On January 10th 2018, Microsoft announced the release of a new product: PowerShell Core 6.0. PowerShell Core is open-source, built on top of .NET Core (CoreCLR) and runs on Windows, macOS, and Linux.
More information is available here.
The tech industry group Wi-Fi Alliance announced the upcoming release of the WPA3 wireless security protocol on January 8th 2018. WPA3 is the future replacement of the WPA2 protocol which was shown to be vulnerable to the Krack attack security flaw in 2017.
Two recently detected security flaws currently named “Meltdown” and “Spectre” are causing Apple, Microsoft, Google, Intel, and others to release security updates to fix any potential problem. The flaws potentially affect all recent computers, smartphones, and tablets that use a CPU performance feature called speculative execution. There is no evidence that the flaws have been exploited at this time. The general recommendation is to download updates for all devices.
Current Apple products may have the security flaws with the exception of the Apple Watch. Apple is continuing to work on updates and released a statement at https://support.apple.com/en-us/HT208394.
Microsoft issued guidance for Windows users, SQL Server, Windows Server, and has updated most of its Azure infrastructure and will continue to do so. Security update KB4056890 also updates Internet Explorer and Edge browsers. Microsoft also issued update KB4056892 for various Windows versions but notes that some AMD processor machines to stop working after installing it.
Google recommended that Chrome users should turn on site isolation. Google also responded with these blog posts:
Mozilla is working on updates and a fix is available in Firefox 57.0.4 version.
Amazon has updated its servers already and will continue to do so.
Intel released a statement as well and is releasing updates. It also reported some systems rebooted more frequently after the updates. AMD also released a statement on their CPUs and speculative execution.
Oracle issued updates for MySQL, Java, PeopleSoft and other products that it maintains.
The CERT Vulnerability Notes Database has logged this issue as Vulnerability Note VU#584653.
eWeek reported that Linux 4.15 was released with Meltdown and Spectre patches and that further patches would be made for this issue.
More information can be found at https://spectreattack.com.
Microsoft announced the release of Microsoft Whiteboard – Preview version for Windows 10. This app allows multiple users to sign into their Microsoft accounts and remotely update a virtual whiteboard to collaborate visually. This app is free to use for any one user with a Windows 10 device. For multiple users, at least one participant must be logged into an Office 365 personal, work, or school account. More details are at products.office.com/en-us/microsoft-whiteboard/digital-whiteboard-app and the FAQ page.
Update: Microsoft Whiteboard app is now generally available for Windows 10 devices at the Microsoft Store, and there is now an iOS version for iPhone and iPad.
Microsoft allows users to take its certification exams remotely as well as at Pearson VUE testing centers by using Online Proctored (OP) Exam Delivery. The user’s computer will have to meet certain system requirements and the user will be monitored remotely by an exam proctor via webcam and microphone.
More information is available at https://www.microsoft.com/en-us/learning/online-proctored-exams.aspx.
Credit Card skimmers can be found at gas station pumps, ATMs or video rental boxes. Most current skimmers target the magnetic strip instead of newer chip technology credit and debit cards. The PIN may also be stolen, so it is safer to use a debit card as a credit card without entering the PIN.
ZDNet reports that the Bluetooth skimmers usually broadcast under the name “HC-05” with password “1234”, or appear with a name consisting of a long string of numbers. To search for potential skimmers, open Settings on your cellphone, enable Bluetooth, and scan for devices.
Skimmer Scanner is an Android app that detects card skimmers and is available at the Google Play Store or at GitHub.