Security News

Meta bridges 2D and 3D with Crayta

Plus, Adobe patches 46 flaws and Australia mandates the “Essential Eight”.

Meta CEO Mark Zuckerberg announced last week that user-generated tools like Crayta will help bridge the 2D gaming experiences on Facebook with the 3D world of the metaverse. Meta acquired Crayta last year when it bought Unity 2 Games. The company has since beefed up the user-generated content tool so that it renders in the cloud. “Historically, if you wanted to have something like this run in this high quality of a 3D environment, that would be really hard to render in a browser or on phones, but being able to do it with cloud infrastructure and then send it down across the network after having already rendered it in the cloud is a pretty big advance,” said Zuckerberg during the announcement, where he joined Crayta creators in-game to rebuild a facsimile of Meta’s campus courtyard. For more on this story, see VentureBeat

Adobe patches 46 flaws

At least 46 flaws are covered in the new batch of patches pushed out by Adobe for this month’s Patch Tuesday. Adobe warned of critical code execution flaws that could expose both Windows and macOS users to malicious hacker attacks. The most serious of the flaws affect Adobe Animate, Adobe Bridge, Adobe Illustrator, Adobe InCopy, and Adobe InDesign. The company said it has seen no evidence yet that any of the bugs were exploited in zero-day attacks. For more details on the individual patches, see SecurityWeek

Telegram monitors groups in Brazil for misinformation

With elections looming in October, the president of the Brazilian Supreme Electoral Court met this month with Telegram’s Vice President Ilya Perekopsky to discuss initiatives that would staunch the flow of misinformation on the social media site. Perekopsky announced that posts identified as lacking context or containing possibly false information will be flagged as potential sources of misinformation and would be forwarded to Telegram’s fact-checking channels for analysis. Telegram users will also be able to flag and report potentially false content themselves. If the information proves to be verified, it will then be published. For more on this, see ZDNet

Hertzbleed uses DVFS to steal encryption keys

Researchers have discovered a new vulnerability that could allow remote attackers to obtain cryptographic keys and other secret data from microprocessors built by Intel, AMD, and other companies. The bug allows for a form of a power-analysis attack, which is when hackers extract cryptographic data from a chip by measuring the power it consumes while processing those values. Researchers found that power-analysis attacks can be performed as side-channel exploits when attackers use the dynamic voltage and frequency scaling (DVFS) to deduce the changes in power consumption by monitoring the time it takes for a server to respond to specific carefully made queries. The researchers have dubbed the exploit “Hertzbleed” because it uses DVFS insights to “bleed out” the data. For more on this, see Ars Technica

Australian government mandates the “Essential Eight”

The Australian Cyber Security Center (ACSC) published a set of eight objectives in 2017, called the Essential Eight, designed to help organizations protect themselves from cybersecurity incidents. Initially, the Australian government only mandated that companies adhere to four of the security controls in the first objective, but starting this month, all non-corporate Commonwealth entities in the country are required to comply with the entire framework. The eight objectives include application control, patching applications, configuring Microsoft Office macro settings, using application hardening, restricting administrative privileges, patching operating systems, implementing multi-factor authentication, and creating regular backups. For more details, see The Hacker News

This week’s must-read on the Avast blog 

With the recent findings from our Digital Wellbeing Report, we remain committed to not only helping people stay safe and free online, but also researching and reporting on how everyone's online life can be improved.