Microsoft today issued Vulnerability-related.PatchVulnerability an emergency security update to correct Vulnerability-related.PatchVulnerability a security update it issued Vulnerability-related.PatchVulnerability earlier this month to correct Vulnerability-related.PatchVulnerability a security update it issued Vulnerability-related.PatchVulnerability in January and February . In January and February , Redmond emitted Vulnerability-related.PatchVulnerability fixes for Windows 7 and Server 2008 R2 machines to counter Vulnerability-related.PatchVulnerability the Meltdown chip-level vulnerability in modern Intel x64 processors . Unfortunately , those patches blew Vulnerability-related.PatchVulnerability a gaping hole in the operating systems : normal applications and logged-in users could now access and modify any part of physical RAM , and gain complete control over a box , with the updates installed . Rather than stop programs and non-administrators from exploiting Meltdown to extract Attack.Databreach passwords and other secrets from protected kernel memory , the fixes on Windows 7 and Server 2008 R2 instead granted full read-write privileges to system RAM . Roll on March , and Microsoft pushed out Vulnerability-related.PatchVulnerability fixes on Patch Tuesday to correct Vulnerability-related.PatchVulnerability those January and February updates to close Vulnerability-related.PatchVulnerability the security vulnerability it accidentally opened . Except that March update did n't fully seal Vulnerability-related.PatchVulnerability the deal : the bug remained in Vulnerability-related.DiscoverVulnerability the kernel , and was exploitable by malicious software and users . Total Meltdown Now , if you 're using Windows 7 or Server 2008 R2 and have applied Vulnerability-related.PatchVulnerability Microsoft 's Meltdown patches , you 'll want to grab and install Vulnerability-related.PatchVulnerability today 's out-of-band update for CVE-2018-1038 . Swedish researcher Ulf Frisk discovered Vulnerability-related.DiscoverVulnerability the January and February Meltdown mitigations for Win7 and Server 2008 R2 were broken , and went public Vulnerability-related.DiscoverVulnerability with his findings once the March Patch Tuesday had kicked off . As it turns out , this month 's updates did not fully fix Vulnerability-related.PatchVulnerability things , and Microsoft has had to scramble to remedy Vulnerability-related.PatchVulnerability what was now a zero-day vulnerability in Windows 7 and Server 2008 . In other words , Microsoft has just had to put out Vulnerability-related.PatchVulnerability a patch for a patch for a patch . Hardly inspiring stuff , but we suppose the old Microsoft adage remains true – never trust a Redmond product until version three at the earliest . On the other hand , writing kernel-level memory management code is an absolute bastard at times , so you have to afford the devs some sympathy .

Users of the Guardian ’ s Soulmates dating site have been getting spammed with smut after the site leaked Attack.Databreach their contact information . The UK-based Guardian newspaper ’ s publisher , which runs the service , is blaming “ human error ” and a third-party technology provider for the leak , which has now been fixed . According to the BBC , the site — which charges users up to £32 ( $ 41.50 ) per month — said that only email addresses and user IDs had been exposed Attack.Databreach directly . But that information can be used to dig out more from public profiles , said the company , including photos , relationship preferences and physical descriptions . Here ’ s a statement the publisher sent to The Register : We can confirm we have received 27 enquiries from our members which show evidence of their email addresses used for their Soulmates account having been exposed Attack.Databreach . We take matters of data security extremely seriously and have conducted thorough audits of all our internal systems and are confident that no outside party breached any of these systems . Our ongoing investigations point to a human error by one of our third party technology providers , which led to an exposure Attack.Databreach of an extract Attack.Databreach of data . This extract Attack.Databreach contained only members ’ email addresses and user ID which can be used to find members ’ publicly available online profiles . We have taken appropriate measures to ensure this does not happen again , and we continue to review our processes and third party suppliers . Nonetheless , we apologise to our members who were affected . If any of our members are concerned we encourage them to contact us on support @ guardiansoulmates.com . One user who contacted the BBC said they ’ d starting receiving sexually explicit spam , laced with information from their Soulmates profile , in November . The user , who works in IT , said they weren ’ t completely surprised . Things like this can happen with online services . But they were still a bit taken aback , given that they hadn ’ t used the site for several years and they were no longer paying the membership fee . That user told the BBC that they had contacted Soulmates six months ago , concerned about what other information might have been breached Attack.Databreach . Another user who reached out to the BBC said that in spite of the breached information being public , it still felt “ creepy ” to see it lifted from the confines of the dating site : It ’ s all information that I was happy to put online at one point anyway , but when it ’ s used outside of context like that it does feel a lot more creepy . We don ’ t have details on the identity of the third-party tech provider , or where , exactly , in the setup the door was left open . At any rate , if it is indeed the fault of a third party , this is just the latest example of how contractors can be the weak link in your security chain . It doesn ’ t matter how strict your own cybersecurity is if one of your contractors isn ’ t up to scratch . As we ’ ve noted before , everyone we do business with , share data with , outsource operations to , sell things to or buy things from forms a part of our own security chain . A breach at any point in the chain can have an impact on the privacy and integrity of our data . As for those Soulmates users now afflicted with sexually explicit spam , our sympathies . It ’ s hard enough to find true love . Who needs the heartache of trying , and failing , to keep your data out of the hands of e-jerks ? We ’ ve passed out plenty of advice to avoid online dating fraud , but none of that applies here , given that you ’ re certainly not at fault in this one . Do be careful of that spam , though . Be it lascivious or as pure as a spring lamb , it ’ s still spam , and that stuff often goes hand in hand with malware . Don ’ t click !

Users of the Guardian ’ s Soulmates dating site have been getting spammed with smut after the site leaked Attack.Databreach their contact information . The UK-based Guardian newspaper ’ s publisher , which runs the service , is blaming “ human error ” and a third-party technology provider for the leak , which has now been fixed . According to the BBC , the site — which charges users up to £32 ( $ 41.50 ) per month — said that only email addresses and user IDs had been exposed Attack.Databreach directly . But that information can be used to dig out more from public profiles , said the company , including photos , relationship preferences and physical descriptions . Here ’ s a statement the publisher sent to The Register : We can confirm we have received 27 enquiries from our members which show evidence of their email addresses used for their Soulmates account having been exposed Attack.Databreach . We take matters of data security extremely seriously and have conducted thorough audits of all our internal systems and are confident that no outside party breached any of these systems . Our ongoing investigations point to a human error by one of our third party technology providers , which led to an exposure Attack.Databreach of an extract Attack.Databreach of data . This extract Attack.Databreach contained only members ’ email addresses and user ID which can be used to find members ’ publicly available online profiles . We have taken appropriate measures to ensure this does not happen again , and we continue to review our processes and third party suppliers . Nonetheless , we apologise to our members who were affected . If any of our members are concerned we encourage them to contact us on support @ guardiansoulmates.com . One user who contacted the BBC said they ’ d starting receiving sexually explicit spam , laced with information from their Soulmates profile , in November . The user , who works in IT , said they weren ’ t completely surprised . Things like this can happen with online services . But they were still a bit taken aback , given that they hadn ’ t used the site for several years and they were no longer paying the membership fee . That user told the BBC that they had contacted Soulmates six months ago , concerned about what other information might have been breached Attack.Databreach . Another user who reached out to the BBC said that in spite of the breached information being public , it still felt “ creepy ” to see it lifted from the confines of the dating site : It ’ s all information that I was happy to put online at one point anyway , but when it ’ s used outside of context like that it does feel a lot more creepy . We don ’ t have details on the identity of the third-party tech provider , or where , exactly , in the setup the door was left open . At any rate , if it is indeed the fault of a third party , this is just the latest example of how contractors can be the weak link in your security chain . It doesn ’ t matter how strict your own cybersecurity is if one of your contractors isn ’ t up to scratch . As we ’ ve noted before , everyone we do business with , share data with , outsource operations to , sell things to or buy things from forms a part of our own security chain . A breach at any point in the chain can have an impact on the privacy and integrity of our data . As for those Soulmates users now afflicted with sexually explicit spam , our sympathies . It ’ s hard enough to find true love . Who needs the heartache of trying , and failing , to keep your data out of the hands of e-jerks ? We ’ ve passed out plenty of advice to avoid online dating fraud , but none of that applies here , given that you ’ re certainly not at fault in this one . Do be careful of that spam , though . Be it lascivious or as pure as a spring lamb , it ’ s still spam , and that stuff often goes hand in hand with malware . Don ’ t click !

Researchers from the University of Negvu have developed a way in which hackers can extract Attack.Databreach data from a victim ’ s computer using the LED lights displayed on their router . They can do so using a malware named xLED , as reported by JPost . The Cyber Security Research Center at the Ben-Gurion University of the Negvu which is located in Israel have come up with a way to hack into a user ’ s computer and steal Attack.Databreach vital data in the form of LED lights that are displayed on a router . Essentially , the operation would require a specially crafted malware named xLED which will need to be installed on a router in order to hack a victim . That is , the router needs to have a security flaw so as to allow the hacker to install the malware in the first place . It can also be possible if a flawed firmware has been installed in the router , thus making it easier for the attacker to break through the device . Once the malware is installed , the data can be exfiltrated Attack.Databreach in the binary form represented by the blinking of lights . Hence , when the light is off , it will represent a zero while when it is on , it will represent a one . A video recording device can be used to capture the blinking pattern and utilized to steal Attack.Databreach vital information that is being transmitted through the router . The device can be anything from a recording drone to a CCTV camera . As long as the camera captures the blinking lights , the data being transmitted can be easily stolen Attack.Databreach . The researchers indicated that since the rate of exfiltration Attack.Databreach of data depends upon the number of LEDs being present on a router , it goes without saying that the more number of LEDs on a router , the more amount of data can be exfiltrated Attack.Databreach at any one time . Furthermore , the researchers tested various video-recording setups to see which is the most efficient and found out that the method involving Optical Sensors was the best . This is because it received data at a higher rate and was able to sample the LED lights more quickly than any other methods . Primarily , a data exfiltration Attack.Databreach rate of 1000 bit/sec per LED was achieved using Optical Sensors . Although the researchers indicated that the method is the most effective one to steal Attack.Databreach a large amount of data , they , however , stated that since the method involves installing malware on a router , a number of other techniques can be used to extract Attack.Databreach data anyway . This is because once the malware is already on the router , there are other ways in which attackers can directly intercept Attack.Databreach the data being transmitted without the need of any video recording devices .

Researchers from the University of Negvu have developed a way in which hackers can extract Attack.Databreach data from a victim ’ s computer using the LED lights displayed on their router . They can do so using a malware named xLED , as reported by JPost . The Cyber Security Research Center at the Ben-Gurion University of the Negvu which is located in Israel have come up with a way to hack into a user ’ s computer and steal Attack.Databreach vital data in the form of LED lights that are displayed on a router . Essentially , the operation would require a specially crafted malware named xLED which will need to be installed on a router in order to hack a victim . That is , the router needs to have a security flaw so as to allow the hacker to install the malware in the first place . It can also be possible if a flawed firmware has been installed in the router , thus making it easier for the attacker to break through the device . Once the malware is installed , the data can be exfiltrated Attack.Databreach in the binary form represented by the blinking of lights . Hence , when the light is off , it will represent a zero while when it is on , it will represent a one . A video recording device can be used to capture the blinking pattern and utilized to steal Attack.Databreach vital information that is being transmitted through the router . The device can be anything from a recording drone to a CCTV camera . As long as the camera captures the blinking lights , the data being transmitted can be easily stolen Attack.Databreach . The researchers indicated that since the rate of exfiltration Attack.Databreach of data depends upon the number of LEDs being present on a router , it goes without saying that the more number of LEDs on a router , the more amount of data can be exfiltrated Attack.Databreach at any one time . Furthermore , the researchers tested various video-recording setups to see which is the most efficient and found out that the method involving Optical Sensors was the best . This is because it received data at a higher rate and was able to sample the LED lights more quickly than any other methods . Primarily , a data exfiltration Attack.Databreach rate of 1000 bit/sec per LED was achieved using Optical Sensors . Although the researchers indicated that the method is the most effective one to steal Attack.Databreach a large amount of data , they , however , stated that since the method involves installing malware on a router , a number of other techniques can be used to extract Attack.Databreach data anyway . This is because once the malware is already on the router , there are other ways in which attackers can directly intercept Attack.Databreach the data being transmitted without the need of any video recording devices .