Cloak & Dagger is a new class of potential attacks affecting Android devices. These attacks allow a malicious app to completely control the UI feedback loop and take over the device — without giving the user a chance to notice the malicious activity. These attacks only require two permissions that, in case the app is installed from the Play Store, the user does not need to explicitly grant and for which she is not even notified. Our user study indicates that these attacks are practical. These attacks affect all recent versions of Android (including the latest version, Android 7.1.2), and they are yet to be fixed.

Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time …

White hat hackers have made the first proof of concept for malware that locks a smart thermostat and demands a ransom.

In Windows it is possible to configure two different methods that determine whether an application should be allowed to run. The first method, known as blacklisting, is when you allow all applications to run by default except for those you specifically do not allow. The other, and more secure, method is called whitelisting, which blocks every application from running by default, except for those you explicitly allow.

The current tests of antivirus software for Android from March 2017 of AV-TEST, the leading international and independent service provider for antivirus software and malware.

There's two things that don't get mentioned much with this issue.

1. There's a second bug that allows non-root local users to provision AMT. "An unprivileged local attacker could provision manageability features"[1]

2. Access to AMT allows you to boot a recovery image, mount local drives, and do whatever you like with the included remote KVM.[2][3]

So, even if this is turned off, there are issues to address. If it's on, they have control of the whole machine, remotely. It's as bad as it can get.

Patch for severe authentication bypass bug won’t be available until next week.

Something similar has happened with Transmission's download DMGs being replaced on their servers [1] (twice! [2]) in recent memory.

With recent chipsets, Intel offers a mechanism called Active Management Technology (Intel AMT, part of the “vPro”* featureset, specifically the Intel Management Engine) which, Intel says,“allows IT or managed service providers to better discover, repair, and protect their networked computing assets”. This means somebody can control devices remotely, even when powered off—what is officially called out-of-band system access.

me_cleaner is a tool to remove as much code as possible from an Intel ME/TXE/SPS image.

If you did not know, built into all modern Intel-based platforms is a small, low-power computer subsystem called the Intel Management Engine (ME). It performs various tasks while the system is in sleep mode, during the boot process, and also when your system is running.

Completely and permanently (unless you re-install it) disable Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability on Windows. These are components of the Intel Management Engine firmware.

Every Intel platform from Nehalem to Kaby Lake has a remotely exploitable security hole. SemiAccurate has been begging Intel to fix this issue for literally years and it looks like they finally listened.

Update May 1, 2017 # 3:35pm: Intel just confirmed it, but not to SemiAccurate. You can read their advisory here.

The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware. If this isn’t scary enough news, even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network. For the moment. From what SemiAccurate gathers, there is literally no Intel box made in the last 9+ years that isn’t at risk. This is somewhere between nightmarish and apocalyptic.