcode update, developed late last year, was included in system firmware updates for machines with Broadwell, Haswell, Skylake, Kaby Lake, and Coffee Lake processors. But users subsequently discovered that the update was causing systems to crash and reboot. Initially, only Broadwell and Haswell systems were confirmed to be affected, but further examination determined that Skylake, Kaby Lake, and Coffee Lake systems were rebooting, too.

Read 3 remaining paragraphs | Comments

Intel ships (hopefully stable) microcode for Skylake, Kaby Lake, Coffee Lake

Enlarge / Intel Core i9 X-series Skylake X. (credit: Intel)

Intel reports that it has developed a stable microcode update to address the Spectre flaw for its Skylake, Kaby Lake, and Coffee Lake processors in all their various variants.

The microcode updates help address Spectre variant 2 attacks. Spectre variant 2 attacks work by persuading a processor's branch predictor to make a specific bad prediction about which code will be executed. This bad prediction can then be used to infer the value of data stored in memory, which, in turn, gives an attacker information that they shouldn't otherwise have. The microcode update is designed to give operating systems greater control over the branch predictor, enabling them to prevent one process from influencing the predictions made in another process.

Intel's first microcode update, developed late last year, was included in system firmware updates for machines with Broadwell, Haswell, Skylake, Kaby Lake, and Coffee Lake processors. But users subsequently discovered that the update was causing systems to crash and reboot. Initially, only Broadwell and Haswell systems were confirmed to be affected, but further examination determined that Skylake, Kaby Lake, and Coffee Lake systems were rebooting, too.

Read 3 remaining paragraphs | Comments